Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
n3GMxqBnUE.exe

Overview

General Information

Sample name:n3GMxqBnUE.exe
renamed because original name is a hash value
Original sample name:2c262dee8e815e05ec9f3af3df3e35bb.exe
Analysis ID:1540826
MD5:2c262dee8e815e05ec9f3af3df3e35bb
SHA1:2c4bbddc90664238f39dec8f713e3107d0e1352c
SHA256:a352dd6a80a3aa9e337f877b8a0b6bc7367d64f893401722bc1b7c4b3c9fdc38
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Set autostart key via New-ItemProperty Cmdlet
Suricata IDS alerts for network traffic
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains very large array initializations
AI detected suspicious sample
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Suspicious powershell command line found
Tries to harvest and steal Bitcoin Wallet information
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • n3GMxqBnUE.exe (PID: 7328 cmdline: "C:\Users\user\Desktop\n3GMxqBnUE.exe" MD5: 2C262DEE8E815E05EC9F3AF3DF3E35BB)
    • powershell.exe (PID: 7372 cmdline: "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE' -Value '"C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe"' -PropertyType 'String' MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • n3GMxqBnUE.exe (PID: 7644 cmdline: "C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe" MD5: 2C262DEE8E815E05EC9F3AF3DF3E35BB)
  • n3GMxqBnUE.exe (PID: 7912 cmdline: "C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe" MD5: 2C262DEE8E815E05EC9F3AF3DF3E35BB)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.2010227472.00000000030F1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000000.00000002.4201527810.0000000002820000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      Process Memory Space: n3GMxqBnUE.exe PID: 7328JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: n3GMxqBnUE.exe PID: 7644JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: CurrentVersion Autorun Keys Modification
          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7372, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\n3GMxqBnUE
          Sigma detected: Non Interactive PowerShell Process Spawned
          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE' -Value '"C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe"' -PropertyType 'String', CommandLine: "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE' -Value '"C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe"' -PropertyType 'String', CommandLine|base64offset|contains: E^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\n3GMxqBnUE.exe", ParentImage: C:\Users\user\Desktop\n3GMxqBnUE.exe, ParentProcessId: 7328, ParentProcessName: n3GMxqBnUE.exe, ProcessCommandLine: "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE' -Value '"C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe"' -PropertyType 'String', ProcessId: 7372, ProcessName: powershell.exe

          Persistence and Installation Behavior

          barindex
          Sigma detected: Set autostart key via New-ItemProperty Cmdlet
          Source: Process startedAuthor: Joe Security: Data: Command: "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE' -Value '"C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe"' -PropertyType 'String', CommandLine: "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE' -Value '"C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe"' -PropertyType 'String', CommandLine|base64offset|contains: E^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\n3GMxqBnUE.exe", ParentImage: C:\Users\user\Desktop\n3GMxqBnUE.exe, ParentProcessId: 7328, ParentProcessName: n3GMxqBnUE.exe, ProcessCommandLine: "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE' -Value '"C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe"' -PropertyType 'String', ProcessId: 7372, ProcessName: powershell.exe

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-24T08:37:11.053738+020020355951Domain Observed Used for C2 Detected172.86.80.4256801192.168.2.449730TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: n3GMxqBnUE.exeAvira: detected
          Antivirus detection for dropped file
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeAvira: detection malicious, Label: HEUR/AGEN.1323341
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeReversingLabs: Detection: 73%
          Multi AV Scanner detection for submitted file
          Source: n3GMxqBnUE.exeReversingLabs: Detection: 73%
          Source: n3GMxqBnUE.exeVirustotal: Detection: 68%Perma Link
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeJoe Sandbox ML: detected
          Machine Learning detection for sample
          Source: n3GMxqBnUE.exeJoe Sandbox ML: detected
          Source: n3GMxqBnUE.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: n3GMxqBnUE.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 172.86.80.42:56801 -> 192.168.2.4:49730
          Source: Joe Sandbox ViewASN Name: M247GB M247GB
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficDNS traffic detected: DNS query: xen1.indiasupaclean.com
          Source: powershell.exe, 00000001.00000002.1766701012.0000000007AD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
          Source: powershell.exe, 00000001.00000002.1761839970.0000000003312000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro3T
          Source: n3GMxqBnUE.exe, 00000000.00000002.4200259397.0000000000C10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
          Source: n3GMxqBnUE.exe, 00000000.00000002.4200259397.0000000000C10000.00000004.00000020.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000000.00000002.4208763207.0000000005511000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.0.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
          Source: powershell.exe, 00000001.00000002.1764880396.0000000005FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
          Source: powershell.exe, 00000001.00000002.1762891290.00000000050A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002820000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002CDD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1762891290.0000000004F51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: powershell.exe, 00000001.00000002.1762891290.00000000050A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
          Source: powershell.exe, 00000001.00000002.1762891290.0000000004F51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
          Source: powershell.exe, 00000001.00000002.1764880396.0000000005FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
          Source: powershell.exe, 00000001.00000002.1764880396.0000000005FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
          Source: powershell.exe, 00000001.00000002.1764880396.0000000005FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
          Source: powershell.exe, 00000001.00000002.1762891290.00000000050A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002820000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000003.00000002.2010227472.00000000030F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002820000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000003.00000002.2010227472.00000000030F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002820000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000003.00000002.2010227472.00000000030F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exe
          Source: powershell.exe, 00000001.00000002.1764880396.0000000005FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002820000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000003.00000002.2010227472.00000000030F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002820000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000003.00000002.2010227472.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000007.00000002.2090430517.0000000003275000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002820000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000003.00000002.2010227472.00000000030F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354rCannot

