Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Ywhazhugqk.exe

Overview

General Information

Sample name:Ywhazhugqk.exe
Analysis ID:1538492
MD5:bea6e941101fb3363365814b7b6b3d39
SHA1:678e1305f8161f43e155271f785fd763352c45c2
SHA256:102dd967bc6aaa2d90be034c3b484cd7d001942e8f79c214675f74f5ed8cdea3
Tags:exeuser-lowmal3
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Yara detected AntiVM3
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Drops VBS files to the startup folder
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Enables debug privileges
One or more processes crash
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • Ywhazhugqk.exe (PID: 6820 cmdline: "C:\Users\user\Desktop\Ywhazhugqk.exe" MD5: BEA6E941101FB3363365814B7B6B3D39)
    • InstallUtil.exe (PID: 1472 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
      • WerFault.exe (PID: 6204 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 1016 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000001.00000002.1626321797.00000000055A0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000001.00000002.1611726069.0000000002BDC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      Process Memory Space: Ywhazhugqk.exe PID: 6820JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        Process Memory Space: Ywhazhugqk.exe PID: 6820JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
          Process Memory Space: InstallUtil.exe PID: 1472JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            SourceRuleDescriptionAuthorStrings
            1.2.Ywhazhugqk.exe.55a0000.5.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

              Data Obfuscation

              barindex
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\Ywhazhugqk.exe, ProcessId: 6820, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CanTransformMultipleBlocks.vbs
              No Suricata rule has matched

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: Ywhazhugqk.exeAvira: detected
              Source: C:\Users\user\AppData\Roaming\CanTransformMultipleBlocks.exeAvira: detection malicious, Label: TR/Dropper.Gen
              Source: C:\Users\user\AppData\Roaming\CanTransformMultipleBlocks.exeReversingLabs: Detection: 50%
              Source: Ywhazhugqk.exeReversingLabs: Detection: 50%
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
              Source: C:\Users\user\AppData\Roaming\CanTransformMultipleBlocks.exeJoe Sandbox ML: detected
              Source: Ywhazhugqk.exeJoe Sandbox ML: detected
              Source: Ywhazhugqk.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: Ywhazhugqk.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.00000000007B6000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: HPko8C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2851220900.0000000000538000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\InstallUtil.pdbpdbtil.pdb}| source: InstallUtil.exe, 00000002.00000002.2851755776.000000000081C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\symbols\exe\InstallUtil.pdb` source: InstallUtil.exe, 00000002.00000002.2851755776.00000000007FB000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb0% source: InstallUtil.exe, 00000002.00000002.2851755776.000000000081C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: @wo.pdb source: InstallUtil.exe, 00000002.00000002.2851220900.0000000000538000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Ywhazhugqk.exe, 00000001.00000002.1622422495.0000000003D17000.00000004.00000800.00020000.00000000.sdmp, Ywhazhugqk.exe, 00000001.00000002.1627988516.0000000006360000.00000004.08000000.00040000.00000000.sdmp, Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Ywhazhugqk.exe, 00000001.00000002.1622422495.0000000003D17000.00000004.00000800.00020000.00000000.sdmp, Ywhazhugqk.exe, 00000001.00000002.1627988516.0000000006360000.00000004.08000000.00040000.00000000.sdmp, Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256}Lq source: Ywhazhugqk.exe, 00000001.00000002.1627308912.0000000005850000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.00000000007B6000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: Ywhazhugqk.exe, 00000001.00000002.1627308912.0000000005850000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb0 source: InstallUtil.exe, 00000002.00000002.2851755776.00000000007B6000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\System.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.000000000081C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.000000000081C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\dll\System.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.000000000081C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: ?woC:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2851220900.0000000000538000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: InstallUtil.pdbllUtil.pdbpdbtil.pdb.30319\InstallUtil.pdb` source: InstallUtil.exe, 00000002.00000002.2851220900.0000000000538000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.000000000081C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\exe\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.00000000007B6000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: InstallUtil.pdb.NETFrameworkv4.0.30319InstallUtil.exe source: InstallUtil.exe, 00000002.00000002.2851755776.0000000000855000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.00000000007FB000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: Ssymbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2851220900.0000000000538000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\mscorlib.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.000000000081C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: ((.pdb s( source: InstallUtil.exe, 00000002.00000002.2851220900.0000000000538000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.000000000081C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.000000000081C000.00000004.00000020.00020000.00000000.sdmp
              Source: Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002DA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: Ywhazhugqk.exe, 00000001.00000002.1627308912.0000000005850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
              Source: Ywhazhugqk.exe, 00000001.00000002.1622422495.0000000003C15000.00000004.00000800.00020000.00000000.sdmp, Ywhazhugqk.exe, 00000001.00000002.1627308912.0000000005850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
              Source: Ywhazhugqk.exe, 00000001.00000002.1627308912.0000000005850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
              Source: Ywhazhugqk.exe, 00000001.00000002.1627308912.0000000005850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
              Source: Ywhazhugqk.exe, 00000001.00000002.1627308912.0000000005850000.00000004.08000000.00040000.00000000.sdmp, Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002BDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
              Source: Ywhazhugqk.exe, 00000001.00000002.1627308912.0000000005850000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_0117D0701_2_0117D070
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_01177AA81_2_01177AA8
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_0117BD501_2_0117BD50
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_01177A981_2_01177A98
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_058AA2501_2_058AA250
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_058AAE001_2_058AAE00
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_058A4E001_2_058A4E00
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_058AB08D1_2_058AB08D
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_058AA2401_2_058AA240
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_058AADF11_2_058AADF1
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_058A1EE01_2_058A1EE0
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_058A4E001_2_058A4E00
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_05F0EF481_2_05F0EF48
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_05EF00401_2_05EF0040
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_05EF001D1_2_05EF001D
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_065E26CF1_2_065E26CF
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_065E277F1_2_065E277F
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_065E23D81_2_065E23D8
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_065E23C81_2_065E23C8
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_065E27B61_2_065E27B6
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_065E28311_2_065E2831
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_065E28BF1_2_065E28BF
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_065E28B41_2_065E28B4
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_024973E82_2_024973E8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_02492E682_2_02492E68
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_024940762_2_02494076
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_024971ED2_2_024971ED
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_02492E592_2_02492E59
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_024946602_2_02494660
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_024946702_2_02494670
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_02492E682_2_02492E68
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_02493F782_2_02493F78
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_04C410282_2_04C41028
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_04C410382_2_04C41038
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 1016
              Source: Ywhazhugqk.exe, 00000001.00000002.1622422495.0000000003C15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ywhazhugqk.exe
              Source: Ywhazhugqk.exe, 00000001.00000002.1622422495.0000000003C15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGtozzbt.dll" vs Ywhazhugqk.exe
              Source: Ywhazhugqk.exe, 00000001.00000002.1622422495.0000000003D17000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Ywhazhugqk.exe
              Source: Ywhazhugqk.exe, 00000001.00000002.1607876321.0000000000DBE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Ywhazhugqk.exe
              Source: Ywhazhugqk.exe, 00000001.00000002.1627308912.0000000005850000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ywhazhugqk.exe
              Source: Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002CF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBabeoie.exe" vs Ywhazhugqk.exe
              Source: Ywhazhugqk.exe, 00000001.00000002.1627988516.0000000006360000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Ywhazhugqk.exe
              Source: Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002B81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Ywhazhugqk.exe
              Source: Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002DA4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Ywhazhugqk.exe
              Source: Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002F11000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBabeoie.exe" vs Ywhazhugqk.exe
              Source: Ywhazhugqk.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: Ywhazhugqk.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: CanTransformMultipleBlocks.exe.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: 1.2.Ywhazhugqk.exe.417e7b8.3.raw.unpack, tmH5Zoh2A6APmbnSTO.csCryptographic APIs: 'CreateDecryptor'
              Source: 1.2.Ywhazhugqk.exe.417e7b8.3.raw.unpack, tmH5Zoh2A6APmbnSTO.csCryptographic APIs: 'CreateDecryptor'
              Source: 1.2.Ywhazhugqk.exe.417e7b8.3.raw.unpack, ARR8kpKFQaRUYsP3p3P.csCryptographic APIs: 'CreateDecryptor'
              Source: 1.2.Ywhazhugqk.exe.417e7b8.3.raw.unpack, ARR8kpKFQaRUYsP3p3P.csCryptographic APIs: 'CreateDecryptor'
              Source: 1.2.Ywhazhugqk.exe.417e7b8.3.raw.unpack, NOdjZgRRgji8ly7hKU.csCryptographic APIs: 'CreateDecryptor'
              Source: 1.2.Ywhazhugqk.exe.6360000.7.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
              Source: 1.2.Ywhazhugqk.exe.6360000.7.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
              Source: 1.2.Ywhazhugqk.exe.6360000.7.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
              Source: 1.2.Ywhazhugqk.exe.6360000.7.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
              Source: 1.2.Ywhazhugqk.exe.6360000.7.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
              Source: 1.2.Ywhazhugqk.exe.6360000.7.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 1.2.Ywhazhugqk.exe.6360000.7.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 1.2.Ywhazhugqk.exe.6360000.7.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
              Source: 1.2.Ywhazhugqk.exe.6360000.7.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
              Source: 1.2.Ywhazhugqk.exe.6360000.7.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: classification engineClassification label: mal100.expl.evad.winEXE@4/3@0/0
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CanTransformMultipleBlocks.vbsJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
              Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6204:64:WilError_03
              Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\bd045f94-174c-4753-bf1b-9941c281e88bJump to behavior
              Source: Ywhazhugqk.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: Ywhazhugqk.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: Ywhazhugqk.exeReversingLabs: Detection: 50%
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeFile read: C:\Users\user\Desktop\Ywhazhugqk.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\Ywhazhugqk.exe "C:\Users\user\Desktop\Ywhazhugqk.exe"
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 1016
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: Ywhazhugqk.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: Ywhazhugqk.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
              Source: Ywhazhugqk.exeStatic file information: File size 1372160 > 1048576
              Source: Ywhazhugqk.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x14e600
              Source: Ywhazhugqk.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.00000000007B6000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: HPko8C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2851220900.0000000000538000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: C:\Windows\InstallUtil.pdbpdbtil.pdb}| source: InstallUtil.exe, 00000002.00000002.2851755776.000000000081C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\symbols\exe\InstallUtil.pdb` source: InstallUtil.exe, 00000002.00000002.2851755776.00000000007FB000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb0% source: InstallUtil.exe, 00000002.00000002.2851755776.000000000081C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: @wo.pdb source: InstallUtil.exe, 00000002.00000002.2851220900.0000000000538000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Ywhazhugqk.exe, 00000001.00000002.1622422495.0000000003D17000.00000004.00000800.00020000.00000000.sdmp, Ywhazhugqk.exe, 00000001.00000002.1627988516.0000000006360000.00000004.08000000.00040000.00000000.sdmp, Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Ywhazhugqk.exe, 00000001.00000002.1622422495.0000000003D17000.00000004.00000800.00020000.00000000.sdmp, Ywhazhugqk.exe, 00000001.00000002.1627988516.0000000006360000.00000004.08000000.00040000.00000000.sdmp, Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002DA4000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256}Lq source: Ywhazhugqk.exe, 00000001.00000002.1627308912.0000000005850000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.00000000007B6000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: Ywhazhugqk.exe, 00000001.00000002.1627308912.0000000005850000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb0 source: InstallUtil.exe, 00000002.00000002.2851755776.00000000007B6000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\System.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.000000000081C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.000000000081C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\dll\System.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.000000000081C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: ?woC:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2851220900.0000000000538000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: InstallUtil.pdbllUtil.pdbpdbtil.pdb.30319\InstallUtil.pdb` source: InstallUtil.exe, 00000002.00000002.2851220900.0000000000538000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.000000000081C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\exe\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.00000000007B6000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: InstallUtil.pdb.NETFrameworkv4.0.30319InstallUtil.exe source: InstallUtil.exe, 00000002.00000002.2851755776.0000000000855000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.00000000007FB000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: Ssymbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2851220900.0000000000538000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\mscorlib.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.000000000081C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: ((.pdb s( source: InstallUtil.exe, 00000002.00000002.2851220900.0000000000538000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.000000000081C000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2851755776.000000000081C000.00000004.00000020.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              Source: 1.2.Ywhazhugqk.exe.417e7b8.3.raw.unpack, ARR8kpKFQaRUYsP3p3P.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
              Source: 1.2.Ywhazhugqk.exe.5850000.6.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
              Source: 1.2.Ywhazhugqk.exe.5850000.6.raw.unpack, ListDecorator.cs.Net Code: Read
              Source: 1.2.Ywhazhugqk.exe.5850000.6.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
              Source: 1.2.Ywhazhugqk.exe.5850000.6.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
              Source: 1.2.Ywhazhugqk.exe.5850000.6.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
              Source: 1.2.Ywhazhugqk.exe.6360000.7.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 1.2.Ywhazhugqk.exe.6360000.7.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 1.2.Ywhazhugqk.exe.6360000.7.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
              Source: 1.2.Ywhazhugqk.exe.417e7b8.3.raw.unpack, NOdjZgRRgji8ly7hKU.cs.Net Code: pCFvFxlih System.AppDomain.Load(byte[])
              Source: Yara matchFile source: 1.2.Ywhazhugqk.exe.55a0000.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000001.00000002.1626321797.00000000055A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.1611726069.0000000002BDC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Ywhazhugqk.exe PID: 6820, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 1472, type: MEMORYSTR
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeCode function: 1_2_05EF70F7 push edx; ret 1_2_05EF710B
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_04C408D0 pushfd ; ret 2_2_04C408D1
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_04C44B88 push edx; retf 2_2_04C44B8B
              Source: Ywhazhugqk.exeStatic PE information: section name: .text entropy: 7.999672424966953
              Source: CanTransformMultipleBlocks.exe.1.drStatic PE information: section name: .text entropy: 7.999672424966953
              Source: 1.2.Ywhazhugqk.exe.417e7b8.3.raw.unpack, -Module--854d8771-8713-4a41-bf73-aa5bde6e6cb4-.csHigh entropy of concatenated method names: 'kc8d26309dde547208d3ae1a0f4a001b3', 'ReadPublisher', 'QueryPublisher', 'LoginPublisher', 'eMw8iFbmd25DJP2eoFF', 'S59J6bbrWR1IgxJve9y', 'GvCG9ibsZN6QYIW2scZ', 'poPCc2bPBy3WOGtGF2m', 'YufHKlb5rEGDyIIlNLR', 'qMHW9nbNVItF9x3Hg7x'
              Source: 1.2.Ywhazhugqk.exe.417e7b8.3.raw.unpack, dK820iKElZV9xe4S2ca.csHigh entropy of concatenated method names: 'a4pi4sl6O3', 'NlxjBVbkvgM1XG90paX', 'jU5XOBbSgGcFjcNJqhN', 'nqmYUQbM1D72G9M1coB', 'foBig0bG4KbNIIpG4jE', 'bwfBLQbAadpucgDea1V', 'WnQc6obhVFfMnBRPjMK', 'Pub0bUbZIh8QbihYSQe', 'KrlJUjbJc08fAIVgNh1', 'YgpJI8bT7tsMXgA8qgq'
              Source: 1.2.Ywhazhugqk.exe.417e7b8.3.raw.unpack, sx07G6LnvyoYlOppsgQ.csHigh entropy of concatenated method names: 'YVcLCovi4G', 'xD9LzKq9AB', 'eh3lY3vEgQ', 'URLl3WdHDc', 'EAKlKBxYm9', 'iNlld5ioBm', 'TcXlLW6L5f', 'qiollZ816s', 'HP5lch8Kuq', 'MPRlWvFrBi'
              Source: 1.2.Ywhazhugqk.exe.417e7b8.3.raw.unpack, tmH5Zoh2A6APmbnSTO.csHigh entropy of concatenated method names: 'vBJKshjdfF', 'byPKmJE9OV', 'NtNdTpQDBJgVqFSi7u3', 'tpuYXmQBZRldDxsUCm8', 'O2NVnAQ57cgvLZv6WDv', 'QJb4SYQmnwXk3HoEJGW', 'QF9SLgQPM02avZL3grC', 'RINKNYM1LC', 'Hp7EACQhhApAaEROkgs', 'iioFg9QZUrdCEx91oa8'
              Source: 1.2.Ywhazhugqk.exe.417e7b8.3.raw.unpack, h8U4IOPmfNh4mJwTud.csHigh entropy of concatenated method names: 'qXFNVHPny', 'KfkD4Wyyq', 'LLlButaok', 'piSwn7cGqfMoF6MTCHb', 'zXVdpwcAZJgC1XjnhwV', 'mJfYo2cJ0TdjcPW2FOs', 'C7QWxEcSsAcsYnG6wIa', 'OVV3cscMaJIZ6tGQaXO', 'eU3EwicTdYMJI5INDuH', 'xhChPmc6mOF2n4c6jOA'
              Source: 1.2.Ywhazhugqk.exe.417e7b8.3.raw.unpack, ARR8kpKFQaRUYsP3p3P.csHigh entropy of concatenated method names: 'BKvJhWbfOruLf2P6MQL', 'ATNfsRb8lvX386UXpPF', 'Q82LPfw1pq', 'b04DBMbw8uISnng22xN', 'RMOoc5bo4ZPNKE1lm4D', 'iJfuivbFoVkf3I1pJD3', 'oNXULVbOPwwXtXxQN5U', 'JXmkuvbuUQ0OMEIy0UE', 'BHFyVWb24aHtPQt4yn0', 'punpg7b4wuUSrwWFSwl'
              Source: 1.2.Ywhazhugqk.exe.417e7b8.3.raw.unpack, NOdjZgRRgji8ly7hKU.csHigh entropy of concatenated method names: 'pCFvFxlih', 'SZB9kqGf4', 'KIsXF3yZ0', 'Rn9pocxRq', 'naktcw3hM', 'Me2jkVL3w', 'vhVrZucgs', 'AbfsqHlMK', 'uZvyVwlxkqYMAbxgha2', 'MQDabbleLYi0TrImvOV'
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeFile created: C:\Users\user\AppData\Roaming\CanTransformMultipleBlocks.exeJump to dropped file

              Boot Survival

              barindex
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CanTransformMultipleBlocks.vbsJump to dropped file
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CanTransformMultipleBlocks.vbsJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CanTransformMultipleBlocks.vbsJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Source: Yara matchFile source: Process Memory Space: Ywhazhugqk.exe PID: 6820, type: MEMORYSTR
              Source: Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002CF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
              Source: Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002BDC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: EXPLORERJSBIEDLL.DLLKCUCKOOMON.DLLLWIN32_PROCESS.HANDLE='{0}'MPARENTPROCESSIDNCMDOSELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILUREPVERSIONQSERIALNUMBERSVMWARE|VIRTUAL|A M I|XENTSELECT * FROM WIN32_COMPUTERSYSTEMUMANUFACTURERVMODELWMICROSOFT|VMWARE|VIRTUALXJOHNYANNAZXXXXXXXX
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeMemory allocated: 1170000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeMemory allocated: 2B80000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeMemory allocated: 1190000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2450000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 26F0000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 24F0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
              Source: Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002CF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: crosoft|VMWare|Virtual
              Source: Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002CF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
              Source: Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002CF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q 1:en-CH:Microsoft|VMWare|Virtual@
              Source: Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002CF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q 1:en-CH:VMware|VIRTUAL|A M I|Xen
              Source: Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002CF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual
              Source: Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002CF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware@
              Source: Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002BDC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: explorerJSbieDll.dllKcuckoomon.dllLwin32_process.handle='{0}'MParentProcessIdNcmdOselect * from Win32_BIOS8Unexpected WMI query failurePversionQSerialNumberSVMware|VIRTUAL|A M I|XenTselect * from Win32_ComputerSystemUmanufacturerVmodelWMicrosoft|VMWare|VirtualXjohnYannaZxxxxxxxx
              Source: Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002CF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen@
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeMemory allocated: page read and write | page guardJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeQueries volume information: C:\Users\user\Desktop\Ywhazhugqk.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Ywhazhugqk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information1
              Scripting
              Valid Accounts2
              Windows Management Instrumentation
              1
              Scripting
              11
              Process Injection
              1
              Masquerading
              OS Credential Dumping221
              Security Software Discovery
              Remote Services11
              Archive Collected Data
              1
              Encrypted Channel
              Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Scheduled Task/Job
              1
              Scheduled Task/Job
              1
              Scheduled Task/Job
              3
              Virtualization/Sandbox Evasion
              LSASS Memory3
              Virtualization/Sandbox Evasion
              Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAt2
              Registry Run Keys / Startup Folder
              2
              Registry Run Keys / Startup Folder
              1
              Disable or Modify Tools
              Security Account Manager1
              Process Discovery
              SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCron1
              DLL Side-Loading
              1
              DLL Side-Loading
              11
              Process Injection
              NTDS32
              System Information Discovery
              Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Deobfuscate/Decode Files or Information
              LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
              Obfuscated Files or Information
              Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items22
              Software Packing
              DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
              DLL Side-Loading
              Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              Ywhazhugqk.exe50%ReversingLabsByteCode-MSIL.Trojan.Mardom
              Ywhazhugqk.exe100%AviraTR/Dropper.Gen
              Ywhazhugqk.exe100%Joe Sandbox ML
              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Roaming\CanTransformMultipleBlocks.exe100%AviraTR/Dropper.Gen
              C:\Users\user\AppData\Roaming\CanTransformMultipleBlocks.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Roaming\CanTransformMultipleBlocks.exe50%ReversingLabsByteCode-MSIL.Trojan.Mardom
              No Antivirus matches
              No Antivirus matches
              SourceDetectionScannerLabelLink
              https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
              https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
              https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
              No contacted domains info
              NameSourceMaliciousAntivirus DetectionReputation
              https://github.com/mgravell/protobuf-netYwhazhugqk.exe, 00000001.00000002.1627308912.0000000005850000.00000004.08000000.00040000.00000000.sdmpfalse
                unknown
                https://github.com/mgravell/protobuf-netiYwhazhugqk.exe, 00000001.00000002.1627308912.0000000005850000.00000004.08000000.00040000.00000000.sdmpfalse
                  unknown
                  https://stackoverflow.com/q/14436606/23354Ywhazhugqk.exe, 00000001.00000002.1627308912.0000000005850000.00000004.08000000.00040000.00000000.sdmp, Ywhazhugqk.exe, 00000001.00000002.1611726069.0000000002BDC000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  unknown
                  https://github.com/mgravell/protobuf-netJYwhazhugqk.exe, 00000001.00000002.1622422495.0000000003C15000.00000004.00000800.00020000.00000000.sdmp, Ywhazhugqk.exe, 00000001.00000002.1627308912.0000000005850000.00000004.08000000.00040000.00000000.sdmpfalse
                    unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameYwhazhugqk.exe, 00000001.00000002.1611726069.0000000002DA4000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    https://stackoverflow.com/q/11564914/23354;Ywhazhugqk.exe, 00000001.00000002.1627308912.0000000005850000.00000004.08000000.00040000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    https://stackoverflow.com/q/2152978/23354Ywhazhugqk.exe, 00000001.00000002.1627308912.0000000005850000.00000004.08000000.00040000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    No contacted IP infos
                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1538492
                    Start date and time:2024-10-21 13:08:38 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 6m 35s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:10
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:Ywhazhugqk.exe
                    Detection:MAL
                    Classification:mal100.expl.evad.winEXE@4/3@0/0
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 90%
                    • Number of executed functions: 157
                    • Number of non-executed functions: 12
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                    • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Execution Graph export aborted for target InstallUtil.exe, PID 1472 because it is empty
                    • Execution Graph export aborted for target Ywhazhugqk.exe, PID 6820 because it is empty
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • VT rate limit hit for: Ywhazhugqk.exe
                    TimeTypeDescription
                    13:10:16AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CanTransformMultipleBlocks.vbs
                    No context
                    No context
                    No context
                    No context
                    No context
                    Process:C:\Users\user\Desktop\Ywhazhugqk.exe
                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Category:dropped
                    Size (bytes):1372160
                    Entropy (8bit):7.999121319372974
                    Encrypted:true
                    SSDEEP:24576:+3Ul3t1VU+Y8Vj6dBu0h/Q9fvi+hvckCPPtzKqmscVoHMlKPbLY:IU5t16P8Ve3u0h/v+ikfsBSKvY
                    MD5:BEA6E941101FB3363365814B7B6B3D39
                    SHA1:678E1305F8161F43E155271F785FD763352C45C2
                    SHA-256:102DD967BC6AAA2D90BE034C3B484CD7D001942E8F79C214675F74F5ED8CDEA3
                    SHA-512:227F15D291C7367EB5181AAD2FDBE54585FA9E027C8A0E996038A99CECF13F8A38E2314DE6F99F741E3DE203152807895989AC1734B51F15B647FEA5B6C0BDFD
                    Malicious:true
                    Antivirus:
                    • Antivirus: Avira, Detection: 100%
                    • Antivirus: Joe Sandbox ML, Detection: 100%
                    • Antivirus: ReversingLabs, Detection: 50%
                    Reputation:low
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....g................................. ... ....@.. .......................`............`.....................................W.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......................("...............................................(....*..(....*.~....:....r...p.....(....o....s.........~....*.~....*.......*j(....r;..p~....o....t....*.(....("...*.0............(....o.......8=............o....:&....o....o....rS..p(....(....9......8......X....i2...(....9....*.....(.....r...p(..........o.....( .......(!...*.0.............(.....s#.....r...p($...r...p($...o%....s&.......s'...........io(....o)......,.....9......o*.....9.....o*.....9.....o*
                    Process:C:\Users\user\Desktop\Ywhazhugqk.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:modified
                    Size (bytes):26
                    Entropy (8bit):3.95006375643621
                    Encrypted:false
                    SSDEEP:3:ggPYV:rPYV
                    MD5:187F488E27DB4AF347237FE461A079AD
                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                    Malicious:true
                    Reputation:high, very likely benign file
                    Preview:[ZoneTransfer]....ZoneId=0
                    Process:C:\Users\user\Desktop\Ywhazhugqk.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):100
                    Entropy (8bit):4.875175975368543
                    Encrypted:false
                    SSDEEP:3:FER/n0eFHHoMEREaKC5RJMVgUJKKWAuHn:FER/lFHIFiaZ5R+yQKkI
                    MD5:DA3A2B95A623864C73E7328F4BC9B3B5
                    SHA1:B52A9B391A288FEF57A8D133EA51215637D3A8D2
                    SHA-256:99AAF326B573C2655134AB94C11A3EE7BD6CA863AB7CBF7C68FE0CE152784328
                    SHA-512:8F5D9955309804FD3615CEF9485143DF33F98A8770E55088677AC0A30DB1974275F2C52DFE4D71B0803CB41F878038D005BDF10C05838E26891279E22E4639B7
                    Malicious:true
                    Reputation:low
                    Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\CanTransformMultipleBlocks.exe"""
                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Entropy (8bit):7.999121319372974
                    TrID:
                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    • Win32 Executable (generic) a (10002005/4) 49.78%
                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                    • Generic Win/DOS Executable (2004/3) 0.01%
                    • DOS Executable Generic (2002/1) 0.01%
                    File name:Ywhazhugqk.exe
                    File size:1'372'160 bytes
                    MD5:bea6e941101fb3363365814b7b6b3d39
                    SHA1:678e1305f8161f43e155271f785fd763352c45c2
                    SHA256:102dd967bc6aaa2d90be034c3b484cd7d001942e8f79c214675f74f5ed8cdea3
                    SHA512:227f15d291c7367eb5181aad2fdbe54585fa9e027c8a0e996038a99cecf13f8a38e2314de6f99f741e3de203152807895989ac1734b51f15b647fea5b6c0bdfd
                    SSDEEP:24576:+3Ul3t1VU+Y8Vj6dBu0h/Q9fvi+hvckCPPtzKqmscVoHMlKPbLY:IU5t16P8Ve3u0h/v+ikfsBSKvY
                    TLSH:CF5533084A8296D7EDBDF7B9D972CE850D68A304F9B44CCA4BDCD88A567045333ADB34
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g................................. ... ....@.. .......................`............`................................
                    Icon Hash:90cececece8e8eb0
                    Entrypoint:0x5504fe
                    Entrypoint Section:.text
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Time Stamp:0x671592D3 [Sun Oct 20 23:31:31 2024 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:4
                    OS Version Minor:0
                    File Version Major:4
                    File Version Minor:0
                    Subsystem Version Major:4
                    Subsystem Version Minor:0
                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                    Instruction
                    jmp dword ptr [00402000h]
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x1504a40x57.text
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x1520000x5b6.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1540000xc.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x20000x14e5040x14e600b87f637f860769a0f1f3c255ce8c17dcFalse0.9991136098130841data7.999672424966953IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .rsrc0x1520000x5b60x600cd52797ea10c7586978265479e5544a2False0.4205729166666667data4.135479694976285IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .reloc0x1540000xc0x200dbe011ab66da0ca05626c1df653fc774False0.041015625data0.06116285224115448IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_VERSION0x1520a00x32cdata0.4273399014778325
                    RT_MANIFEST0x1523cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                    DLLImport
                    mscoree.dll_CorExeMain
                    No network behavior found

                    Click to jump to process

                    Click to jump to process

                    Click to dive into process behavior distribution

                    Click to jump to process

                    Target ID:1
                    Start time:07:10:15
                    Start date:21/10/2024
                    Path:C:\Users\user\Desktop\Ywhazhugqk.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\Ywhazhugqk.exe"
                    Imagebase:0x6b0000
                    File size:1'372'160 bytes
                    MD5 hash:BEA6E941101FB3363365814B7B6B3D39
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000001.00000002.1626321797.00000000055A0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000001.00000002.1611726069.0000000002BDC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:true

                    Target ID:2
                    Start time:07:10:16
                    Start date:21/10/2024
                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Imagebase:0x190000
                    File size:42'064 bytes
                    MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Reputation:moderate
                    Has exited:false