          System Summary

          barindex
          .NET source code contains very large array initializations
          Source: n3GMxqBnUE.exe, Prototype.csLarge array initialization: SortException: array initializer size 294704
          Source: n3GMxqBnUE.exe.0.dr, Prototype.csLarge array initialization: SortException: array initializer size 294704
          Source: 0.2.n3GMxqBnUE.exe.39b1a60.1.raw.unpack, Prototype.csLarge array initialization: SortException: array initializer size 294704
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess Stats: CPU usage > 49%
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_00B81F480_2_00B81F48
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_00B81F480_2_00B81F48
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_00B842B00_2_00B842B0
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_00B822F00_2_00B822F0
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_00B822D90_2_00B822D9
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_00B822C40_2_00B822C4
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_00B823820_2_00B82382
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_00B823070_2_00B82307
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_00B8236A0_2_00B8236A
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_00B823520_2_00B82352
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_00B848300_2_00B84830
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_00B81CB10_2_00B81CB1
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_00B81CC00_2_00B81CC0
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_0556AA080_2_0556AA08
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05564D3D0_2_05564D3D
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05568F0E0_2_05568F0E
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_055667080_2_05566708
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_0556DF200_2_0556DF20
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_055648500_2_05564850
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05C026F00_2_05C026F0
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05C0CA300_2_05C0CA30
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05C038D00_2_05C038D0
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05C34B200_2_05C34B20
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05C387300_2_05C38730
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05C3A1D70_2_05C3A1D7
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05C3A1E80_2_05C3A1E8
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05C3C1000_2_05C3C100
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05C3C0D10_2_05C3C0D1
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05C34B100_2_05C34B10
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05C387230_2_05C38723
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05C3DE480_2_05C3DE48
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05C336280_2_05C33628
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05D944200_2_05D94420
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05D9671E0_2_05D9671E
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05D93DC50_2_05D93DC5
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05D944100_2_05D94410
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05D967E20_2_05D967E2
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05D967270_2_05D96727
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05D961E90_2_05D961E9
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05D961E00_2_05D961E0
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05D962CD0_2_05D962CD
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeCode function: 3_2_013E1F483_2_013E1F48
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeCode function: 3_2_013E23073_2_013E2307
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeCode function: 3_2_013E236A3_2_013E236A
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeCode function: 3_2_013E23523_2_013E2352
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeCode function: 3_2_013E23823_2_013E2382
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeCode function: 3_2_013E1F483_2_013E1F48
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeCode function: 3_2_013E42B03_2_013E42B0
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeCode function: 3_2_013E22F03_2_013E22F0
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeCode function: 3_2_013E22D93_2_013E22D9
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeCode function: 3_2_013E22C43_2_013E22C4
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeCode function: 3_2_013E1CB13_2_013E1CB1
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeCode function: 3_2_013E1CC03_2_013E1CC0
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeCode function: 7_2_014348307_2_01434830
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeCode function: 7_2_01431CC07_2_01431CC0
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeCode function: 7_2_01431CB17_2_01431CB1
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.00000000027F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameXilebu.dll" vs n3GMxqBnUE.exe
          Source: n3GMxqBnUE.exe, 00000000.00000002.4200259397.0000000000B9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs n3GMxqBnUE.exe
          Source: n3GMxqBnUE.exe, 00000003.00000002.2008876025.00000000010DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs n3GMxqBnUE.exe
          Source: n3GMxqBnUE.exe, 00000003.00000002.2012267299.0000000005550000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameXilebu.dll" vs n3GMxqBnUE.exe
          Source: n3GMxqBnUE.exe, 00000003.00000002.2010227472.00000000030B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameXilebu.dll" vs n3GMxqBnUE.exe
          Source: n3GMxqBnUE.exe, 00000003.00000002.2010654820.0000000004175000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameXilebu.dll" vs n3GMxqBnUE.exe
          Source: n3GMxqBnUE.exe, 00000003.00000002.2010227472.000000000319D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameXilebu.dll" vs n3GMxqBnUE.exe
          Source: n3GMxqBnUE.exe, 00000007.00000002.2091052406.00000000043E1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameXilebu.dll" vs n3GMxqBnUE.exe
          Source: n3GMxqBnUE.exe, 00000007.00000002.2090430517.0000000003319000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameXilebu.dll" vs n3GMxqBnUE.exe
          Source: n3GMxqBnUE.exeBinary or memory string: OriginalFilenameBnmxhdyu.exe" vs n3GMxqBnUE.exe
          Source: n3GMxqBnUE.exe.0.drBinary or memory string: OriginalFilenameBnmxhdyu.exe" vs n3GMxqBnUE.exe
          Source: n3GMxqBnUE.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: n3GMxqBnUE.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: n3GMxqBnUE.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: n3GMxqBnUE.exe, Predicate.csCryptographic APIs: 'CreateDecryptor'
          Source: n3GMxqBnUE.exe, Predicate.csCryptographic APIs: 'CreateDecryptor'
          Source: n3GMxqBnUE.exe, Prototype.csCryptographic APIs: 'CreateDecryptor'
          Source: n3GMxqBnUE.exe.0.dr, Predicate.csCryptographic APIs: 'CreateDecryptor'
          Source: n3GMxqBnUE.exe.0.dr, Predicate.csCryptographic APIs: 'CreateDecryptor'
          Source: n3GMxqBnUE.exe.0.dr, Prototype.csCryptographic APIs: 'CreateDecryptor'
          Source: 0.2.n3GMxqBnUE.exe.39b1a60.1.raw.unpack, Predicate.csCryptographic APIs: 'CreateDecryptor'
          Source: 0.2.n3GMxqBnUE.exe.39b1a60.1.raw.unpack, Predicate.csCryptographic APIs: 'CreateDecryptor'
          Source: 0.2.n3GMxqBnUE.exe.39b1a60.1.raw.unpack, Prototype.csCryptographic APIs: 'CreateDecryptor'
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/7@1/1
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeFile created: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeMutant created: NULL
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeMutant created: \Sessions\1\BaseNamedObjects\ef84bcf0fa
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7380:120:WilError_03
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_acplhtyx.yi4.ps1Jump to behavior
          Source: n3GMxqBnUE.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: n3GMxqBnUE.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: n3GMxqBnUE.exeReversingLabs: Detection: 73%
          Source: n3GMxqBnUE.exeVirustotal: Detection: 68%
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeFile read: C:\Users\user\Desktop\n3GMxqBnUE.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\n3GMxqBnUE.exe "C:\Users\user\Desktop\n3GMxqBnUE.exe"
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE' -Value '"C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe"' -PropertyType 'String'
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: unknownProcess created: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe "C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe"
          Source: unknownProcess created: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe "C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe"
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE' -Value '"C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe"' -PropertyType 'String'Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: cryptnet.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: webio.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeSection loaded: cabinet.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: n3GMxqBnUE.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: n3GMxqBnUE.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