                    Target ID:6
                    Start time:07:10:18
                    Start date:21/10/2024
                    Path:C:\Windows\SysWOW64\WerFault.exe
                    Wow64 process (32bit):true
                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 1016
                    Imagebase:0x330000
                    File size:483'680 bytes
                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    Reset < >
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 2$6
                      • API String ID: 0-3433195019
                      • Opcode ID: dd700f429cbd460fd847ed3fec2655675b1270b4230a1fa7c750dfa609ab19c6
                      • Instruction ID: 3b2816767d3abdc9a84e8650aac0d0d27a8a42106984781c1286d2d2d8babe20
                      • Opcode Fuzzy Hash: dd700f429cbd460fd847ed3fec2655675b1270b4230a1fa7c750dfa609ab19c6
                      • Instruction Fuzzy Hash: 5BE2C478E012288FDB64DF68D984B9ABBF6FB48305F1081E9D409A7355DB34AE85CF50
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: TJq
                      • API String ID: 0-48878262
                      • Opcode ID: fb53240eb3d30e43809eaf34a81dc01564823a6618d13c7d351df17918e9b11a
                      • Instruction ID: 54e8bc3147fa18811713d6983d37cc6a588c6548d9423e860e85396d28a57a62
                      • Opcode Fuzzy Hash: fb53240eb3d30e43809eaf34a81dc01564823a6618d13c7d351df17918e9b11a
                      • Instruction Fuzzy Hash: AEA2D575A00228CFDB65CF69C984B99BBB2FF89304F1581E9D509AB361DB319E81CF50
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627763060.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_5ef0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: Dq
                      • API String ID: 0-144822681
                      • Opcode ID: fa82f470efd4bdbd2ac8c68129ad21ea25ebd205116c8bf75d9ee282e0c0a789
                      • Instruction ID: cfb7574d69d75248ba240d0f9deda6db8fcd4588fa3c1e9dd805800daa4e09f2
                      • Opcode Fuzzy Hash: fa82f470efd4bdbd2ac8c68129ad21ea25ebd205116c8bf75d9ee282e0c0a789
                      • Instruction Fuzzy Hash: 01D19078E00218CFDB64DFA9D994A9DBBB2FF48304F1481A9D409AB365DB35AD81CF50
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 074e19cdde680cc24d420ac8470cefd3acd1383c2f8d78d3be3f85d810b3ed61
                      • Instruction ID: 4b0c36f46415b8d29af3a876dd3859df5b272bccaf68185d8f7318d5e9d38364
                      • Opcode Fuzzy Hash: 074e19cdde680cc24d420ac8470cefd3acd1383c2f8d78d3be3f85d810b3ed61
                      • Instruction Fuzzy Hash: 46B1F275E05208CFEB18DFAAD484A9DBBF2FB89304F148069E809E7755EB349985CF14
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: ab5fdb8a1d01704dd2a02f2ae51ca0949fbf4eea104603742801b994d80a5dd0
                      • Instruction ID: 94b52fcf6f9a3b48a7934da387ab6fd63acdf8fe4f52c19a4d8cadaa94744915
                      • Opcode Fuzzy Hash: ab5fdb8a1d01704dd2a02f2ae51ca0949fbf4eea104603742801b994d80a5dd0
                      • Instruction Fuzzy Hash: EFB1F374E05208CFEB08DFA9D484AADBBF2FB89304F149069E809E7655EB349D85CF10
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 8e2189e4037f2c9f37839b80a124e313f8106ef0f133b9093d104131fab2c09f
                      • Instruction ID: 165249989ae73d81628b72205521f666d2bdee442081e89e4cf6dbdbfdbd56d2
                      • Opcode Fuzzy Hash: 8e2189e4037f2c9f37839b80a124e313f8106ef0f133b9093d104131fab2c09f
                      • Instruction Fuzzy Hash: A4813575D05208CFEB58DFA9E944BADBBF2FB49308F149029D809A7255DB345D86CF40
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 56098b715e145f852e604862cd79640a8d6c5e09afd0d4ec631e30c8cef284b1
                      • Instruction ID: 379e03f2f388e39790807d4cd612aaceb899bc5f3ac1b6585cfab471e1c92334
                      • Opcode Fuzzy Hash: 56098b715e145f852e604862cd79640a8d6c5e09afd0d4ec631e30c8cef284b1
                      • Instruction Fuzzy Hash: 6F811575E05208CFEB58DFA9E944BADBBF2FB49308F109029D809A7655DB345D86CF40
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 7029306544de935ff21d3c86e25328f2bfe9561be10b8da1b3df4762e7e77ad0
                      • Instruction ID: e3c8e8a55f7f714324ff7bc206129fb203b041abac1a3398fe817d29602b6481
                      • Opcode Fuzzy Hash: 7029306544de935ff21d3c86e25328f2bfe9561be10b8da1b3df4762e7e77ad0
                      • Instruction Fuzzy Hash: 1D710175E05208CFEB54DFA9D984BADBBF2FB89308F14902AD819A7655D7349D82CF00
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1d66c909a297ca211a968a37f7d0a6633f5d405b97d1efde06ae05751b17c95f
                      • Instruction ID: 94383b74254a78025cd4e4882aae995a74aba2e999ba675601db68f4a64c8707
                      • Opcode Fuzzy Hash: 1d66c909a297ca211a968a37f7d0a6633f5d405b97d1efde06ae05751b17c95f
                      • Instruction Fuzzy Hash: D9711079D00208DFE708EF6AE951A99BBF2FB89704F14C129D008E7365DB749905CF61
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0d564beb172fdf011ed79942a16c6b02c2760a3c5655d3cbb01e77c011b74644
                      • Instruction ID: ca34a7221646e7303bcc214c349ce9b5873625cda6ac30c9aa7a5e2d80690525
                      • Opcode Fuzzy Hash: 0d564beb172fdf011ed79942a16c6b02c2760a3c5655d3cbb01e77c011b74644
                      • Instruction Fuzzy Hash: A7712F78D00208DFE708EF6AE950A9ABBF2FB89704F14C129D008E7365DB749905CF61
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 1$=$6
                      • API String ID: 0-835140590
                      • Opcode ID: 75757032579760d358fc7b837b232d8ad08346d74d32d6cf6c86ab12b74c0c2a
                      • Instruction ID: 08ced33b7a8ce4867eeef4f07f04f34675c07d702eb8cdf119446e03952d052b
                      • Opcode Fuzzy Hash: 75757032579760d358fc7b837b232d8ad08346d74d32d6cf6c86ab12b74c0c2a
                      • Instruction Fuzzy Hash: 5C01243590025ADFCB11DF54D800BD9B7B5FF05304F048A86E949B7250CB70AAD6CF90
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: TJq$6
                      • API String ID: 0-671126014
                      • Opcode ID: 082716acc40799a66e553036fb47b5ad8eb3f8e92c6316a611428e756d6d27af
                      • Instruction ID: 0f2a7f4e2f6a1be4885942d3046f8d27f8d81a8559cb022cce61586d8419450d
                      • Opcode Fuzzy Hash: 082716acc40799a66e553036fb47b5ad8eb3f8e92c6316a611428e756d6d27af
                      • Instruction Fuzzy Hash: 9B710B78E00208DFDB08EFA8D555A9EBBF6FF89304F108429E525A7358DB349946CF61
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6$cB7
                      • API String ID: 0-2948051919
                      • Opcode ID: 8fbf2497aa862a1f1994f266bc091811641a20d31c87cd61f225ab2ba38a5e91
                      • Instruction ID: 3f6057f9e50b4f3ef7f5e7ef0f17551ff0d7147a1d3b86881c701ed82712c30f
                      • Opcode Fuzzy Hash: 8fbf2497aa862a1f1994f266bc091811641a20d31c87cd61f225ab2ba38a5e91
                      • Instruction Fuzzy Hash: F0411178A012188FCB55EF24D955B99B7F5FB89704F1080EAE40EA7788DB749E82CF50
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 1$6
                      • API String ID: 0-4113521358
                      • Opcode ID: 98adf09dbd4b3be6f5880e26dc56f17351e1e480f7ffda38989980b2702b522e
                      • Instruction ID: 7d91aea49f50d3b380f4dd887a9005f66d6b08303377fe3c2cef87395d19047f
                      • Opcode Fuzzy Hash: 98adf09dbd4b3be6f5880e26dc56f17351e1e480f7ffda38989980b2702b522e
                      • Instruction Fuzzy Hash: BB31C078A04269DFDB60DF64D984BADBBB5AB08304F1489E9D80EA7644D7719E81CF10
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: ($6
                      • API String ID: 0-4115443428
                      • Opcode ID: 352ab88e686a71078614aee4c6ffdbfc7a06763c5ee3c4ce6494e14dc73ff139
                      • Instruction ID: e689215d8d2bdafcbadb8173d67bbe48c0cc5307c4e82f3bb373d260d1f69c91
                      • Opcode Fuzzy Hash: 352ab88e686a71078614aee4c6ffdbfc7a06763c5ee3c4ce6494e14dc73ff139
                      • Instruction Fuzzy Hash: 8621EE78A002289FDB60DF68C954BDDBBF2EB49304F0084DAD849A7784DB309E95CF60
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: -$G
                      • API String ID: 0-3598989620
                      • Opcode ID: 9cb19b0150c631335b3c9ac8f6701fea51ecf7cf8c0304b69c05d24870b89344
                      • Instruction ID: eb73bc0fa0d4f84bb275dc268dbbffc20639af786dfca8ba18e58f1693d04667
                      • Opcode Fuzzy Hash: 9cb19b0150c631335b3c9ac8f6701fea51ecf7cf8c0304b69c05d24870b89344
                      • Instruction Fuzzy Hash: 3C119775914218CFDB20CF54D948BD9B7F1BB05345F044AE5D84AA3291C3759EC5CF10
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: cc9e9878a7d0380072df91b1ca1389f648094185bb0cd9b4ded98ad7aeb112c8
                      • Instruction ID: fc0008cb615065c6d0b6c2d767632316bab6d82d6a5d154b5d0254fa448828ca
                      • Opcode Fuzzy Hash: cc9e9878a7d0380072df91b1ca1389f648094185bb0cd9b4ded98ad7aeb112c8
                      • Instruction Fuzzy Hash: 20E10678E04218CFDB54EF68D954BADBBB2FB89304F1080AAE409A7758DB309D41CF60
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: ab37c2173f7e153a8e2a6a58dfc33ba31fde34396cd3db6b5f0dd7ea8786d51d
                      • Instruction ID: 993b6c7b9ce3433aa7c8e2264b2c815e27f3053cabe55f7a0465d6a34ba82a82
                      • Opcode Fuzzy Hash: ab37c2173f7e153a8e2a6a58dfc33ba31fde34396cd3db6b5f0dd7ea8786d51d
                      • Instruction Fuzzy Hash: ACE10978E04218CFDB54EF68D954BADBBB2FB89304F1080A9E509A7758DB349D45CF60
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 4c0bf44f7799094731adc721a345e7f78cffda7d084c79de22c35246d3dd4bb4
                      • Instruction ID: 275b475b4f037bf74c8634a0d0bab8dee3c9fff77dccb6e00d759c195c964166
                      • Opcode Fuzzy Hash: 4c0bf44f7799094731adc721a345e7f78cffda7d084c79de22c35246d3dd4bb4
                      • Instruction Fuzzy Hash: A6E1F978E04218CFDB54EF68D954BADBBB2FB89304F1080AAE409A7758DB349D81CF51
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 738823756343ffa742b387b63ea72960eb4316bb8ef1c27262e7b19e413954df
                      • Instruction ID: 2ff37a483c38328ebb5c6f7b30bb08231327908a112359891b2b67e3fdad9074
                      • Opcode Fuzzy Hash: 738823756343ffa742b387b63ea72960eb4316bb8ef1c27262e7b19e413954df
                      • Instruction Fuzzy Hash: 9AC1C175A06218CFEB54DF64D944BADBBF2EB49308F108069E809A7389DB349D85CF50
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: e6f23eab0b13bd0059acc7c048df8843efcafc55b5d09a9f7ceae57f28a4c102
                      • Instruction ID: 377166ae6675c5db10aec1e7c822178a874ae048f07070ed07f3105a60d732c4
                      • Opcode Fuzzy Hash: e6f23eab0b13bd0059acc7c048df8843efcafc55b5d09a9f7ceae57f28a4c102
                      • Instruction Fuzzy Hash: 6BC1C175A06218CFEB54DF64D944BAEBBF2BB49308F108069E849A7389DB349D85CF50
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 33a1acd862f9d72e06e11134e53d3bbff5d83b982522d84da05df9880982eef5
                      • Instruction ID: 55c55ae36da933bed14aaf0518289c515ca2e65f5467cd2a247c8bf8e7c3a2ee
                      • Opcode Fuzzy Hash: 33a1acd862f9d72e06e11134e53d3bbff5d83b982522d84da05df9880982eef5
                      • Instruction Fuzzy Hash: DBC1A078A06218CFEB54DF64D984BADBBF2BB49708F108069E449A7785DB349D81CF50
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: f1da57022d25cc14c76133394a420d4e669ecbe8312026d437ae2c70b55efdc5
                      • Instruction ID: c7c514412dc2d1b931e704ce59d87c99d5f6b79ef15116121b4d72e077fd06f5
                      • Opcode Fuzzy Hash: f1da57022d25cc14c76133394a420d4e669ecbe8312026d437ae2c70b55efdc5
                      • Instruction Fuzzy Hash: 12C1B278A06218CFEB54DF64D984BADBBF2FB49708F1080A9E449A7785DB349D81CF50
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: a6f6536068b4a68026cbb5ba8665cfaefbe20d3094b1a8012e6fb2a8fa58a948
                      • Instruction ID: 570e444701046df7e183390638c432ea277169e9165f1c5411fb513b3149d4f4
                      • Opcode Fuzzy Hash: a6f6536068b4a68026cbb5ba8665cfaefbe20d3094b1a8012e6fb2a8fa58a948
                      • Instruction Fuzzy Hash: 4A510574E05218CFEB04DFA4C944BAEBBB2BB49304F048069D80AA7798D7745E85CF51
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 38b7693029ed6e1c6453e9e426a2105cc001850dad414fdb1679ea94b8a5cfb0
                      • Instruction ID: e096107950539a69d0bb2061c4bac63c2b8c75b54cf540d3dd1490a02741d3ef
                      • Opcode Fuzzy Hash: 38b7693029ed6e1c6453e9e426a2105cc001850dad414fdb1679ea94b8a5cfb0
                      • Instruction Fuzzy Hash: FD518E319093988FEB15DF29C854799BFB1EF86304F4580EAC488EB262D7345D89CF55
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 0a32712c147bf6a3c56d913d88dee838714fb9e5dd22429100cf43b1bb57ece8
                      • Instruction ID: 12128a2886f5ce6ac96c4b53a2f5fecacd0785c5e2b6ad8774d641b9f175825f
                      • Opcode Fuzzy Hash: 0a32712c147bf6a3c56d913d88dee838714fb9e5dd22429100cf43b1bb57ece8
                      • Instruction Fuzzy Hash: DA51B474E05218CFEB54DF68D984BADB7B2FB89304F1084A9D80EA7254DB349D86CF50
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 26ed969863927fb3075c3d1cf1042640b4f4cdeebe7fa12db87e2531f632dc84
                      • Instruction ID: 04259827fe822f66b2a68775f67373de005b79353f08f23654dffe2d7343bb5b
                      • Opcode Fuzzy Hash: 26ed969863927fb3075c3d1cf1042640b4f4cdeebe7fa12db87e2531f632dc84
                      • Instruction Fuzzy Hash: 3D51C5B8E05218CFEB54DF68D994BADB7B2FB49308F1084A9D809A7344DB749D85CF60
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 915f1387b64cbc206ff3c7fecc96015844fb45c0c6100e027a602a6fc41bf2a1
                      • Instruction ID: a08fc5cc65dd91f47f321b41cf4bac878815509078077cf065eacad1cad68980
                      • Opcode Fuzzy Hash: 915f1387b64cbc206ff3c7fecc96015844fb45c0c6100e027a602a6fc41bf2a1
                      • Instruction Fuzzy Hash: A8415875E05268CFEB14DF29D844799BBB2FB86304F4080EAC849E7255DB345E86CF50
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: c8984e55f34327d485b8ed13d9825d3de76c08c78b2215a34a299337df8fb91b
                      • Instruction ID: f55e7a08b4302b6cac2f9d486ad6d465334de5dc3c96793162311dd089e0f75f
                      • Opcode Fuzzy Hash: c8984e55f34327d485b8ed13d9825d3de76c08c78b2215a34a299337df8fb91b
                      • Instruction Fuzzy Hash: 2A31AB3A909284CFEB11CF24D845BA9BFB1FB46305F4880D9D989D7246D7345A86EF21
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 2044159d7807d552a9c5b1c93e8a1501d37a683b240e52241deb6f20fd1a8699
                      • Instruction ID: dc3b9ad08fc27bf438a27d754b4f52781ade303c79746b1a419c890d535dbfe6
                      • Opcode Fuzzy Hash: 2044159d7807d552a9c5b1c93e8a1501d37a683b240e52241deb6f20fd1a8699
                      • Instruction Fuzzy Hash: 2B313876E05228CFEB24DF29C844BA9BBB6FB89304F4080A9C94DE7255DB345E85DF10
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 45804c33a3714a262120267cbc3a2c7955c45ef3a0b2814b8a12a3e0f69b1125
                      • Instruction ID: 17245ad7c7188dc0af8ad0fd3d1f3bccf3fd2ec9cd10aa74f7616e968b969e0d
                      • Opcode Fuzzy Hash: 45804c33a3714a262120267cbc3a2c7955c45ef3a0b2814b8a12a3e0f69b1125
                      • Instruction Fuzzy Hash: 18317CB4D01209DFEB48EFA8D08D7ADBBF4EB45304F2190A5D405A3385DB348A95CF61
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: a3319bed9073098a13e0932a1e9335d7bc450a893cce66107b2803fc7df1c1d8
                      • Instruction ID: 10e08f27bdc026ed747a4d99ce3939a99ee837d9ccf88aaa99e90d28fdeeb842
                      • Opcode Fuzzy Hash: a3319bed9073098a13e0932a1e9335d7bc450a893cce66107b2803fc7df1c1d8
                      • Instruction Fuzzy Hash: 0621F774D0820DCBDB18DFAAC8547EEBBF5FB89304F148425D925A3358DB7849448FA5
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 82dd17d5ff76ca3a7115ee77315d576634d568336e7c7667ddec4286c032d9cb
                      • Instruction ID: 1ad45f0de08f195f54b1a551bc07abcc389f3c2e462d13ef42b1fd74c8a1f111
                      • Opcode Fuzzy Hash: 82dd17d5ff76ca3a7115ee77315d576634d568336e7c7667ddec4286c032d9cb
                      • Instruction Fuzzy Hash: 65217775D0420DDBEB04EFA9D8407AEBBF6FB89304F148024E419A3384CB389E05CBA0
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 131d98c934a1ab6fe438ab8afaef93741415a3c7b4231ab116e4dc70daab8fbd
                      • Instruction ID: 6bef509ae5e4f3f2d431e10ccf55425c11de1ba5d140da53913d79014bfb1ea5
                      • Opcode Fuzzy Hash: 131d98c934a1ab6fe438ab8afaef93741415a3c7b4231ab116e4dc70daab8fbd
                      • Instruction Fuzzy Hash: E2315EB4D01209DFEB48EFA8C08C7ADBBF5EB85304F2190A5D005A7385EB748A94CF61
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 6217d6551dabb0edfafd340985c4771f6d6abd8c351f6bc96badabb1d76e6e05
                      • Instruction ID: 1ea34be31f04ffced77789ceb4ad9c3be745e16ef24b7ed719a0b639fe9557a2
                      • Opcode Fuzzy Hash: 6217d6551dabb0edfafd340985c4771f6d6abd8c351f6bc96badabb1d76e6e05
                      • Instruction Fuzzy Hash: 1E215375E0420DCBEB04DFA8D8446AEBBF6FB89304F108424E419A3384DB789E01CBA0
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627763060.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_5ef0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: ca46e0828f1e7d661ce07a62b77ead3c743a4a9bb54c429bb340a66c888838d4
                      • Instruction ID: 0e582bed1f4ca0cf57a0611dbf6c8289bd4e9e05d47a75aeaf9cf17784db491f
                      • Opcode Fuzzy Hash: ca46e0828f1e7d661ce07a62b77ead3c743a4a9bb54c429bb340a66c888838d4
                      • Instruction Fuzzy Hash: 2C31A378A046698FCB68CF28C884AAEBBB5FF48305F1481E9D859A7351D734DE81CF50
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 6e4406ba4758339469a60f6802492abde9d6cd5ce2aba470204fd1b74f0d1a3f
                      • Instruction ID: 4957f8f939fc88bf6dff85c3e39b758569fec8c2004731a72106f3a1f01af8a3
                      • Opcode Fuzzy Hash: 6e4406ba4758339469a60f6802492abde9d6cd5ce2aba470204fd1b74f0d1a3f
                      • Instruction Fuzzy Hash: CA213535A04218CFEB20DF24D848BA9BBB1FB45308F4540E9D94DE3282DB345E86DF10
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627763060.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_5ef0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 30150f4885c21e64ff99f80e28eba65ee851e18f81d10c1cec93f1de580467b1
                      • Instruction ID: db5eb2d94d676204224d70e5a6d62d3cecb9d7efed683c81759e91e7e63ddfe8
                      • Opcode Fuzzy Hash: 30150f4885c21e64ff99f80e28eba65ee851e18f81d10c1cec93f1de580467b1
                      • Instruction Fuzzy Hash: 88212A749002A8CFCB60DF28D949B9EB7B1EB48319F1048E5A919A7395DBB08E85DF50
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 9eca6ab276b91af56af7b9205741f604947a63ad05965a66fd417fad3556d6b1
                      • Instruction ID: c0c465f9c2ebb38250a5c8b2e3f7745778ec374992d9621593d34cdc3c51cc15
                      • Opcode Fuzzy Hash: 9eca6ab276b91af56af7b9205741f604947a63ad05965a66fd417fad3556d6b1
                      • Instruction Fuzzy Hash: 892139B8E05218CFDB25EF24D954B99BBB2FB49304F0041E9D849A3348CA749E81CF60
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: e412e088db7f3c97b9046b61463198c7696893100625424cc9ce42c76ddfce14
                      • Instruction ID: d9ef5cb4e98c5a664ad3a595503267b85c96505e821556ccfdaef4ecb4683f5a
                      • Opcode Fuzzy Hash: e412e088db7f3c97b9046b61463198c7696893100625424cc9ce42c76ddfce14
                      • Instruction Fuzzy Hash: 9921B478A05258CFDB54EF64D984BADB7B2EB88304F1085A9880EA7754DB305E82CF60
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: ee11c7b0e0cd5073a0caae2a0a89c06e64608e6ba16b4fb344cbbb2e20a12187
                      • Instruction ID: 60ed49bef48d1b3757fca6332e0c1bf90c80e787f02158bd07d8520fa05523fb
                      • Opcode Fuzzy Hash: ee11c7b0e0cd5073a0caae2a0a89c06e64608e6ba16b4fb344cbbb2e20a12187
                      • Instruction Fuzzy Hash: 30110774A05218CFEB21DF28D944BA9BBB1FB45308F1080E9D80DA3384D7359E82DF10
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: <
                      • API String ID: 0-4251816714
                      • Opcode ID: 57ce50022570bf7150030cb8af51ba54675be71d70bff64339c5a21598299122
                      • Instruction ID: 6172a1f1c29886dffa3a865300b99bab8220df3191a6c482f204cb334d8cfd64
                      • Opcode Fuzzy Hash: 57ce50022570bf7150030cb8af51ba54675be71d70bff64339c5a21598299122
                      • Instruction Fuzzy Hash: 3611EE78902268CFEB60DF58C949B9DBBF1BB09305F0089D9E90EA7250C7745E80CF04
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: )
                      • API String ID: 0-2427484129
                      • Opcode ID: d0c78a53b9a317e46cc18b4ea2efe0ee72d6417bae36df5cb51bf4e3ffebad9c
                      • Instruction ID: 4e5254670a6fe0d7ef5494f5c9423b6a99f26709e0c8d204cb9f8ec551baf790
                      • Opcode Fuzzy Hash: d0c78a53b9a317e46cc18b4ea2efe0ee72d6417bae36df5cb51bf4e3ffebad9c
                      • Instruction Fuzzy Hash: C111A278D05228DFEB61DF64C994BEDBBB2BB49304F5486D9D809A7250DB329E81CF10
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627763060.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_5ef0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 3b16b99df65785ba056dd3b753b0c44370b54382bbf0ffb3bbaf892abe8cae68
                      • Instruction ID: 5fe1c38c76b682ff086684b80046b19c616aa576ac648a964c6c0ea539cf2ac1
                      • Opcode Fuzzy Hash: 3b16b99df65785ba056dd3b753b0c44370b54382bbf0ffb3bbaf892abe8cae68
                      • Instruction Fuzzy Hash: 8A118B74900214CFCB55EF28C889A9AB7FAFB49304F1440E9E4199778ADB309E84CF60
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 1fe15bed32ae860ac90fc195985f3fa330ee3645b91b8e73dfe0aeb05d8a16d5
                      • Instruction ID: 884b1f31a3d3a216984b16d762b90151db149a7f1491be31a47fb815b3160f78
                      • Opcode Fuzzy Hash: 1fe15bed32ae860ac90fc195985f3fa330ee3645b91b8e73dfe0aeb05d8a16d5
                      • Instruction Fuzzy Hash: 54011078D00218CFEBA8CF29C884B99BBF1BB4A304F1480A5D44CAB299D7B09995CF40
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627763060.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_5ef0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 8aefa0426ea03df2bab8a49bd470fe422f984b8cc37a7bdbad442c1726ead06a
                      • Instruction ID: d2a5c65439ff7b986ba6717980fcb9706debc064286f6cf7d610b4a8ad7a28af
                      • Opcode Fuzzy Hash: 8aefa0426ea03df2bab8a49bd470fe422f984b8cc37a7bdbad442c1726ead06a
                      • Instruction Fuzzy Hash: 4611FA78E002188FCB54EF24D8895D9B7B5FB49344F5441D5E80D97345CB719E81CF50
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 0274f35dc81e3776311959b3ca673659e76fc275064899ac76deb85ce4463d75
                      • Instruction ID: 12c9b74385c268ed9983bd7987c3b3132a0494ffd3dfb88841ff8c287d7a9c70
                      • Opcode Fuzzy Hash: 0274f35dc81e3776311959b3ca673659e76fc275064899ac76deb85ce4463d75
                      • Instruction Fuzzy Hash: B101B2B4901218CFEBA4DF58DD54F9AB7F9BB09304F0041E5E50DA7280C6749A95CF60
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627763060.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_5ef0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 5a42f71f1d9caf5296473fa350e93d3f58a71a6b7300b1abe6e3c389657647a9
                      • Instruction ID: 2284f304262f285acb6cc5593e69a66a4b269a69cf0013183ca68b692d11402b
                      • Opcode Fuzzy Hash: 5a42f71f1d9caf5296473fa350e93d3f58a71a6b7300b1abe6e3c389657647a9
                      • Instruction Fuzzy Hash: E1F03A74A00219CFDB68EF24C989E9AB7B5FB48305F1040E4E51D97788CB349E81DF60
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627763060.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_5ef0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: a1dcf06f748054c0b33d8fb38471d47e4782be27cbe6dba8c20e731698687051
                      • Instruction ID: 0d197208eca52fc8c1d5be82ffa8dc5d5c6e8b3a1db3ece597a0e3d9f5c8f4ae
                      • Opcode Fuzzy Hash: a1dcf06f748054c0b33d8fb38471d47e4782be27cbe6dba8c20e731698687051
                      • Instruction Fuzzy Hash: 49F03A74A04218DFCB18EF24E888ADAB7B5EB49308F1151D5E54D97388CA74AEC4CF60
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 624aecde04113861392fce4f372e304c44a323e6b40781306109320576858f08
                      • Instruction ID: 423989929bcc20bc571efed4f23f2b68c7aece3375ec2700610cb187721d6b13
                      • Opcode Fuzzy Hash: 624aecde04113861392fce4f372e304c44a323e6b40781306109320576858f08
                      • Instruction Fuzzy Hash: FDF0F874905218CFEB60DF28D988BA97BF1FB05304F1440E9D559E3286C7389E85DF10
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: d62c82e2a03a054343fc664b3ac7abc460f565e5ec541d306f5a628157961f9b
                      • Instruction ID: 5c667d26960220a3cb1b7370a124764a6a7d9765b632838547618528b797735a
                      • Opcode Fuzzy Hash: d62c82e2a03a054343fc664b3ac7abc460f565e5ec541d306f5a628157961f9b
                      • Instruction Fuzzy Hash: 90E046349092188BEF209F24E854BA97BB2FB09304F0000D5D849A3284C7388E86DE20
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: de9ba42ef9efa0cf909b79a6a6b0630c90165eb01011f3add68620198cae19f7
                      • Instruction ID: 0f7a5c54b058cb2f4a171f15a10342dac356c8bc1048c2a6d29771b09f52bd44
                      • Opcode Fuzzy Hash: de9ba42ef9efa0cf909b79a6a6b0630c90165eb01011f3add68620198cae19f7
                      • Instruction Fuzzy Hash: D8311B75B003198FEB08DB79C8906AEBBF2BF88314F114469D51ADB365EB35D941CB90
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 57e3ccd5803ea82456dbe07db86d8b97b3dbdba9c98d37069e4a34da9e2c645e
                      • Instruction ID: c3ec225218c2a63d79448315746470fd455c5765d20cae344fca4b9c9fb78520
                      • Opcode Fuzzy Hash: 57e3ccd5803ea82456dbe07db86d8b97b3dbdba9c98d37069e4a34da9e2c645e
                      • Instruction Fuzzy Hash: AB413A75D00209DFDB08DFA8D9486ADBBF2EB49304F1584A9D419E73A0DB749940CF61
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 608a453b05711fd756dd160d385a1f7d5ed26bd7ec756590527bb55805daa9ac
                      • Instruction ID: 0eaa764d8040c14fcd710ec5d9673025ab9a86f9c4db974de5ab9fbc13739cdb
                      • Opcode Fuzzy Hash: 608a453b05711fd756dd160d385a1f7d5ed26bd7ec756590527bb55805daa9ac
                      • Instruction Fuzzy Hash: 083125B5D0020ADFEB08DFA9D9486ADBBF6FF88300F1580A5D505A33A0DB749A84CF51
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5c5d52d88d4983357784b3110ab36db265d86245e786d515427fe8f2351265ff
                      • Instruction ID: a8b0825270061d69fc56862b664b18c53fc447d139768117d3f06cf4643fd635
                      • Opcode Fuzzy Hash: 5c5d52d88d4983357784b3110ab36db265d86245e786d515427fe8f2351265ff
                      • Instruction Fuzzy Hash: BE312675D0020ADFDB08DFA9D4486ADBBF6FF89300F1580A5D509A73A0DB749A84CF51
                      Memory Dump Source
                      • Source File: 00000001.00000002.1607853912.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_dad000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 03ba9dc1a582c5de3e21ab6f9792dbda4c13850cfcd2c147ef83db1389b4f962
                      • Instruction ID: 3c149fd5a16d54c8b801924397c9b807d5bf03e5cb9b804b16707847914a171f