          Data Obfuscation

          barindex
          .NET source code contains method to dynamically call methods (often used by packers)
          Source: n3GMxqBnUE.exe, Predicate.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
          Source: n3GMxqBnUE.exe.0.dr, Predicate.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
          Source: 0.2.n3GMxqBnUE.exe.39b1a60.1.raw.unpack, Predicate.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
          Suspicious powershell command line found
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE' -Value '"C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe"' -PropertyType 'String'
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE' -Value '"C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe"' -PropertyType 'String'Jump to behavior
          Source: n3GMxqBnUE.exeStatic PE information: 0xEA25B458 [Fri Jun 25 21:25:44 2094 UTC]
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05560411 push 6C055527h; iretd 0_2_0556041D
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_0556D3A2 push eax; retf 0_2_0556D3A1
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_0556D2AD push eax; retf 0_2_0556D3A1
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05C02500 push esp; iretd 0_2_05C02501
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05D90F38 pushad ; ret 0_2_05D90F39
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05D91810 push eax; iretd 0_2_05D91811
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeCode function: 0_2_05D91833 pushad ; iretd 0_2_05D91839
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_04F36E91 pushfd ; retn 0007h1_2_04F36E92
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_07DA226A push FFFFFFE8h; retf 1_2_07DA2271
          Source: n3GMxqBnUE.exeStatic PE information: section name: .text entropy: 7.8676232558990895
          Source: n3GMxqBnUE.exe.0.drStatic PE information: section name: .text entropy: 7.8676232558990895
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeFile created: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeJump to dropped file
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run n3GMxqBnUEJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run n3GMxqBnUEJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Queries memory information (via WMI often done to detect virtual machines)
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
          Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
          Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
          Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeMemory allocated: B80000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeMemory allocated: 27F0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeMemory allocated: 47F0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeMemory allocated: 13E0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeMemory allocated: 30B0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeMemory allocated: 2EB0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeMemory allocated: 1430000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeMemory allocated: 3220000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeMemory allocated: 3060000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeWindow / User API: threadDelayed 2975Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeWindow / User API: threadDelayed 6846Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4171Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1627Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7576Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -23980767295822402s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -34000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7604Thread sleep count: 2975 > 30Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -33890s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7604Thread sleep count: 6846 > 30Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -33743s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -33625s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -33515s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -33406s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -33295s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -33187s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -32780s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -32669s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -32562s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -32453s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -32343s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -32234s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -32124s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -32015s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -31897s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -31764s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -31655s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -31486s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -31359s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -31249s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -31140s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -31031s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -30921s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -30812s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -30702s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -30533s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -30402s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -30281s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -30138s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exe TID: 7600Thread sleep time: -30031s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7456Thread sleep count: 4171 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7460Thread sleep count: 1627 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7516Thread sleep time: -1844674407370954s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7480Thread sleep time: -2767011611056431s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe TID: 7672Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe TID: 7932Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 34000Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 33890Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 33743Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 33625Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 33515Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 33406Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 33295Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 33187Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 32780Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 32669Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 32562Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 32453Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 32343Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 32234Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 32124Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 32015Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 31897Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 31764Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 31655Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 31486Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 31359Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 31249Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 31140Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 31031Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 30921Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 30812Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 30702Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 30533Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 30402Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 30281Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 30138Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeThread delayed: delay time: 30031Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: n3GMxqBnUE.exe, 00000000.00000002.4209010455.0000000005538000.00000004.00000020.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000000.00000002.4208320289.0000000005452000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeMemory allocated: page read and write | page guardJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE' -Value '"C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe"' -PropertyType 'String'Jump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" remove-itemproperty -path 'hkcu:\software\microsoft\windows\currentversion\run' -name 'n3gmxqbnue';new-itemproperty -path 'hkcu:\software\microsoft\windows\currentversion\run' -name 'n3gmxqbnue' -value '"c:\users\user\appdata\roaming\n3gmxqbnue.exe"' -propertytype 'string'
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" remove-itemproperty -path 'hkcu:\software\microsoft\windows\currentversion\run' -name 'n3gmxqbnue';new-itemproperty -path 'hkcu:\software\microsoft\windows\currentversion\run' -name 'n3gmxqbnue' -value '"c:\users\user\appdata\roaming\n3gmxqbnue.exe"' -propertytype 'string'Jump to behavior
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002AAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerh{^q
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002C19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002B01000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002BC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe^q|
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002C69000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe^q\
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002B01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe^q$6
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002CB9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe^qX
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002C45000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe^qTW
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002C91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe^q,
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002B51000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe^ql
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002BF1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe^qL
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002C19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe^q
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002A02000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerB2E"
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeQueries volume information: C:\Users\user\Desktop\n3GMxqBnUE.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeQueries volume information: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeQueries volume information: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\n3GMxqBnUE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

          Stealing of Sensitive Information

          barindex
          Found many strings related to Crypto-Wallets (likely being stolen)
          Source: n3GMxqBnUE.exe, 00000000.00000002.4209010455.0000000005538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum\wallets
          Source: n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002A02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q3C:\Users\user\AppData\Roaming\Exodus\exodus.wallet@\^q com.liberty.jaxx
          Source: n3GMxqBnUE.exe, 00000000.00000002.4208320289.0000000005452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
          Source: n3GMxqBnUE.exe, 00000000.00000002.4208320289.0000000005452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystore
          Source: n3GMxqBnUE.exe, 00000000.00000002.4208320289.0000000005452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
          Source: n3GMxqBnUE.exe, 00000000.00000002.4208320289.0000000005452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystore
          Source: n3GMxqBnUE.exe, 00000000.00000002.4208320289.0000000005452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystore
          Tries to harvest and steal Bitcoin Wallet information
          Source: C:\Users\user\Desktop\n3GMxqBnUE.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-QtJump to behavior
          Source: Yara matchFile source: 00000003.00000002.2010227472.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.4201527810.0000000002820000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: n3GMxqBnUE.exe PID: 7328, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: n3GMxqBnUE.exe PID: 7644, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts321
          Windows Management Instrumentation          		1
          Registry Run Keys / Startup Folder          		12
          Process Injection          		1
          Masquerading          		OS Credential Dumping1
          Query Registry          		Remote Services11
          Archive Collected Data          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts1
          Command and Scripting Interpreter          		1
          DLL Side-Loading          		1
          Registry Run Keys / Startup Folder          		1
          Disable or Modify Tools          		LSASS Memory521
          Security Software Discovery          		Remote Desktop Protocol1
          Data from Local System          		1
          Non-Application Layer Protocol          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts1
          PowerShell          		Logon Script (Windows)1
          DLL Side-Loading          		341
          Virtualization/Sandbox Evasion          		Security Account Manager2
          Process Discovery          		SMB/Windows Admin SharesData from Network Shared Drive1
          Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
          Process Injection          		NTDS341
          Virtualization/Sandbox Evasion          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          Application Window Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
          Obfuscated Files or Information          		Cached Domain Credentials213
          System Information Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
          Software Packing          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          Timestomp          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
          DLL Side-Loading          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          n3GMxqBnUE.exe74%ReversingLabsByteCode-MSIL.Trojan.Generic
          n3GMxqBnUE.exe68%VirustotalBrowse
          n3GMxqBnUE.exe100%AviraHEUR/AGEN.1323341
          n3GMxqBnUE.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe100%AviraHEUR/AGEN.1323341
          C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe74%ReversingLabsWin32.Trojan.Generic

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://nuget.org/NuGet.exe0%URL Reputationsafe
          https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
          http://crl.micro0%URL Reputationsafe
          http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
          https://aka.ms/pscore6lB0%URL Reputationsafe
          https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
          https://contoso.com/0%URL Reputationsafe
          https://nuget.org/nuget.exe0%URL Reputationsafe
          https://contoso.com/License0%URL Reputationsafe
          https://contoso.com/Icon0%URL Reputationsafe
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          xen1.indiasupaclean.com
          		172.86.80.42
          		truetrue
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://nuget.org/NuGet.exepowershell.exe, 00000001.00000002.1764880396.0000000005FBB000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://stackoverflow.com/q/14436606/23354n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002820000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000003.00000002.2010227472.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000007.00000002.2090430517.0000000003275000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://crl.micropowershell.exe, 00000001.00000002.1766701012.0000000007AD6000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000001.00000002.1762891290.00000000050A6000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://aka.ms/pscore6lBpowershell.exe, 00000001.00000002.1762891290.0000000004F51000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000001.00000002.1762891290.00000000050A6000.00000004.00000800.00020000.00000000.sdmpfalse
              		unknown
              https://stackoverflow.com/q/2152978/23354rCannotn3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002820000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000003.00000002.2010227472.00000000030F1000.00000004.00000800.00020000.00000000.sdmpfalse
                		unknown
                https://stackoverflow.com/q/11564914/23354;n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002820000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000003.00000002.2010227472.00000000030F1000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://contoso.com/powershell.exe, 00000001.00000002.1764880396.0000000005FBB000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://nuget.org/nuget.exepowershell.exe, 00000001.00000002.1764880396.0000000005FBB000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://contoso.com/Licensepowershell.exe, 00000001.00000002.1764880396.0000000005FBB000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dlln3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002820000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000003.00000002.2010227472.00000000030F1000.00000004.00000800.00020000.00000000.sdmpfalse
                  		unknown
                  https://contoso.com/Iconpowershell.exe, 00000001.00000002.1764880396.0000000005FBB000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://crl.micro3Tpowershell.exe, 00000001.00000002.1761839970.0000000003312000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namen3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002820000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002CDD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1762891290.0000000004F51000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://github.com/Pester/Pesterpowershell.exe, 00000001.00000002.1762891290.00000000050A6000.00000004.00000800.00020000.00000000.sdmpfalse
                      		unknown
                      https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exen3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002820000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000003.00000002.2010227472.00000000030F1000.00000004.00000800.00020000.00000000.sdmpfalse
                        		unknown
                        https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exen3GMxqBnUE.exe, 00000000.00000002.4201527810.0000000002820000.00000004.00000800.00020000.00000000.sdmp, n3GMxqBnUE.exe, 00000003.00000002.2010227472.00000000030F1000.00000004.00000800.00020000.00000000.sdmpfalse
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          172.86.80.42
                          		xen1.indiasupaclean.comUnited States
                          		9009M247GBtrue

                          General Information

                          Joe Sandbox version:41.0.0 Charoite
                          Analysis ID:1540826
                          Start date and time:2024-10-24 08:36:05 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 8m 44s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:10
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:n3GMxqBnUE.exe
                          renamed because original name is a hash value
                          Original Sample Name:2c262dee8e815e05ec9f3af3df3e35bb.exe
                          Detection:MAL
                          Classification:mal100.troj.spyw.evad.winEXE@6/7@1/1
                          EGA Information:Failed
                          HCA Information:
                          • Successful, ratio: 95%
                          • Number of executed functions: 278
                          • Number of non-executed functions: 35
                          Cookbook Comments:
                          • Found application associated with file extension: .exe
                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                          Warnings

                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                          • Excluded IPs from analysis (whitelisted): 93.184.221.240
                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com
                          • Execution Graph export aborted for target n3GMxqBnUE.exe, PID 7328 because it is empty
                          • Execution Graph export aborted for target n3GMxqBnUE.exe, PID 7644 because it is empty
                          • Execution Graph export aborted for target n3GMxqBnUE.exe, PID 7912 because it is empty
                          • Execution Graph export aborted for target powershell.exe, PID 7372 because it is empty
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • Report size getting too big, too many NtReadVirtualMemory calls found.

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          02:37:04API Interceptor5x Sleep call for process: powershell.exe modified
                          02:37:12API Interceptor10362854x Sleep call for process: n3GMxqBnUE.exe modified
                          07:37:06AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run n3GMxqBnUE C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe
                          07:37:15AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run n3GMxqBnUE C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe

                          Joe Sandbox View / Context

                          IPs

                          No context

                          Domains

                          No context

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          M247GBla.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                          • 38.201.120.183
                          m68k.elfGet hashmaliciousUnknownBrowse
                          • 193.31.73.102
                          arm5.elfGet hashmaliciousMiraiBrowse
                          • 38.202.251.242
                          mips.elfGet hashmaliciousUnknownBrowse
                          • 213.182.204.57
                          arm5.elfGet hashmaliciousUnknownBrowse
                          • 213.182.204.57
                          x86.elfGet hashmaliciousUnknownBrowse
                          • 213.182.204.57
                          irq2.elfGet hashmaliciousTsunamiBrowse
                          • 213.209.152.135
                          NeftPaymentError_Emdtd22102024_jpg.exeGet hashmaliciousNetSupport RATBrowse
                          • 185.158.248.110
                          NeftPaymentError_Emdtd22102024_jpg.exeGet hashmaliciousNetSupport RATBrowse
                          • 185.158.248.110
                          6fLnWSoXXD.elfGet hashmaliciousMiraiBrowse
                          • 158.46.140.133