                      • Opcode Fuzzy Hash: 03ba9dc1a582c5de3e21ab6f9792dbda4c13850cfcd2c147ef83db1389b4f962
                      • Instruction Fuzzy Hash: 16217672104244DFDB10DF10D9C4B26BB66FB89310F24C569E84A0BA42C336D80BCBB6
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 80b1431734003a2008e52da3235114a845351e012c403d2b8fdbbbbd4019bda0
                      • Instruction ID: 3dbe23d4ef60cf75878bc8017becb84a003f19a92509d8e4a5936accb5b32f7c
                      • Opcode Fuzzy Hash: 80b1431734003a2008e52da3235114a845351e012c403d2b8fdbbbbd4019bda0
                      • Instruction Fuzzy Hash: 3C213A74B013098FEB48DB79C88466E7BF2BF89310B0184B9E55ADB365EB34D841CB90
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f756560d03a5a56ff15022a6727203bf90fe104fce4213d8fceeb9dc29581b15
                      • Instruction ID: 5ac48b0572e00d68b2d087892aab58bf5c7b2cbf6d26f27ba58378c7ca547acc
                      • Opcode Fuzzy Hash: f756560d03a5a56ff15022a6727203bf90fe104fce4213d8fceeb9dc29581b15
                      • Instruction Fuzzy Hash: 13216B30A102049FCB44EFA9D858B9DBBF2AF89710F244569E405EB3A1CB719D01CB90
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2b7e025893949212628c53b1cc2430c00777af2b6d6e359a1a1625743add8fa4
                      • Instruction ID: d0127061437f8984ca5d9eeeed623370050480c816e09f7c6b19a1b657343a3e
                      • Opcode Fuzzy Hash: 2b7e025893949212628c53b1cc2430c00777af2b6d6e359a1a1625743add8fa4
                      • Instruction Fuzzy Hash: 57213830A102049FCB08EF69D858B9DBBF6AF89700F254469F406EB3A1CFB19C40CB90
                      Memory Dump Source
                      • Source File: 00000001.00000002.1607853912.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_dad000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5d041f2b12ee62411757e08d8fd42c2b3badd77be358c0b9a3618b8d13d4bf1e
                      • Instruction ID: d45d23e740ad539bb4cdba9c43833082aaf1e8358a52c76b1f48a6d6371ccd99
                      • Opcode Fuzzy Hash: 5d041f2b12ee62411757e08d8fd42c2b3badd77be358c0b9a3618b8d13d4bf1e
                      • Instruction Fuzzy Hash: F82195755093C08FCB16CF24D994715BF72EB86314F2981DAD8458B657C33AD81ACB72
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c90ce12f4636803fdc7aef441abbb9d8b0bcb5f341616d8aedddc97c39a85ff4
                      • Instruction ID: 0cb9f9e6146ab326bccb783091ceb516182c72f3e2fce74f06a35ccaab86d1ed
                      • Opcode Fuzzy Hash: c90ce12f4636803fdc7aef441abbb9d8b0bcb5f341616d8aedddc97c39a85ff4
                      • Instruction Fuzzy Hash: 4511E23680420AEBEF04EFA4CC007EDB775FF49314F148519DA05B3251E735A956DBA1
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8aa57d2018ec7509aeb31f7f4afc0282a94816a287fdc35b5dbc8cc216b5b7ee
                      • Instruction ID: 435b37a774215b7b18f9a289db475d484e828c16fe26cd4d2ac9f88e75a83340
                      • Opcode Fuzzy Hash: 8aa57d2018ec7509aeb31f7f4afc0282a94816a287fdc35b5dbc8cc216b5b7ee
                      • Instruction Fuzzy Hash: 69113471E0420ACBDB08DFA9D4446EEFBF6FB89310F10802AD515B3350D7341A85CBA2
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c609cbfaf5bde2f3357ccb39c66050f58553dc321474c4a77af598fff89b9798
                      • Instruction ID: 500c6f903c82d5c04e327c9ab2f39e61ffc2970d2f280221b68e054df2c33f45
                      • Opcode Fuzzy Hash: c609cbfaf5bde2f3357ccb39c66050f58553dc321474c4a77af598fff89b9798
                      • Instruction Fuzzy Hash: 9E014B74E40208AFC748EFB8D94A66DBBB4FF49200F2080A8D804E7351DA349A01CF51
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d4ebcf5f54613c7c622c73ca04705281ef4e296cbc1f3b291ea54350e975130e
                      • Instruction ID: 5e7942fd42b891bbfddb9ce267f4820d9beb71eae2285823ccece3ae6a9d1b6a
                      • Opcode Fuzzy Hash: d4ebcf5f54613c7c622c73ca04705281ef4e296cbc1f3b291ea54350e975130e
                      • Instruction Fuzzy Hash: 6601AD32C0424AABCF01DF94D8019EDBB70FF89310F14C50AEA9877251E7359666DB90
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: eb1f25e4a555e9d15f146d0bc7c3934919c8bda0af31ecfc5903cd2606e6ffe7
                      • Instruction ID: 0ad0c9d771dfaf8daf0c8e5aea372613ad2ca1c914ffa9b51ed95676ea0a63d4
                      • Opcode Fuzzy Hash: eb1f25e4a555e9d15f146d0bc7c3934919c8bda0af31ecfc5903cd2606e6ffe7
                      • Instruction Fuzzy Hash: 4FF03676E09109DBEB04CF65D441768B7B5F785308F34D1999C0997358E6316E028A50
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8988cc6ccb7f62e30a9b1bf082fda8418c728e014ba89f161f2cdcc2829fb628
                      • Instruction ID: 954fa9563db5477c0702e7666d15b18cf70d12fa006568e79e1b944067017719
                      • Opcode Fuzzy Hash: 8988cc6ccb7f62e30a9b1bf082fda8418c728e014ba89f161f2cdcc2829fb628
                      • Instruction Fuzzy Hash: 0911AE74E012689FEB68DF58C991BDDBBB1BF4A304F1044D9990AA7380CBB16E81CF45
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 98c41e4761c44c95131824413b01b2d72e460fc964e9690b59e7ca6de7d6896c
                      • Instruction ID: e3e6bbadd01c44a8b376b477b8fa444172faa83a94326e97117e1c80775ef563
                      • Opcode Fuzzy Hash: 98c41e4761c44c95131824413b01b2d72e460fc964e9690b59e7ca6de7d6896c
                      • Instruction Fuzzy Hash: 5901D679900118CFDB20DF18D984B99B7F5BB19315F188AE6D81EE7240D7B09E82CF11
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e36ca24dd67453d2a55b0a40d557014da296a50910e3da55b0ba350443b259e9
                      • Instruction ID: 149c90f5702d84aae0589aa6d418ba2ed8bc240a96313a20b685e0fbc67c0f4c
                      • Opcode Fuzzy Hash: e36ca24dd67453d2a55b0a40d557014da296a50910e3da55b0ba350443b259e9
                      • Instruction Fuzzy Hash: 2FF03C3680020AEBCF00DF98D8009EDBB75FF89314F14C519EA5873211D731A5A1DB90
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4241e0eb2e624c70eb8c8711396cc376633a7d8d0177082c1ec1af6149af3bb8
                      • Instruction ID: 6dabe8d7fbc09b1552172dfbc09b958815d6e1df8453c15937a70276e1d85224
                      • Opcode Fuzzy Hash: 4241e0eb2e624c70eb8c8711396cc376633a7d8d0177082c1ec1af6149af3bb8
                      • Instruction Fuzzy Hash: 62010475901258DFDB60DF58C949BDCB7B1BB05301F1485D9E90AAB250DB759E80CF04
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b4555b20fa00e73747d8e233faa262495e67a97706251b074b9170bcaa41ac0c
                      • Instruction ID: c01429917f58689f860ec2c5494408563ab4398048461929960c64420dc20f8d
                      • Opcode Fuzzy Hash: b4555b20fa00e73747d8e233faa262495e67a97706251b074b9170bcaa41ac0c
                      • Instruction Fuzzy Hash: 85F0E2382043408FD306EB79E520A5437F5AF8E60870140A5E148DB3ABCB219D49CFA6
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6ffb3d8a97842c7e63bb2342a46d64dd4c10d8c333b69c3e38c229c29c37d61e
                      • Instruction ID: ad8caa24289d18fe770c7f5dc9b7b0c15cd95c5cc71b8cdeba2f418dadb6f73d
                      • Opcode Fuzzy Hash: 6ffb3d8a97842c7e63bb2342a46d64dd4c10d8c333b69c3e38c229c29c37d61e
                      • Instruction Fuzzy Hash: 00F0A036408109FBDB04DF90D840BADBB76FB4A300F248458FC4857361C2328A22EB40
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 071cfdf8a8abf640cf62ba141dd59d5b9e1e2dbee87da222747f16f865447a32
                      • Instruction ID: 888d102094892194945a6c462b78398b9d06b430f1be9c50f253f3fc4af81a57
                      • Opcode Fuzzy Hash: 071cfdf8a8abf640cf62ba141dd59d5b9e1e2dbee87da222747f16f865447a32
                      • Instruction Fuzzy Hash: B5F0E279C04288FFDB44DF80D8007ECFBB5EB59300F148499E81493391C2368A22DB80
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0a1ba2de600401dc59321cc3263d91be3fdbd0170c1ba1885229ba6e16c73c1c
                      • Instruction ID: e88a31ec4bdab8bca7dc20fa99b3f6e10518ef3663b92753b0b1a31facddad6b
                      • Opcode Fuzzy Hash: 0a1ba2de600401dc59321cc3263d91be3fdbd0170c1ba1885229ba6e16c73c1c
                      • Instruction Fuzzy Hash: CEF05E75804248FFCF04CF94D841BACBBB5FB49350F1485AAED0596351D7369A25EB80
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5aecb77be4ac532194d2185db04396fd05556c4b8f6d7355cf9358f463e3c973
                      • Instruction ID: 479841025e5c6236b1ebf50affca089976c7455f940cbc38d37acc3e8ea01120
                      • Opcode Fuzzy Hash: 5aecb77be4ac532194d2185db04396fd05556c4b8f6d7355cf9358f463e3c973
                      • Instruction Fuzzy Hash: 96F0E574C08248BFCB44DF94D8417ECFBB9EB89300F14C1A9E80493341D63A9A42DB54
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 18a3b474760fe82e7de0c5f4cc00935698ccc852bac3953213ba7d677c248c03
                      • Instruction ID: 0481b3aaf2cf95b8043f185b58c3bdae160e7079d15653edd69c39b1d2acb43f
                      • Opcode Fuzzy Hash: 18a3b474760fe82e7de0c5f4cc00935698ccc852bac3953213ba7d677c248c03
                      • Instruction Fuzzy Hash: 01F0E5B4C08208BFDB44DFD5DC00BACBBB9EB45300F1481AA980493341C2359A01DB54
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0b928db72a3e9449f8fed315c47398f2f38e8ef7de690687be3f4735e10d93f4
                      • Instruction ID: edb8658d8d94f82ef366309f879964b6822d34bff173c2cd053fd2fd87cfd1fe
                      • Opcode Fuzzy Hash: 0b928db72a3e9449f8fed315c47398f2f38e8ef7de690687be3f4735e10d93f4
                      • Instruction Fuzzy Hash: 46F030B5D04208AFD784DF98D9467ACB7F5EB48304F1484AD8C09E3341E63A9E41CF80
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 99cc35a72909b8a0e7588cde55717c73b6797ce21e8407c5bb3d9ab39e4d296f
                      • Instruction ID: 0bc1ca2596e70ec0cb53950ad8e19bd07c48c43f7382618e6877b2d16d500868
                      • Opcode Fuzzy Hash: 99cc35a72909b8a0e7588cde55717c73b6797ce21e8407c5bb3d9ab39e4d296f
                      • Instruction Fuzzy Hash: 11F01C36905108ABDB00DF90EC41BADBB75EB49300F148559ED0597351C6329E62EB80
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 57ace05859e53a1b2abd45543373a184b2826a3f47be02ea132be231bbf8b27c
                      • Instruction ID: 3110d01755ed06113fa25f3064a1b9a944797aea1a2aae16ebc03400788287f3
                      • Opcode Fuzzy Hash: 57ace05859e53a1b2abd45543373a184b2826a3f47be02ea132be231bbf8b27c
                      • Instruction Fuzzy Hash: 0CF0E579C08248ABDB04DF94D4417ECBBB5EB59340F18C0A9DC04A3391C6399E42DB40
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 54a2e9ed0335035cc10b7ba084cde5d8e7645771619adf1ba2b7e5e21a841e3f
                      • Instruction ID: 8880abb6ed247644a8dcd2e883afbb44392204a25bc8677030a9870d613c268f
                      • Opcode Fuzzy Hash: 54a2e9ed0335035cc10b7ba084cde5d8e7645771619adf1ba2b7e5e21a841e3f
                      • Instruction Fuzzy Hash: A3F02B70C08288AFD704CFA4C8412ACBBB4EB85308F1481EEDC05E3341C6399E41CB41
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 80cfe430b5e8366159770163f3fd0ad8b606753ad9aee83e3f127f0cf8b11a75
                      • Instruction ID: 62e81d1017ea7da69f589fd87596912578487e14f8f9d5fc13f0c2fa26c15c84
                      • Opcode Fuzzy Hash: 80cfe430b5e8366159770163f3fd0ad8b606753ad9aee83e3f127f0cf8b11a75
                      • Instruction Fuzzy Hash: F9E09275D14248EFE744DFB8C9457ACBBF8EB45208F2441AD9C08D3354D632AE45D740
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 797d504523bd0e579c7e5609f356178d8b8d5da679b1d7aa824cbc447d538d55
                      • Instruction ID: fe443f7626beab575a02d6bd60e4a4d260399938af264ed31e44a230aeddcb04
                      • Opcode Fuzzy Hash: 797d504523bd0e579c7e5609f356178d8b8d5da679b1d7aa824cbc447d538d55
                      • Instruction Fuzzy Hash: B2F0B7B5901219EFEF20CF50CD41FD9B7B9BB08304F108096A649A7280D671AA85CF60
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 935d5c607d50d772e2d3452057c89f08f6abfcb8dfd77bf6df501e8ce9735b4d
                      • Instruction ID: 94fc99390d5ed1513c7b61be1c9ad1d2a3831346dee11e7d3be9284114493312
                      • Opcode Fuzzy Hash: 935d5c607d50d772e2d3452057c89f08f6abfcb8dfd77bf6df501e8ce9735b4d
                      • Instruction Fuzzy Hash: DFE02034808104EBDB08DF90D8417ACB77DE786304F64819DC804E3345C635BE41CF94
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a52eaa0f6e0eaf27f65e24b3078c4d06da8865d4980028f506bdf408e8843bca
                      • Instruction ID: 971092a4cee9db233b0a79755748f6d82aa7b5adb5d276bf3e6f53a0f6944d69
                      • Opcode Fuzzy Hash: a52eaa0f6e0eaf27f65e24b3078c4d06da8865d4980028f506bdf408e8843bca
                      • Instruction Fuzzy Hash: 37E020BC808108FBEB48DB50DD417EDB779E742349F5481988804A3341C735BD41C791
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4cca9ef0676870a077aacd63cbe4955fd4a05f8bf7cfb72290f1d89dd183ce6b
                      • Instruction ID: 0e5cbdc3b05d48808596e0d3a928af1069a7dafeda024aca2bc5f064a4cbc9d8
                      • Opcode Fuzzy Hash: 4cca9ef0676870a077aacd63cbe4955fd4a05f8bf7cfb72290f1d89dd183ce6b
                      • Instruction Fuzzy Hash: C0E02239808208ABD704DF94E8407ACBB34EB81324F108268CC14533D1D6318E46DB85
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5e75e47c64402c1f9102ae38f9046b11802ffe5b4dd16610630d78cf69d3a3bd
                      • Instruction ID: dd29c9f4c1cbcc3893f96ce5f77df524185251708677d2f1fbd4ae1edabed5d4
                      • Opcode Fuzzy Hash: 5e75e47c64402c1f9102ae38f9046b11802ffe5b4dd16610630d78cf69d3a3bd
                      • Instruction Fuzzy Hash: 08E0D83584934CAFDB04EFBCC8413DC7BB4AB01204F1001748848D3382E7349D448794
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b6d28705b419f907326461089089934d08f477c53a4ebb04f9ae8b5cee0de61e
                      • Instruction ID: 86fa68786c95531d583b6ab90eaf9db32a5690ea1dab3ef27e9e5030608b922f