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                          Download File
                          Process:C:\Users\user\Desktop\n3GMxqBnUE.exe
                          File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                          Category:dropped
                          Size (bytes):71954
                          Entropy (8bit):7.996617769952133
                          Encrypted:true
                          SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                          MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                          SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                          SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                          SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                          Malicious:false
                          Reputation:high, very likely benign file
                          Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                          Download File
                          Process:C:\Users\user\Desktop\n3GMxqBnUE.exe
                          File Type:data
                          Category:modified
                          Size (bytes):328
                          Entropy (8bit):3.144086598890895
                          Encrypted:false
                          SSDEEP:6:kKvk79UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:HVDnLNkPlE99SNxAhUe/3
                          MD5:BA367D2A75531078573ED66EB7CC3402
                          SHA1:433C9E232A5E85D66510761BB75EF5B1BD42FB7C
                          SHA-256:F6D75C09F9814EE57BB5021EEB6B10DD9101280F076996BCB109713C9E493AEF
                          SHA-512:811B9999D0460D35B660F330738750091C3D00DC9122EF1BF497F943ABCA7795038C579A5D5F6CB40A201C777FA0C34E1EB171351FA34DA64FCE1783FDD33C82
                          Malicious:false
                          Reputation:low
                          Preview:p...... .........Y.(.%..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\n3GMxqBnUE.exe.log

                          Download File
                          Process:C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1400
                          Entropy (8bit):5.344873306377427
                          Encrypted:false
                          SSDEEP:24:ML9E4KlKDE4KhKiKhRAE4KzetfE4KnKIE4oKNzKo9E4KhZsXE4qdKm:MxHKlYHKh3oRAHKzetfHKntHo6lHKmHA
                          MD5:8255A4767725CC323842B221CEAFCBEE
                          SHA1:537C8C5384748F137B339E39BC0A7FA90DBBC112
                          SHA-256:7B368AA23DA44F0789862A83A2FA7BD40B1E1FB3C19E69005FAEA382DD0252F5
                          SHA-512:C9B2DB6E3059872EEBF2DDBF2CE19A76D794C01D50E6A178108F5DAF29BA3B93DCF048C72A4414FAB83026BBE062C6DB5BA91657EF4706853A26980342E2CDD8
                          Malicious:true
                          Reputation:low
                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=n

                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                          Download File
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):1260
                          Entropy (8bit):5.381977201192373
                          Encrypted:false
                          SSDEEP:24:3GWSKco4KmBs4RPT6BmFoUvjKTIKo+mZ9tXt/NK3R8IHrIr:2WSU4y4RQmFoULF+mZ9tlNWR8IHEr
                          MD5:D09E799ED5550B46D98E67447F11C0A5
                          SHA1:014A1C36D99C43E28920C505C0E8B6989A1AE3F4
                          SHA-256:1D06FC6251F007ABE67139651F3B38AE85952993E6B8E88D491F0B6F34608BDB
                          SHA-512:C0AC20A39830CFBAEF5E3305CC04D7FBA24FCCAFBA045F9FD4278FD87844F954B5D23F994F40332B6337F9172ED41EF98C5DACEAED455E5F25672FBB42336EEC
                          Malicious:false
                          Reputation:low
                          Preview:@...e.................................,..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.<...............i..VdqF...|...........System.Configuration4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.D....................+.H..!...e........System.Configuration.Ins

                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_acplhtyx.yi4.ps1

                          Download File
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:ASCII text, with no line terminators
                          Category:dropped
                          Size (bytes):60
                          Entropy (8bit):4.038920595031593
                          Encrypted:false
                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                          Malicious:false
                          Reputation:high, very likely benign file
                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q3eptnp4.uig.psm1

                          Download File
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:ASCII text, with no line terminators
                          Category:dropped
                          Size (bytes):60
                          Entropy (8bit):4.038920595031593
                          Encrypted:false
                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                          Malicious:false
                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                          C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe

                          Download File
                          Process:C:\Users\user\Desktop\n3GMxqBnUE.exe
                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):353792
                          Entropy (8bit):7.851490440412662
                          Encrypted:false
                          SSDEEP:6144:OW0seBSRKuyFcy9D4AQYRL/vgisUdiuBD2YaZsTBHunn6hfcwdUeAlA:W1SALFcszJgEwuBDUZsFWWcws
                          MD5:2C262DEE8E815E05EC9F3AF3DF3E35BB
                          SHA1:2C4BBDDC90664238F39DEC8F713E3107D0E1352C
                          SHA-256:A352DD6A80A3AA9E337F877B8A0B6BC7367D64F893401722BC1B7C4B3C9FDC38
                          SHA-512:62CB099BB8FA18F4DD539FAC7545661B9E6A94B3CC09476E433DBED187696040C503F26D26E1DDFF91B5EF1CB01FAD73A870706D0465605094CF0EBBB3D522DE
                          Malicious:true
                          Antivirus:
                          • Antivirus: Avira, Detection: 100%
                          • Antivirus: Joe Sandbox ML, Detection: 100%
                          • Antivirus: ReversingLabs, Detection: 74%
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X.%...............0..\..........^z... ........@.. ....................................@..................................z..K.......h............................................................................ ............... ..H............text...dZ... ...\.................. ..`.rsrc...h............^..............@..@.reloc...............d..............@..B................@z......H.......|....W...........................................................*...(....*..(....*..0..........8z....8....8......o....:....8;.....o.... .... .D..X ..`.a~}...{....a(/... .......o....&8.....&.....9....8......o....8.....8.......8....*(......(....o....o....~....%:....&~..........s....%.....(...+o......84..............[a......&~.......*...~....*.~8....*(....8....s.........8....Z(....8.....(....8....*...o.... ... 6H..Y k$I.a~}...{h...a(/...(....*..&~.......*...~....*..0..

                          Static File Info

                          General

                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                          Entropy (8bit):7.851490440412662
                          TrID:
                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                          • Win32 Executable (generic) a (10002005/4) 49.78%
                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                          • Generic Win/DOS Executable (2004/3) 0.01%
                          • DOS Executable Generic (2002/1) 0.01%
                          File name:n3GMxqBnUE.exe
                          File size:353'792 bytes
                          MD5:2c262dee8e815e05ec9f3af3df3e35bb
                          SHA1:2c4bbddc90664238f39dec8f713e3107d0e1352c
                          SHA256:a352dd6a80a3aa9e337f877b8a0b6bc7367d64f893401722bc1b7c4b3c9fdc38
                          SHA512:62cb099bb8fa18f4dd539fac7545661b9e6a94b3cc09476e433dbed187696040c503f26d26e1ddff91b5ef1cb01fad73a870706d0465605094cf0ebbb3d522de
                          SSDEEP:6144:OW0seBSRKuyFcy9D4AQYRL/vgisUdiuBD2YaZsTBHunn6hfcwdUeAlA:W1SALFcszJgEwuBDUZsFWWcws
                          TLSH:E0740246B7CBA722C39C0574C9F3959443F293DB2933D74A3ED853898E83785AE14BA1
                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X.%...............0..\..........^z... ........@.. ....................................@................................

                          File Icon

                          Icon Hash:90cececece8e8eb0

                          Static PE Info

                          General

                          Entrypoint:0x457a5e
                          Entrypoint Section:.text
                          Digitally signed:false
                          Imagebase:0x400000
                          Subsystem:windows gui
                          Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Time Stamp:0xEA25B458 [Fri Jun 25 21:25:44 2094 UTC]
                          TLS Callbacks:
                          CLR (.Net) Version:
                          OS Version Major:4
                          OS Version Minor:0
                          File Version Major:4
                          File Version Minor:0
                          Subsystem Version Major:4
                          Subsystem Version Minor:0
                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                          Entrypoint Preview

                          Instruction
                          jmp dword ptr [00402000h]
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al

                          Data Directories

                          NameVirtual AddressVirtual Size Is in Section
                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IMPORT0x57a100x4b.text
                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x580000x568.rsrc
                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x5a0000xc.reloc
                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                          Sections

                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                          .text0x20000x55a640x55c00b1290727f5ebdf37bac04bb49c3e59deFalse0.9191503052113703data7.8676232558990895IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          .rsrc0x580000x5680x600b6460c6c4ef749d334d0d6bf48964b2bFalse0.4016927083333333data3.934920780251347IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                          .reloc0x5a0000xc0x2005da32fd7e9464001051e94475752e5beFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                          Resources

                          NameRVASizeTypeLanguageCountryZLIB Complexity
                          RT_VERSION0x580a00x2dcdata0.4344262295081967
                          RT_MANIFEST0x5837c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                          Imports

                          DLLImport
                          mscoree.dll_CorExeMain

                          Network Behavior

                          Suricata IDS Alerts

                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                          2024-10-24T08:37:11.053738+02002035595ET MALWARE Generic AsyncRAT Style SSL Cert1172.86.80.4256801192.168.2.449730TCP

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Oct 24, 2024 08:37:09.955478907 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:37:09.961002111 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:37:09.961119890 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:37:09.968866110 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:37:09.974251986 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:37:10.038055897 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:37:10.043545961 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:37:11.009766102 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:37:11.009812117 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:37:11.009880066 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:37:11.045841932 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:37:11.053738117 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:37:11.391725063 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:37:11.440963984 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:37:15.732649088 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:37:15.738723040 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:37:15.740561008 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:37:15.745954990 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:37:47.505013943 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:37:47.510368109 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:37:47.510452986 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:37:47.515780926 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:37:47.852171898 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:37:47.894881010 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:37:48.066875935 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:37:48.076895952 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:37:48.082305908 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:37:48.082360029 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:37:48.087791920 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:21.511637926 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:38:21.516967058 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:21.517116070 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:38:21.522608995 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:21.862200022 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:21.909918070 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:38:22.076822042 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:22.079137087 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:38:22.084495068 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:22.084573984 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:38:22.089972019 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:40.787069082 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:38:40.792402029 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:40.792586088 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:38:40.797924995 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:41.136804104 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:41.191338062 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:38:41.351202965 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:41.356760979 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:38:41.362149954 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:41.362355947 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:38:41.367629051 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:51.410979986 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:38:51.416315079 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:51.416393995 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:38:51.421680927 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:51.761674881 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:51.863176107 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:38:51.976149082 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:51.978296995 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:38:51.983603954 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:51.983715057 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:38:51.989036083 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:59.332895994 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:38:59.338203907 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:59.338579893 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:38:59.343893051 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:59.683141947 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:59.769480944 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:38:59.898055077 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:59.900722980 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:38:59.906013966 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:38:59.906124115 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:38:59.911856890 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:01.066840887 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:01.072241068 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:01.072952032 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:01.078321934 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:01.545345068 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:01.594258070 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:01.632544041 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:01.675756931 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:01.688484907 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:01.694163084 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:01.694245100 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:01.699604034 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:20.037053108 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:20.042381048 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:20.042438984 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:20.047749996 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:20.386362076 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:20.441485882 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:20.601514101 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:20.604464054 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:20.609821081 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:20.609870911 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:20.615120888 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:34.160936117 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:34.167378902 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:34.167483091 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:34.174025059 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:34.511220932 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:34.566782951 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:34.781610966 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:34.783966064 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:34.789273977 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:34.789349079 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:34.794675112 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:56.975092888 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:56.980478048 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:56.981080055 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:56.988202095 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:57.322437048 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:57.364275932 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:57.538192034 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:57.541064024 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:57.548017979 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:39:57.548217058 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:39:57.553720951 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:17.551455975 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:40:17.556870937 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:17.556926966 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:40:17.562366009 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:17.903529882 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:17.957228899 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:40:18.118041039 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:18.120903969 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:40:18.126307011 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:18.126382113 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:40:18.131668091 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:30.692660093 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:40:30.698164940 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:30.701308966 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:40:30.706619024 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:30.801640987 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:40:30.807780027 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:30.807846069 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:40:30.814094067 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:31.042705059 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:31.141527891 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:31.141614914 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:40:31.145302057 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:40:31.150619030 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:31.150681973 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:40:31.155986071 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:31.257148981 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:31.259825945 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:40:31.265163898 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:31.265222073 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:40:31.270529985 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:51.677239895 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:40:51.682717085 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:51.682851076 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:40:51.688266993 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:52.029441118 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:52.080765963 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:40:52.284832954 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:52.287934065 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:40:52.293335915 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:40:52.293380022 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:40:52.298763990 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:41:07.942490101 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:41:07.947834015 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:41:07.947885036 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:41:07.953213930 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:41:08.293971062 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:41:08.348046064 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:41:08.508601904 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:41:08.516983986 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:41:08.522470951 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:41:08.522558928 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:41:08.527970076 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:41:11.823247910 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:41:11.828800917 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:41:11.833427906 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:41:11.838829994 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:41:12.183248997 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:41:12.238749027 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:41:12.397898912 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:41:12.398994923 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:41:12.404540062 CEST5680149730172.86.80.42192.168.2.4
                          Oct 24, 2024 08:41:12.404603958 CEST4973056801192.168.2.4172.86.80.42
                          Oct 24, 2024 08:41:12.411453009 CEST5680149730172.86.80.42192.168.2.4