                      • Opcode Fuzzy Hash: b6d28705b419f907326461089089934d08f477c53a4ebb04f9ae8b5cee0de61e
                      • Instruction Fuzzy Hash: F0E0DF35808348EBE708EF91D8817A8B779EB46348F648098DC09A7351C6379E47CB90
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f91b6f3f2cd689aa294402c7e51b78335312a797003d1dc3b0f8f514caccb762
                      • Instruction ID: 431b7eb096f58bedb8bed7805b43fd79d67f0b23f355f12f1e26bd7e00e328ee
                      • Opcode Fuzzy Hash: f91b6f3f2cd689aa294402c7e51b78335312a797003d1dc3b0f8f514caccb762
                      • Instruction Fuzzy Hash: 82E0D835908249B7E704DBA4EC427ACBFB5EB42355F24429CCC4697391D7329E42C784
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f726f893cb4253bec78863178fd4848d59fa96c74700b505e22cf4b10e1d1416
                      • Instruction ID: ab51707d84f5594937158fd5084664d885b14dcdf316f1d481fb3bb2be5b2f6e
                      • Opcode Fuzzy Hash: f726f893cb4253bec78863178fd4848d59fa96c74700b505e22cf4b10e1d1416
                      • Instruction Fuzzy Hash: 17E02031808288EBE704EF95C8413ACBBB4EB46304F64409DDC48D3341E73A9E15CB91
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d434f48b49eb476dd74d167ba8f6b15b67049d4574adbb73634bcdb5a4cd8e98
                      • Instruction ID: bceeaea7e431cc0cd347c5def5eb370ba07effaf171db60f567001f7b137c68d
                      • Opcode Fuzzy Hash: d434f48b49eb476dd74d167ba8f6b15b67049d4574adbb73634bcdb5a4cd8e98
                      • Instruction Fuzzy Hash: B5E0DF7AC0824CAFC740EFF8C8053AD7FB4EB05200F2001B88C09E3340E6318E408780
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f4f355e8b9d7e5907251e8cf2bcc376cae721ff85b2173606fa2ee6ded9fe0dc
                      • Instruction ID: 2f717dd026403191b33bb19c52fe44d1e1113479b1f59efb3b71ef84c5a6301b
                      • Opcode Fuzzy Hash: f4f355e8b9d7e5907251e8cf2bcc376cae721ff85b2173606fa2ee6ded9fe0dc
                      • Instruction Fuzzy Hash: 55E0D83580C148EBE704DB95D8413BCBBB5EB46205F644099CC05D23D1D6359D02C780
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 496482e4f8e3092494e4293cf76b2531d2abcb74e8f98e1f93e8dfba057243dd
                      • Instruction ID: 01321b2fe4f6b23236b3a95e08d3a51cc26dd17da34b22953a6f58169a4f84de
                      • Opcode Fuzzy Hash: 496482e4f8e3092494e4293cf76b2531d2abcb74e8f98e1f93e8dfba057243dd
                      • Instruction Fuzzy Hash: 50E0D835808188EBE308DB54C4413B8BBB5EB46205F6481D8C885E7352C63B9D0AD750
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: da13a044201284986a1fc0b171b211893b28d028737f23056d8c2fb60cc21e97
                      • Instruction ID: 3bd620727b9e3969e601a2110c4715deac3e2a8d92e29c53ca3e35fc06d23074
                      • Opcode Fuzzy Hash: da13a044201284986a1fc0b171b211893b28d028737f23056d8c2fb60cc21e97
                      • Instruction Fuzzy Hash: D0F09278B022189FEB60DF58DA91BDDBBB1BF4A304F1084D9A949AB344C7716E81CF41
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0e522294d79c6d3978ae1862e798799de30900f891908a8f58ad633d7ef70b2d
                      • Instruction ID: f6c63d3d056190555c0460b831ffd347646fd628f86709a5f762317a31b8bbd8
                      • Opcode Fuzzy Hash: 0e522294d79c6d3978ae1862e798799de30900f891908a8f58ad633d7ef70b2d
                      • Instruction Fuzzy Hash: 52E0923424C3808FC3469B68D8649103FB0BF8A22431641EAD889CF777DA248C45CB62
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 892f8aa6d0840865709d809e062cf627cc4eb46d1943aeb62a7432338125a92e
                      • Instruction ID: b19fd3819f815f5e273b74a8e283a2054f13897ccc6803bd663f52212e3b4c53
                      • Opcode Fuzzy Hash: 892f8aa6d0840865709d809e062cf627cc4eb46d1943aeb62a7432338125a92e
                      • Instruction Fuzzy Hash: 31E09238200304CFD705FB6DE520B5973E5EB8D654B404064E11D9B765DB61DD41CFD1
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 85c6dcd0673f7789d76f75b4958c8e8e988cc0cf144e85e00682e911ce51d4bd
                      • Instruction ID: 1aec5a3e7b9dad7061eefa7772931a6b16cf19198cbf2b4b8832d95b4e50b3dc
                      • Opcode Fuzzy Hash: 85c6dcd0673f7789d76f75b4958c8e8e988cc0cf144e85e00682e911ce51d4bd
                      • Instruction Fuzzy Hash: E9F0A574D04248EFCB84DFA8D840AADBBF5EB49300F10C1AA981893350D7359A51DF81
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8df7fe3bd779893ac42e6bff61d4df62a0ed3a3bf56fb6852216dd988b350b53
                      • Instruction ID: ab419fbcb4991ce17229def789987aeb2f2b99a0dbb1f65c623b1c5c1f1c08cd
                      • Opcode Fuzzy Hash: 8df7fe3bd779893ac42e6bff61d4df62a0ed3a3bf56fb6852216dd988b350b53
                      • Instruction Fuzzy Hash: D5F01575904208FFCF44CF94D840AACBBB5FB49310F10849AED09A3360C7329A61EF80
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: adbae99b33ce8147475d67eb565700b73c08f5c9f3a6a4f28f6209a3fb25e6b2
                      • Instruction ID: 688f9121cf143e92366b50b7ee257bf51b6b82658b9b80242b6fdaf1597ef6d4
                      • Opcode Fuzzy Hash: adbae99b33ce8147475d67eb565700b73c08f5c9f3a6a4f28f6209a3fb25e6b2
                      • Instruction Fuzzy Hash: 47E0DF75808208EBCB04CFD0E5817ACFBB4EB86308F208198C80957350D7314E07CB80
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7637a3ec3f2e0af5eb0c65831938aec015eb5f41583edb94b105a2ae376e85ae
                      • Instruction ID: 07e0327bc9da15f2a57e70cd4ec4b95f4bdb0f87aa847b621672128b83337bd6
                      • Opcode Fuzzy Hash: 7637a3ec3f2e0af5eb0c65831938aec015eb5f41583edb94b105a2ae376e85ae
                      • Instruction Fuzzy Hash: CDE08C72508248ABE704DB64D985765B779EB42208F28519CAD09A7361CA37AD02C785
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: afe574be3a4269b38bba78009569c66b63805a3e641de03ef814f674da33f84f
                      • Instruction ID: d073693e7e03b60efab39069260be697586e8a476867a0c2e0da98db35bb5afd
                      • Opcode Fuzzy Hash: afe574be3a4269b38bba78009569c66b63805a3e641de03ef814f674da33f84f
                      • Instruction Fuzzy Hash: 96E09220909248EFE704EB78E9087687BB9C743305F140498C019D33A1C7719D408326
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0ec8d53e666ed2eb036ee46abc183a0cb72cb54fdbf77226779159c4bfc22901
                      • Instruction ID: 2e242a9e58ef3e20f688f0958520d478cdcaabd127e459aea935bddfb6aad67d
                      • Opcode Fuzzy Hash: 0ec8d53e666ed2eb036ee46abc183a0cb72cb54fdbf77226779159c4bfc22901
                      • Instruction Fuzzy Hash: 0BF01534904248FFCB44CF94D840AACFBB5EB49200F108499A81853391D6729A61EB90
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a4dfb9c7821c5193d1a3ac2805e8ae8a47148cc336e7cc708a8f880dadf004e9
                      • Instruction ID: 56db1248753f94cdaea295c8fff805603f870d6b350d6debea701273592bd298
                      • Opcode Fuzzy Hash: a4dfb9c7821c5193d1a3ac2805e8ae8a47148cc336e7cc708a8f880dadf004e9
                      • Instruction Fuzzy Hash: 03E0D83490D384AFCB04DFA0D8429BDBB78EB86304F2445DDC889673A5C6716F06CB91
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627763060.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_5ef0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 220b23741180257575c399bac867b3068b8b59177867a1c4ff80467631ed9fbd
                      • Instruction ID: 54ec58db2bc01d9b978c63adf93778fa19c766278478e96cb0f912adb2cd611a
                      • Opcode Fuzzy Hash: 220b23741180257575c399bac867b3068b8b59177867a1c4ff80467631ed9fbd
                      • Instruction Fuzzy Hash: 8AE0C975D05208EFCB44DFA8D8406ACFBF5EB89304F14C1A99C09D3354D6369A52DF44
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627763060.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_5ef0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 220b23741180257575c399bac867b3068b8b59177867a1c4ff80467631ed9fbd
                      • Instruction ID: a52500e86e6525a311f759b3b3814095feff982dff654b6ee1106a36409b4bd4
                      • Opcode Fuzzy Hash: 220b23741180257575c399bac867b3068b8b59177867a1c4ff80467631ed9fbd
                      • Instruction Fuzzy Hash: B0E0ED74D05208EFCB44DFA8D4406ACFBF5EB49300F14C5A99C1993355D6399A52EF44
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627763060.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_5ef0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 220b23741180257575c399bac867b3068b8b59177867a1c4ff80467631ed9fbd
                      • Instruction ID: 58569b3e2c4e6fd7200deb074121b24503c13dd3e21dc8654f4db0d8d05ee317
                      • Opcode Fuzzy Hash: 220b23741180257575c399bac867b3068b8b59177867a1c4ff80467631ed9fbd
                      • Instruction Fuzzy Hash: 56E0ED74E44208EFCB54DFA8D4406ADFBF5FB49304F14C1A99809D3350D6359A51DF44
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627763060.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_5ef0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 220b23741180257575c399bac867b3068b8b59177867a1c4ff80467631ed9fbd
                      • Instruction ID: 9b99c7cee747a999f035a518264429a41292179004fb8e162abf7f49a146a2d4
                      • Opcode Fuzzy Hash: 220b23741180257575c399bac867b3068b8b59177867a1c4ff80467631ed9fbd
                      • Instruction Fuzzy Hash: 19E0ED74D04308EFCB44DFA8D9406ACFBF5FB49310F14C5A99859A3390D6359A51EF44
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1a818ad680b36de4a73f58dd5bfc810e8d6cd55ec46c5e678a41f20f75ec04ac
                      • Instruction ID: 83c7bfb44e88d895fe50ac34bde00c36ba41a08fa4b00c572211c28dd38c6120
                      • Opcode Fuzzy Hash: 1a818ad680b36de4a73f58dd5bfc810e8d6cd55ec46c5e678a41f20f75ec04ac
                      • Instruction Fuzzy Hash: 34E0E574E04208EFCB44EFA8D9456ACBBF4EB89304F20C5AA8819D3350D6369E42DF40
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1a818ad680b36de4a73f58dd5bfc810e8d6cd55ec46c5e678a41f20f75ec04ac
                      • Instruction ID: 766130a9b43abb8a3e65e483b32d78957c9a22cde6a40613e3bc2bf6daeda8e8
                      • Opcode Fuzzy Hash: 1a818ad680b36de4a73f58dd5bfc810e8d6cd55ec46c5e678a41f20f75ec04ac
                      • Instruction Fuzzy Hash: 20E0E574E08208EFDB44DFA8D4406ACBBF8EB89204F20C5A9C819D3350E6359E42CF40
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c1e743c9a97e39cbba3dd50e8f34a112550348d97a187857a5312732bd0dd552
                      • Instruction ID: b4e601b9442c141512b3cd4cec5bbe883eb0dd99553e7e3348c14f4534a452ed
                      • Opcode Fuzzy Hash: c1e743c9a97e39cbba3dd50e8f34a112550348d97a187857a5312732bd0dd552
                      • Instruction Fuzzy Hash: 6CF07F789002588FCBA4DF54C990A9DBBB5BF48304F5485DA880EA7351DB71AF82CF15
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c20263fc26cfe724e88deb5599966a2b4b42310567578dad5bf3a558239597e0
                      • Instruction ID: e96b5db5b36dcec362ccff3a1c046bf3ed59117db3a9da4743a98421b1146f8d
                      • Opcode Fuzzy Hash: c20263fc26cfe724e88deb5599966a2b4b42310567578dad5bf3a558239597e0
                      • Instruction Fuzzy Hash: F8E01A74D04258EFCB54DF94D841AACFBB8FB89300F20C1AADC5453351D6359A51DF95
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c20263fc26cfe724e88deb5599966a2b4b42310567578dad5bf3a558239597e0
                      • Instruction ID: 5c0b5d92c49f8ad684d7952b3b82edc79c9725d3a3c3a32657438bbce9457ef8
                      • Opcode Fuzzy Hash: c20263fc26cfe724e88deb5599966a2b4b42310567578dad5bf3a558239597e0
                      • Instruction Fuzzy Hash: 9EE01A74D08248EFCB54DF94D850AACFBB4EB89300F20C1AADC4453351C6359A51EF98
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4750bfa612eb73ac5ff2640dec141a578eb3cdcd5f6be3a10eb9e3c4a2feb14a
                      • Instruction ID: 49112400c6e1adf2adad49e891b7c59e2cf2b8690bf37a9b381c3e3905914937
                      • Opcode Fuzzy Hash: 4750bfa612eb73ac5ff2640dec141a578eb3cdcd5f6be3a10eb9e3c4a2feb14a
                      • Instruction Fuzzy Hash: F1E08635908208EBCB04DF94E840A6CFB79EB85305F2081A9DC4553351C7315E51DB94
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627763060.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_5ef0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7a4e93759dbb959406e9167aa1242ae9fa8f27b8d995c0710a80b368ebd94c81
                      • Instruction ID: e779ec2f53c476d1cea4d2b57d1bde19551af01b35b38566308fbc03890c3c15
                      • Opcode Fuzzy Hash: 7a4e93759dbb959406e9167aa1242ae9fa8f27b8d995c0710a80b368ebd94c81
                      • Instruction Fuzzy Hash: 7CE04F34D0924CEFCB04DF94D5406ACFBB8EB89214F24C1E9C84953391C6355A42DB44
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ff1427c799ceab7d01e9d897d78a3077872e9f16ed04269d32af8c412918ad37
                      • Instruction ID: c1ea76a0f2decc3ba86ce347f71ba29236c7aeb87f418cb7d5a00091cae4011b
                      • Opcode Fuzzy Hash: ff1427c799ceab7d01e9d897d78a3077872e9f16ed04269d32af8c412918ad37
                      • Instruction Fuzzy Hash: 83E08C3484524CAFCB40DFB894443ACBBB8AB05201F2001B88809D3250E6304E808740
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cf87541709c61a45da6f880e09efdfd20c608f57ef9433e9f7556e21c5413279
                      • Instruction ID: c1d2148262a390140b81da9f69142d63c0aaa91fcbdfd076810cfdb4eee36316
                      • Opcode Fuzzy Hash: cf87541709c61a45da6f880e09efdfd20c608f57ef9433e9f7556e21c5413279
                      • Instruction Fuzzy Hash: 14E01275908208EBD704DF94E94166CBBB9EB86308F208199DC0967351C6729E52DB95
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cf87541709c61a45da6f880e09efdfd20c608f57ef9433e9f7556e21c5413279
                      • Instruction ID: 0144cfcea475b81172e6103588e2637f337b14bc32901688bf837fc1b8f55c3e
                      • Opcode Fuzzy Hash: cf87541709c61a45da6f880e09efdfd20c608f57ef9433e9f7556e21c5413279