                          UDP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Oct 24, 2024 08:37:09.905700922 CEST6046753192.168.2.41.1.1.1
                          Oct 24, 2024 08:37:09.940311909 CEST53604671.1.1.1192.168.2.4

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Oct 24, 2024 08:37:09.905700922 CEST192.168.2.41.1.1.10x8337Standard query (0)xen1.indiasupaclean.comA (IP address)IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Oct 24, 2024 08:37:09.940311909 CEST1.1.1.1192.168.2.40x8337No error (0)xen1.indiasupaclean.com172.86.80.42A (IP address)IN (0x0001)false

                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:02:37:03
                          Start date:24/10/2024
                          Path:C:\Users\user\Desktop\n3GMxqBnUE.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\Desktop\n3GMxqBnUE.exe"
                          Imagebase:0x500000
                          File size:353'792 bytes
                          MD5 hash:2C262DEE8E815E05EC9F3AF3DF3E35BB
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.4201527810.0000000002820000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          Reputation:low
                          Has exited:false

                          General

                          Target ID:1
                          Start time:02:37:04
                          Start date:24/10/2024
                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          Wow64 process (32bit):true
                          Commandline:"powershell.exe" Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'n3GMxqBnUE' -Value '"C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe"' -PropertyType 'String'
                          Imagebase:0xca0000
                          File size:433'152 bytes
                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:2
                          Start time:02:37:04
                          Start date:24/10/2024
                          Path:C:\Windows\System32\conhost.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Imagebase:0x7ff7699e0000
                          File size:862'208 bytes
                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:3
                          Start time:02:37:15
                          Start date:24/10/2024
                          Path:C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe"
                          Imagebase:0xb50000
                          File size:353'792 bytes
                          MD5 hash:2C262DEE8E815E05EC9F3AF3DF3E35BB
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2010227472.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          Antivirus matches:
                          • Detection: 100%, Avira
                          • Detection: 100%, Joe Sandbox ML
                          • Detection: 74%, ReversingLabs
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:7
                          Start time:02:37:23
                          Start date:24/10/2024
                          Path:C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\AppData\Roaming\n3GMxqBnUE.exe"
                          Imagebase:0xdc0000
                          File size:353'792 bytes
                          MD5 hash:2C262DEE8E815E05EC9F3AF3DF3E35BB
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          Disassembly