                      • Instruction Fuzzy Hash: 4EE0C234D08208EBC704DF94E8406ACBBB8EB86308F248198CC0953354D6315E42CB84
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cf87541709c61a45da6f880e09efdfd20c608f57ef9433e9f7556e21c5413279
                      • Instruction ID: 48d4b9cfd59ecc43bc9ffbf305c6d47c470f074e6d514b8536c9c935c523e58a
                      • Opcode Fuzzy Hash: cf87541709c61a45da6f880e09efdfd20c608f57ef9433e9f7556e21c5413279
                      • Instruction Fuzzy Hash: 76E0C23490820CEBD704DFA8E84166CBBB9EB86305F208198CC0957350CB315E52CB84
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cf87541709c61a45da6f880e09efdfd20c608f57ef9433e9f7556e21c5413279
                      • Instruction ID: 8c4cf5b232125ef18d560d1cb9cc9000cfafb0fa54dbeb3888c310b78ce09b2a
                      • Opcode Fuzzy Hash: cf87541709c61a45da6f880e09efdfd20c608f57ef9433e9f7556e21c5413279
                      • Instruction Fuzzy Hash: 13E0C234E0820CFBDB04DF94E84066CBBB8FB86308F2481A8CC0953354D6316E42CB84
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3e117dd6a3b05ccd2e81837360b40cb518753bec6cd0ea85e8c7239f334ca835
                      • Instruction ID: c729b6b93ddbd54e2c67ba1c531a4136f976ad341cb74355653402963d744c8e
                      • Opcode Fuzzy Hash: 3e117dd6a3b05ccd2e81837360b40cb518753bec6cd0ea85e8c7239f334ca835
                      • Instruction Fuzzy Hash: 8EE0C2B180020CEFD700EFF4D408B5E7BF8EB46204F1005A5C509A3220EF714E14DB9A
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 980f04436bde2bf67f3e55cf0e5efa5b31b599a42cbb7c576c7a06507ccbabe9
                      • Instruction ID: af72a58f860388bc097150503cbbac070ab3ed53f2f013b31c1320db30b6884c
                      • Opcode Fuzzy Hash: 980f04436bde2bf67f3e55cf0e5efa5b31b599a42cbb7c576c7a06507ccbabe9
                      • Instruction Fuzzy Hash: 56E012B8908608EBCB58DF94E9416ACBBB8FB86304F208699C80967391C7715E52DB95
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 980f04436bde2bf67f3e55cf0e5efa5b31b599a42cbb7c576c7a06507ccbabe9
                      • Instruction ID: c67765497c76cd936409c7886278274dc4dff16c016642486458a490e558681e
                      • Opcode Fuzzy Hash: 980f04436bde2bf67f3e55cf0e5efa5b31b599a42cbb7c576c7a06507ccbabe9
                      • Instruction Fuzzy Hash: A6E01234908208EBCB48DF94E94166CBBBDFB8A304F20869DC80957355CA715E52DF95
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 980f04436bde2bf67f3e55cf0e5efa5b31b599a42cbb7c576c7a06507ccbabe9
                      • Instruction ID: 13cf349a84b2c95075e9e0b041eba08176439e9c8f48b142b5671b97eefdac9b
                      • Opcode Fuzzy Hash: 980f04436bde2bf67f3e55cf0e5efa5b31b599a42cbb7c576c7a06507ccbabe9
                      • Instruction Fuzzy Hash: 12E0C234908248EBCB08DFE4E84167CBBBCFB86304F2085ACC80823354CB315E42CB94
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627763060.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_5ef0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d03321f59492c48d1098af0712d23022f027735b2a557c1d4190060e99127dcd
                      • Instruction ID: 625bf895d0b594c62db7d3c1083648570413530b8ab848295260fe6bdc66d6c8
                      • Opcode Fuzzy Hash: d03321f59492c48d1098af0712d23022f027735b2a557c1d4190060e99127dcd
                      • Instruction Fuzzy Hash: 32E0C271800308EBC700EBF0D80475E73B89B45104F5004A98409A3260FA720A109BAA
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627763060.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_5ef0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f6ca7268ba2886ad9e32baa289dc153822b4fabafdb634215e3e51fb43cb8729
                      • Instruction ID: 1e2e76685e6fa7f307cb3ca9b52805f0960ff1f238a53db0d1a1ca4c1d4c1464
                      • Opcode Fuzzy Hash: f6ca7268ba2886ad9e32baa289dc153822b4fabafdb634215e3e51fb43cb8729
                      • Instruction Fuzzy Hash: D9E0C234E08218EBC704DF94E8416ACBBBCFB87304F2495ACC80913390CA315E42DB85
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bc0886b2bd3eacffdf38ab3ef853744545e6074d3888a5cf903f4d93378cc324
                      • Instruction ID: 647ed622eeecb45f39f3b00ef213e8887f50a9fee1f6c94d12fd4b4875453a61
                      • Opcode Fuzzy Hash: bc0886b2bd3eacffdf38ab3ef853744545e6074d3888a5cf903f4d93378cc324
                      • Instruction Fuzzy Hash: 40D0C93401978CAFD74617AA9C185243F78EE4B2A934904E2E8C5CB172CE649E4587A2
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 77f6688a49da3feb91192932b8b6d3ce462491712c3b4405f0e2465ece6bf4d8
                      • Instruction ID: 52114e276ce3655e8db3c2aac7bea1a512b9ed3250f7b35b1b8569b7ade1467d
                      • Opcode Fuzzy Hash: 77f6688a49da3feb91192932b8b6d3ce462491712c3b4405f0e2465ece6bf4d8
                      • Instruction Fuzzy Hash: 20D0A774508249EBC708CB98E940F79B7BCEB47204F20449C8D1953391CB729D52C795
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: efd2572b10e05a4e092758f1a6a071c9cb2625b38ecdde3a4cc2d13a45a7ee1a
                      • Instruction ID: 0291c820b5d7588c2c802c383f6cdd78eb173ebccb3627f2dace405589b4d79c
                      • Opcode Fuzzy Hash: efd2572b10e05a4e092758f1a6a071c9cb2625b38ecdde3a4cc2d13a45a7ee1a
                      • Instruction Fuzzy Hash: 05D022A34C470DA3F1180354ED0D37633ACC313215F811C40C208462A1CF648841E52A
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5842fb892cbcc7637bdc563f67b0fcba39b0049bd8226ed99115c0b8b2f3b1c5
                      • Instruction ID: bc109ff7c8ac4018663915ca582adc04fe960dcb244a674128725f6c36604fb3
                      • Opcode Fuzzy Hash: 5842fb892cbcc7637bdc563f67b0fcba39b0049bd8226ed99115c0b8b2f3b1c5
                      • Instruction Fuzzy Hash: 5FE02D79808229CFDB11DF20D948BEABBB1BB08359F0486D58409A3290D3759A86CF01
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627763060.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_5ef0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b841dd9ca7191619a859faefbc6e6e221e2abc73fe7d03ae09cad6fd6d0b5682
                      • Instruction ID: d6137d5f3130be54cacb4f013901c6549d24d41db97d0656e3d1cda811cc74eb
                      • Opcode Fuzzy Hash: b841dd9ca7191619a859faefbc6e6e221e2abc73fe7d03ae09cad6fd6d0b5682
                      • Instruction Fuzzy Hash: B3C02B3104E74BC7C1141380B54C374379CDB03205F643C004B1E010F14ABC0860D279
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 43ca31372f8bc99644bc2887a34d894cf8a662eafc1cf67e27b0f592affe8e97
                      • Instruction ID: 0d9b487ea3f9872b86f3da80aceb51f8d5728eda5d229d90ad57f98b30118500
                      • Opcode Fuzzy Hash: 43ca31372f8bc99644bc2887a34d894cf8a662eafc1cf67e27b0f592affe8e97
                      • Instruction Fuzzy Hash: 20C08C3200074A9BE2043BE5FA0C7A877A8DB02206F000110E20D421B0CBB98890CE3E
                      Memory Dump Source
                      • Source File: 00000001.00000002.1611251752.0000000001170000.00000040.00000800.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_1170000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2cec2b421496780aba29d70d5555cd4a1a3aecbe4f986edc9e7d20102ea881a8
                      • Instruction ID: 78532f9a1510dd8cc2420a0e37ed0bfbf33e231eba66fbd216f616e4c3c4e196
                      • Opcode Fuzzy Hash: 2cec2b421496780aba29d70d5555cd4a1a3aecbe4f986edc9e7d20102ea881a8
                      • Instruction Fuzzy Hash: 9CC04865A4D3C04FEF868BA89919B893F609F87325F0A00CAD180AF0A2D6A88504C733
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 9cea6d4181168f316adf3e4f171e07c9e603e62d984838f72f65a971fd7074df
                      • Instruction ID: 64bddf488bdc92a5b4700becce30834096e966557108f9d96d999eb849619f0e
                      • Opcode Fuzzy Hash: 9cea6d4181168f316adf3e4f171e07c9e603e62d984838f72f65a971fd7074df
                      • Instruction Fuzzy Hash: FB02F378A01218CFEB54EF68D984BAAB7F2FB49304F1080A9D40DA7795DB749D85CF50
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 130ab08d3076b063acd3e716a7aad5063083c4af19b9a5134ae619fc115e996a
                      • Instruction ID: ef34221dec6a025da3feff11d0d60e710a0344c929d5432f35183f2576c1201b
                      • Opcode Fuzzy Hash: 130ab08d3076b063acd3e716a7aad5063083c4af19b9a5134ae619fc115e996a
                      • Instruction Fuzzy Hash: ADA12B78E05218CFDB58DF68D494BAEB7F6FB89304F1080A9D409A7398DB349A45CF61
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 844e0d41525a9b87b56a41a898b9c010e773730dc87f8c8cdc8e2ba763bfa940
                      • Instruction ID: 199b2ffc679443e33865874819a943a5e86fff9ffb2e89d907c1f72b6cb1624c
                      • Opcode Fuzzy Hash: 844e0d41525a9b87b56a41a898b9c010e773730dc87f8c8cdc8e2ba763bfa940
                      • Instruction Fuzzy Hash: 3BA14A78E04218CFDB48EF68D494B9EB7F6FB89304F1080A9D409A7398DB349A45CF61
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 89cf15b4a8611bb1373e5db0f94b650d4c8ad94e584cfe0ed1e2fc86c3f46cb4
                      • Instruction ID: adc4d0d729b34e9c3afeeae594c8e92adf26d2f8958bf72397f9c94a753781b6
                      • Opcode Fuzzy Hash: 89cf15b4a8611bb1373e5db0f94b650d4c8ad94e584cfe0ed1e2fc86c3f46cb4
                      • Instruction Fuzzy Hash: 3DA11978E04218CFDB58EF68D594B9EB7F6FB89304F5080A9D409A7398DB349A45CF50
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627483536.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_58a0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 236e2624246aa102f0c629093fb49328c70ff3b1ef854e84e96b78506d9b6eb1
                      • Instruction ID: e0f7da46a568e66c5cd4428bb765a05aad29aa071adb55549ceccf011b670fdb
                      • Opcode Fuzzy Hash: 236e2624246aa102f0c629093fb49328c70ff3b1ef854e84e96b78506d9b6eb1
                      • Instruction Fuzzy Hash: 07A12C79A05258CFEB54DFA8C484BADBBF2FB49304F1480A9D50AAB395DB349D85CF10
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: e2d74d0abc0961b272fc1c08b2d49e3c4d43fda69fca00f537d68ff66ed71a64
                      • Instruction ID: 5cec9b9f094a989936a0d22ecec4935a9079c4ac009dffab3ef68f4784e4fd54
                      • Opcode Fuzzy Hash: e2d74d0abc0961b272fc1c08b2d49e3c4d43fda69fca00f537d68ff66ed71a64
                      • Instruction Fuzzy Hash: 6CA11978A05218CFDB58EF68D594B9EB7F5FB49304F5080A9D409A7398CB349E45CF50
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 05e852766e97abc82897a138cc753f00a5ecbe76da93df66cfc7a998d776590a
                      • Instruction ID: 9b8d149ea6e109088fe6e5f706aa5afe09ea8a8038f7608941fbb5b3fed69a8f
                      • Opcode Fuzzy Hash: 05e852766e97abc82897a138cc753f00a5ecbe76da93df66cfc7a998d776590a
                      • Instruction Fuzzy Hash: BF911A78E05218CFDB48EF68D494B9EB7F6FB49304F5480A9D409AB398CB349A45CF60
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: bccc57c0f841c894e90222fe7bc7903621fa291fb04629696de6db54fb51c36d
                      • Instruction ID: 6fbc718b18cd5e3605528d3e9df67981ffd0b2166447fec8c4cbbb4b7a907c51
                      • Opcode Fuzzy Hash: bccc57c0f841c894e90222fe7bc7903621fa291fb04629696de6db54fb51c36d
                      • Instruction Fuzzy Hash: 2A914C38A05218CFDB48EF68D494B9EB7F5FB49304F1080A9D40AAB399CB349E45CF60
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: e44dd56015e86951e906c607be6dbfa62b95e5fc9d51edeb5461a36f135f8865
                      • Instruction ID: bda8560477b37f574f334e7505e9687e191e3e13ead61dad4b44f89e55c6df22
                      • Opcode Fuzzy Hash: e44dd56015e86951e906c607be6dbfa62b95e5fc9d51edeb5461a36f135f8865
                      • Instruction Fuzzy Hash: BE911978A05218CFDB48EF68D594B9EB7F6FB49304F5080A9D409AB398DB349A45CF60
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.1628414535.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_65e0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID: 6
                      • API String ID: 0-3392940323
                      • Opcode ID: 4c229d708d3a6bb77c318dad23381118138f1c984c0312542f448ad45501aa48
                      • Instruction ID: 802e55b21894587c764464bd4edc6e46edc6aca10caff5dafdbec2fd4a6b15cb
                      • Opcode Fuzzy Hash: 4c229d708d3a6bb77c318dad23381118138f1c984c0312542f448ad45501aa48
                      • Instruction Fuzzy Hash: 4E911978A05218CFDB48EF68D594B9EB7F6FB89304F5080A9D409A7398DB349E45CF60
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627763060.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_5ef0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 938d2c0b35b686349167088749be490015903631d5fb79fae2a96e39c39f26b2
                      • Instruction ID: 4bda88aad6306d6969a170c92e51e4bfb751162ebe37b82ba9899ed8cce48c7d
                      • Opcode Fuzzy Hash: 938d2c0b35b686349167088749be490015903631d5fb79fae2a96e39c39f26b2
                      • Instruction Fuzzy Hash: 3D312C71D046588BEB29CF2B8C4838ABBF7AFC5300F14D1FAD44DA6225EB700A858F11
                      Memory Dump Source
                      • Source File: 00000001.00000002.1627763060.0000000005EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EF0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_5ef0000_Ywhazhugqk.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6e1d289ef8d9232dac7da8f1e5149b0b86805c7913b3865a1b8859b4bc195504
                      • Instruction ID: c2e3c11b6bcb0f66653c5078a62614652ba16b9b46c15e182a59440a2f8bb4d7
                      • Opcode Fuzzy Hash: 6e1d289ef8d9232dac7da8f1e5149b0b86805c7913b3865a1b8859b4bc195504
                      • Instruction Fuzzy Hash: DD21EA71D056288BEB28CF6BDC4879AF6F7AFC8300F54D1BAD51DA6215EB700A858F01
                      Strings
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID: 12-3
                      • API String ID: 0-3519433439
                      • Opcode ID: 5c5b370182a6caf103a4285ca9798e8af3cd16817690da5ee87c9f41cbcaf68a
                      • Instruction ID: 77577f0ee0422877c6db10242617755ec1ed8ce5145c28eced9580ad2bb444ab
                      • Opcode Fuzzy Hash: 5c5b370182a6caf103a4285ca9798e8af3cd16817690da5ee87c9f41cbcaf68a
                      • Instruction Fuzzy Hash: 0862EB715589D54FEB0A8B6884977EAFFF1EF5232471D80DEC4C49B283D62A9847CB80
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8a64eb6d8203715a4a79f7ee8664f96e1e65fcb941bbd287b1d0be7fb74662b5
                      • Instruction ID: f22ba890153e39538b947160782713904d4bbb3fff445fffa0b66320e5086ad4
                      • Opcode Fuzzy Hash: 8a64eb6d8203715a4a79f7ee8664f96e1e65fcb941bbd287b1d0be7fb74662b5
                      • Instruction Fuzzy Hash: C5917938A00104DFDF54DF64D488BAA7BB3FB89311F2484A6D4069B369CB75AC96CF60
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0cd7ff8b0aeab24db83a1a292598236f79fdb30027dd60d36cf9fe4175d7f84e
                      • Instruction ID: d591d25199256fce6a6faec86fd8f6620729da7f1b46f3824ac6803697215489
                      • Opcode Fuzzy Hash: 0cd7ff8b0aeab24db83a1a292598236f79fdb30027dd60d36cf9fe4175d7f84e
                      • Instruction Fuzzy Hash: 3C916838A01104DFDF54DF68D588BAA7BB3FB89311F2484A6D4029B369CB75AC91CF60
                      Strings
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID: Dq
                      • API String ID: 0-144822681
                      • Opcode ID: 25c37135926aeffb0db633a9c4649aa8056d12ff54a7a58fcd699b2a8132c4e9
                      • Instruction ID: 33e5ec5ae960d6be29ece64c2f88b1645e71b9d5b55f86dff37984d36d17f6f0
                      • Opcode Fuzzy Hash: 25c37135926aeffb0db633a9c4649aa8056d12ff54a7a58fcd699b2a8132c4e9
                      • Instruction Fuzzy Hash: 3632C530288AC05FEB1A9B24D4A66E6BFB5EF5633071941DED4C45B2A7CE2DD847CB40
                      Strings
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID: Dq
                      • API String ID: 0-144822681
                      • Opcode ID: b8878d6176fa36e7393e1a5d128960af4a692c1bb60c5e7c0dc33674767bcfd2
                      • Instruction ID: 1b82a86aa8f1694c66b514a909f83900dc9eb93488493cf2c887ff55ac54daae
                      • Opcode Fuzzy Hash: b8878d6176fa36e7393e1a5d128960af4a692c1bb60c5e7c0dc33674767bcfd2
                      • Instruction Fuzzy Hash: 29719178A006049FCB44DF69D584A59BBF2FF88310B26C1A9D415EB369DB71EC42CF90
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: df80f1f3f5ae56b4fc28dc49ff2064f31d7de512e58ca43e2bea616fcce57cff
                      • Instruction ID: c5be5ec06c5ec9027559ff42b59767e5c0df84f819ae8c6b339297fd589f6343
                      • Opcode Fuzzy Hash: df80f1f3f5ae56b4fc28dc49ff2064f31d7de512e58ca43e2bea616fcce57cff
                      • Instruction Fuzzy Hash: D4315C357041418FDB14CB69C584B6A7BF2FB85311F56C4A6E10E8B7A5C670EC86CB61
                      Memory Dump Source
                      • Source File: 00000002.00000002.2852814506.00000000022BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 022BD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_22bd000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ef9bffe82a5a2ba36f3b9d077c071b2eea9bfcdb340292977106d8384c8a71f9
                      • Instruction ID: 667f6829b9b68404156b4a6c82e0fdec9e03da6226a150f205b2895a03a7aed9
                      • Opcode Fuzzy Hash: ef9bffe82a5a2ba36f3b9d077c071b2eea9bfcdb340292977106d8384c8a71f9
                      • Instruction Fuzzy Hash: 0F213772510344DFDB0ADF50D9C0B96BB75FF84364F24C5A9E9090B24AC376E456CBA2
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7177a3e71981ab8bbf2bdc86428c3c6c77775f4b786676588e53afd1a9f00bec
                      • Instruction ID: 0760e4afbea7a632cfe364711989d7137433a51dbb76848e86e3ec063e5c8cd6
                      • Opcode Fuzzy Hash: 7177a3e71981ab8bbf2bdc86428c3c6c77775f4b786676588e53afd1a9f00bec
                      • Instruction Fuzzy Hash: C50184347003145FE748E6BE8C94BAB66DEBFC8750F144469A10AEB3A5DEA1AC414BA4
                      Memory Dump Source
                      • Source File: 00000002.00000002.2857674100.0000000004C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C40000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_4c40000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 130f0da7d60d31f13e98ea244448ec0c384b5c067ce213c3654aaa2668b22bee
                      • Instruction ID: 9cac5bb09d456d81025339108fe2ff3bb1f157696c4f7673e34fee1b0b9e722d
                      • Opcode Fuzzy Hash: 130f0da7d60d31f13e98ea244448ec0c384b5c067ce213c3654aaa2668b22bee
                      • Instruction Fuzzy Hash: A0218C70E54608CFE701DFA6D19C39A7FB2EF84315F24C4E6D40597289D739698ACB11
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 99c62458ca926201ade8cac3b65735048cde00f09aa56802da1a03c0cf69f136
                      • Instruction ID: be3a82e202b1447e2e849b5d9e2a600056edc4188d3ca6b736f7dac510ab17c3
                      • Opcode Fuzzy Hash: 99c62458ca926201ade8cac3b65735048cde00f09aa56802da1a03c0cf69f136
                      • Instruction Fuzzy Hash: 7601D47044E3C58FCB17873098686613FB0EF43300F5A44D3C0888B167C229A89BCB21
                      Memory Dump Source
                      • Source File: 00000002.00000002.2852814506.00000000022BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 022BD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_22bd000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a736483c7301ab0b942446287a2da93ee8c90a3553c7a0be40e84c1f23337044
                      • Instruction ID: 12844a20627d7bea84e73154263ae569635c0b3aea388710236aa1b61cc2c5ee
                      • Opcode Fuzzy Hash: a736483c7301ab0b942446287a2da93ee8c90a3553c7a0be40e84c1f23337044
                      • Instruction Fuzzy Hash: 4E11E676504280CFCB16CF50D5C4B96BF71FF84314F24C5A9D8494B65AC33AE45ACBA1
                      Memory Dump Source
                      • Source File: 00000002.00000002.2857674100.0000000004C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C40000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_4c40000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2c74f353db3d75b7e1c291776d57e0873659775b9e60dcf7b0714f7dec520ea4
                      • Instruction ID: 2e1409fc4b4e9abe88b121386b28e999a2138ea18056c41ffb0fb57b3e555a1c
                      • Opcode Fuzzy Hash: 2c74f353db3d75b7e1c291776d57e0873659775b9e60dcf7b0714f7dec520ea4
                      • Instruction Fuzzy Hash: 45118E70E44208DFE700DFDAD19C35E7AB2FB84315F20C4B5D50997289D7356986CB51
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d9b8469c5c4d4144cd7f051c72d740ea79b4345ad298799df8b45819d4aa4680
                      • Instruction ID: 51f5a5e903da2a861cc64db9843ea963c73a114fbb43cd78a7017e51e7c0919d
                      • Opcode Fuzzy Hash: d9b8469c5c4d4144cd7f051c72d740ea79b4345ad298799df8b45819d4aa4680
                      • Instruction Fuzzy Hash: 3F01AF35B451508FC7499BB8E06C8597BF5FF8E62135144E6F80ADB326DA31EC11CB90
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8f84d07c5c537d2418eaabdf14c9d58efe5f1132953ecaf50d36f23ea08a801a
                      • Instruction ID: ea5279aa74fb73f9355816325874225e1b258d544c8c36294713186900d21494
                      • Opcode Fuzzy Hash: 8f84d07c5c537d2418eaabdf14c9d58efe5f1132953ecaf50d36f23ea08a801a
                      • Instruction Fuzzy Hash: 56E0BD2000E3D04FCB0B9B3889B66A27FB0AD0725430F85CBC8C98E0A7C518681EC73A
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 97d2bf0317fb84a9f6415042087dbfd91fcb74813a9ffd0ab66838f4d7e0fea4
                      • Instruction ID: 818469551b7d1f367aca4f93c2a4b5e2ebc6c2267959a445ef4ed2baff48f9fe
                      • Opcode Fuzzy Hash: 97d2bf0317fb84a9f6415042087dbfd91fcb74813a9ffd0ab66838f4d7e0fea4
                      • Instruction Fuzzy Hash: A0E04834A452804FC7165B74A4594DC3FB19F4626532545DAD849DB233C9299C17CB90
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a12252d46423b31ceed96da4b31119d7fa4d9019249b941c45fee3988f22a741
                      • Instruction ID: 7feb0a6f2efe78ea199e62f28a8bf7984595d47bbcca0c228fae3941c8936549
                      • Opcode Fuzzy Hash: a12252d46423b31ceed96da4b31119d7fa4d9019249b941c45fee3988f22a741
                      • Instruction Fuzzy Hash: 51E0DF34681106CFDF54EB05F00C7223BE6EB81306FA48072D00D06759C734A8EADA00
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e4dc4bab6ebb5dd9ba5f28ae28db1c796cbfbfac65520a2665390bd30534e457
                      • Instruction ID: 7d5606eaf825726f225e9f14b266ff9aeb515e9b2cd3fa042663b79bd5a3961a
                      • Opcode Fuzzy Hash: e4dc4bab6ebb5dd9ba5f28ae28db1c796cbfbfac65520a2665390bd30534e457
                      • Instruction Fuzzy Hash: 21E0E5357100049FDF059BA4E8588AABAB3EF88354B128526E90297364DA319852CB11
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 25b2e7b8d8a142c440bceaedec5f0694565d2df8225a5bd0429bf9cd36ee8138
                      • Instruction ID: 222cffded5ecb0c4a5f0958bf4f37f2e7fd8faa13a5889c339e72cdad3fe4097
                      • Opcode Fuzzy Hash: 25b2e7b8d8a142c440bceaedec5f0694565d2df8225a5bd0429bf9cd36ee8138
                      • Instruction Fuzzy Hash: CEE08C35B001148FC384EBA9E01895A77E9FF8D62036140A5F80BEB325DE32EC108B91
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 71486889fb7e1a26f51f03ecebe60af1befc3b44875b5f74ac235d360cdf2508
                      • Instruction ID: de31e0864e5977d9abf5a7584b793abcca33a7d61efb6abe0b676ad6f837c091
                      • Opcode Fuzzy Hash: 71486889fb7e1a26f51f03ecebe60af1befc3b44875b5f74ac235d360cdf2508
                      • Instruction Fuzzy Hash: 6AE08C308993C08FCF0A67B060294A63F709E433203AA88CAC4848F197C52C946ACB24
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e06f30d1e01c3ac36ed9bd9b6026f277677f6aaffd7c10d25382f8d6cdd1abd7
                      • Instruction ID: e96c8ab25b359560a9314e6ed33d41b9b57e2c5bf7c36ca94bc4db13e695a7fa
                      • Opcode Fuzzy Hash: e06f30d1e01c3ac36ed9bd9b6026f277677f6aaffd7c10d25382f8d6cdd1abd7
                      • Instruction Fuzzy Hash: BDE04638D00266DBDB51EB58D04436976A6FB40351F950AA9C50B67348CB206D568B81
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 89cf7fc1128d55f3b0c2b47acd418facc47d774a76b08434a9f8d92679ca92a5
                      • Instruction ID: 26798f6254a8b28d7507463d8c175a56fd3ab2883b5df01b07173ecd05e1cf90
                      • Opcode Fuzzy Hash: 89cf7fc1128d55f3b0c2b47acd418facc47d774a76b08434a9f8d92679ca92a5
                      • Instruction Fuzzy Hash: B2E0B638B001108FCB84DF64E098A693BF2FF8C711B6250AAD8069B369CA30AC418B61
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 05d915e2834e8dc8636efe99d47240eb354b42fd7f600aa3715f19f49476102d
                      • Instruction ID: d888b36c2c0c0761195c5a46058480e054cf1b045742237fcf8852cc37c4574b
                      • Opcode Fuzzy Hash: 05d915e2834e8dc8636efe99d47240eb354b42fd7f600aa3715f19f49476102d
                      • Instruction Fuzzy Hash: 9DC08CB28886884FDB0227B8746E0D73F3CED5133535A44D2E84D840039A0698138F24
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0f4335876604b08e42d038dafe74c0ee30b1a3ecdc180ad32309e65e5514dfeb
                      • Instruction ID: 75a93343aa937aa58e8dde0aba4563a268352e60eed64c56e27559045f77a539
                      • Opcode Fuzzy Hash: 0f4335876604b08e42d038dafe74c0ee30b1a3ecdc180ad32309e65e5514dfeb
                      • Instruction Fuzzy Hash: 77D0126080D3C16FCB2327B8207E0DABF749E0B01474E4DCAD4C98B443C406145ACF02
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5c8701271838bdf097e82557d8071e92cdcd4964a26669a29a6d92ff03156ea9
                      • Instruction ID: 47cea537619c6acee65cd600eec4e6c9cf7c672014c48a2d19b2d4508623f896
                      • Opcode Fuzzy Hash: 5c8701271838bdf097e82557d8071e92cdcd4964a26669a29a6d92ff03156ea9
                      • Instruction Fuzzy Hash: 38D01235D10118ABDF0267F4E8185DEBB73EF89370F108925ED1172294DA316856CF62
                      Memory Dump Source
                      • Source File: 00000002.00000002.2857674100.0000000004C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C40000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_4c40000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b3f9a18deb4f139cec253d281f36285220c2918738d216b494ed751c8c8b93b5
                      • Instruction ID: 5a4c79081ccb20a4cd66bca65a2d5025bda8b54a62f3c8005351308230e27535
                      • Opcode Fuzzy Hash: b3f9a18deb4f139cec253d281f36285220c2918738d216b494ed751c8c8b93b5
                      • Instruction Fuzzy Hash: 8CA02230002B0C82830033B0220002033CC088020E38000B8C28C08E200C33F0E080A8
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3c6e44ad155e44ae0d3be31f9292638c6a650a01960653f2482826080a285460
                      • Instruction ID: 93794edd87f59355495e15106d26846dbfd4f9dd3e55c9ce51613c31d931548e
                      • Opcode Fuzzy Hash: 3c6e44ad155e44ae0d3be31f9292638c6a650a01960653f2482826080a285460
                      • Instruction Fuzzy Hash: 7DA01130880A088B82003BE8B80C0AA3B2CBA802223A00820A00E800008AA228208BA0
                      Memory Dump Source
                      • Source File: 00000002.00000002.2853162771.0000000002490000.00000040.00000800.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_2490000_InstallUtil.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 36b1cd12f260797b4b990f5f76ef5a198f56d82c669b287d99419fc37f840ecf
                      • Instruction ID: b55a743f7ee914182250eecaf14d50372a7e57ade4d0c6b6b246abb588b3686d
                      • Opcode Fuzzy Hash: 36b1cd12f260797b4b990f5f76ef5a198f56d82c669b287d99419fc37f840ecf
                      • Instruction Fuzzy Hash: B990027148460C8B464037D5741D55B776DA5485157D51461E50D425015A9664208595