                          Reset < >

                            Executed Functions

                            Function 05D94420 Relevance: 5.2, Strings: 3, Instructions: 1491COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: fcq$ fcq$4'^q
                            • API String ID: 0-259698777
                            • Opcode ID: d7d920c8779922e11b9c24354e498f15542e58ba91e2ae462a4e6c5f81180fd5
                            • Instruction ID: dc9bcc3a85d96f4d0c86eaa4d1ea5711637aed2fe0819a29b18f44b2cd2b9831
                            • Opcode Fuzzy Hash: d7d920c8779922e11b9c24354e498f15542e58ba91e2ae462a4e6c5f81180fd5
                            • Instruction Fuzzy Hash: 94E22C747404148FC754FF28D999AAA73F2AB98700F4185E5941E9B3A9EB30BD4ACFC4
                            Function 05D94410 Relevance: 5.2, Strings: 3, Instructions: 1487COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: fcq$ fcq$4'^q
                            • API String ID: 0-259698777
                            • Opcode ID: ed49d86e097da66322923b1158baf003ae04414e98f60aafe5b70d1da0b56577
                            • Instruction ID: 886d3309f40f2d5c241ef63517dc0692f26511a3be7a1822f642e4aec78a7108
                            • Opcode Fuzzy Hash: ed49d86e097da66322923b1158baf003ae04414e98f60aafe5b70d1da0b56577
                            • Instruction Fuzzy Hash: E3E22C747404148FC754FF28D999AAA73F2AB98700F4185E5941E9B3A9EB30BD4ACFC4
                            Function 05C026F0 Relevance: 4.3, Strings: 3, Instructions: 575COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: Hbq$Hbq$Hbq
                            • API String ID: 0-2297679979
                            • Opcode ID: 793e38d4dbbf5a137fbd8685ea49a4f547e6a22adefc345c3e59df3bb49cb620
                            • Instruction ID: 204c79c6106d06394e418c4947a4bdc60b19e0424a01fad974a6c7904e594d97
                            • Opcode Fuzzy Hash: 793e38d4dbbf5a137fbd8685ea49a4f547e6a22adefc345c3e59df3bb49cb620
                            • Instruction Fuzzy Hash: 3D323F74B006148FDB14EF64D994AAEB7F2FF88304F1089A9E50697394DB34AD86CF91
                            Function 00B81F48 Relevance: 2.1, Strings: 1, Instructions: 880COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: Deq
                            • API String ID: 0-948982800
                            • Opcode ID: dd15810fe4ba45737fda4692c11a68e6c8ee3fb20b133d2507484c7601c5d1df
                            • Instruction ID: 447ff06b50751776ee5767d85a344a0cd4af72dd13f3cedc9a06f54b9a34cb6f
                            • Opcode Fuzzy Hash: dd15810fe4ba45737fda4692c11a68e6c8ee3fb20b133d2507484c7601c5d1df
                            • Instruction Fuzzy Hash: F27229B6A096858FC702DB78D8A469DBFF1EF56304B5A42DED041DB267E324DC06CB81
                            Function 0556AA08 Relevance: 1.9, Strings: 1, Instructions: 698COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4209768348.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5560000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: (_^q
                            • API String ID: 0-538443824
                            • Opcode ID: 875c413b13cd2b175ca51def1f30f686b818926d7fee678377403f88154572a3
                            • Instruction ID: 5e49830e91af9aee9e8ef99829a2d36563ac62410d3c9ca5a32f1395ecf555f5
                            • Opcode Fuzzy Hash: 875c413b13cd2b175ca51def1f30f686b818926d7fee678377403f88154572a3
                            • Instruction Fuzzy Hash: 0B527F75B00504CFD704EFA4D494AAE7BF2FB88704F1484A9E906AB399DE34ED46CB91
                            Function 05C38730 Relevance: 1.7, Strings: 1, Instructions: 401COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: Pl^q
                            • API String ID: 0-2831078282
                            • Opcode ID: 9b6d05935b573759e1daad599b1a8b7e75fece46f8c9dfe007629e2c4cb5d6be
                            • Instruction ID: 0a6521cffabfaa36e54d0062b49f136b3d1447d3bef0ac6450f005d4f4fa994f
                            • Opcode Fuzzy Hash: 9b6d05935b573759e1daad599b1a8b7e75fece46f8c9dfe007629e2c4cb5d6be
                            • Instruction Fuzzy Hash: 5BF11F34B115189FCB04FFA4E894DAEBBB7FF98700F508955E805A7398DA71AC46DB40
                            Function 05C38723 Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: Pl^q
                            • API String ID: 0-2831078282
                            • Opcode ID: c60dfce35290b96713a34cc382c6c56efec0f5d8bd98ffb164988dbb5f5557aa
                            • Instruction ID: e945f4317ae5fc72e405f3671d5fddf78a83aa57c6c1c0344955f44595ce6c36
                            • Opcode Fuzzy Hash: c60dfce35290b96713a34cc382c6c56efec0f5d8bd98ffb164988dbb5f5557aa
                            • Instruction Fuzzy Hash: D5D12134B115189FCB04FFA4E894DAEBBB7FF98700F508965E805A7398DA71AC46DB40
                            Function 05C0CA30 Relevance: .5, Instructions: 503COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2952c0bb08f4a3cb7c95c563bd01f2fde66a94c5c2802a89efe7481aa3894f40
                            • Instruction ID: a05a728340b5291c7f93f67fca45ae517af9ef82a491eea6a5b22e955f1ca055
                            • Opcode Fuzzy Hash: 2952c0bb08f4a3cb7c95c563bd01f2fde66a94c5c2802a89efe7481aa3894f40
                            • Instruction Fuzzy Hash: 94123234B006048FDB05FFB4D99499EBBB6FF88300B509969E80667399DF34AD4ADB41
                            Function 05C34B20 Relevance: .3, Instructions: 346COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cd1e408a4b0c21115c9069b58352bf902dfb49b7024528df2cad1fbe62fb68ad
                            • Instruction ID: 32400996a1181fa06a15b23fbb2129606db8131ade3ecb81176b97e1bb83a6c4
                            • Opcode Fuzzy Hash: cd1e408a4b0c21115c9069b58352bf902dfb49b7024528df2cad1fbe62fb68ad
                            • Instruction Fuzzy Hash: 38D16F34B10A189FCF05FF74E8548AE7BB3EB98700B508959E8055B398DF34995BEB81
                            Function 05C34B10 Relevance: .3, Instructions: 344COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 857c088b6988abeec1c2178d67652d124f7e91afad997aff025bb5569a67bcc0
                            • Instruction ID: 1d02fa864047de7cdc66c712e454c413cb09fbe13d7d90948cde5af9617a5f0a
                            • Opcode Fuzzy Hash: 857c088b6988abeec1c2178d67652d124f7e91afad997aff025bb5569a67bcc0
                            • Instruction Fuzzy Hash: D6D17E34B10A189FCF05FB74E85486E7BB3EB98700B508958E8055B398DF359D5BEB81
                            Function 05D9671E Relevance: .3, Instructions: 293COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c947de33cae92f9a3d43f1ad7ffc5d2a78fac2bff162974ebf06569796b6fbcc
                            • Instruction ID: af7e3eedded1bb9a1350221cc463b7dfabc061bb586f2de3aaf14b1ac6d3e2c7
                            • Opcode Fuzzy Hash: c947de33cae92f9a3d43f1ad7ffc5d2a78fac2bff162974ebf06569796b6fbcc
                            • Instruction Fuzzy Hash: 3DC12D747405158FDB54FF28D998A6A77F2EB88700F1185EAD40A9B399EB30ED46CF80
                            Function 05D96727 Relevance: .3, Instructions: 279COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5bd36f6e1a429b21ff4ab49b71e75b5776f7f21676e9aee31c13e387f806d3a7
                            • Instruction ID: 52f392654a2ad9be35cb97dafa3c845c8ad65c760e42c0d445b211ee30ccae3b
                            • Opcode Fuzzy Hash: 5bd36f6e1a429b21ff4ab49b71e75b5776f7f21676e9aee31c13e387f806d3a7
                            • Instruction Fuzzy Hash: 3FC13D747405158FDB54FF28D998A6A77F2EB88700F1185E9D80A9B399EB30ED46CF80
                            Function 05D967E2 Relevance: .2, Instructions: 239COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 692c2a33f5fbe3ba778d29e3af2af7a7f1b8d854b0cb44d86e60b6dacd0dc2bb
                            • Instruction ID: f207e258c34ffdba902592e288bfd6ccf30e6031c8be880413283c2200163ecf
                            • Opcode Fuzzy Hash: 692c2a33f5fbe3ba778d29e3af2af7a7f1b8d854b0cb44d86e60b6dacd0dc2bb
                            • Instruction Fuzzy Hash: BCA13B747405158FDB54FF28D998A6A77F2EB88700F1185E9D80A9B399EB30ED46CF80
                            Function 05D97848 Relevance: 5.5, Strings: 4, Instructions: 483COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: Hdq$PH^q$PH^q$bq
                            • API String ID: 0-283478574
                            • Opcode ID: f39c67f1f05d7bd682445315a4fe5bf7fb30f1071c19b7dd3d4cd8249f51c879
                            • Instruction ID: c3cb3f48ca0a7e84cfe4f09676c088a392878bad95addd3b01a3775033a80a76
                            • Opcode Fuzzy Hash: f39c67f1f05d7bd682445315a4fe5bf7fb30f1071c19b7dd3d4cd8249f51c879
                            • Instruction Fuzzy Hash: 0C126C30A10605CFCB29DF79C550A9EB7F2FF89310F248A69D4069B7A5DB74E985CB80
                            Function 00B819A2 Relevance: 5.1, Strings: 4, Instructions: 141COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: Te^q$Te^q$Te^q$Te^q
                            • API String ID: 0-2929563283
                            • Opcode ID: a552e83762755d04846d6489cfafaf5ce16f9ebceb919cdeef9d696bccfd1ffd
                            • Instruction ID: 304cd159bd9a487862862307771b7b9aeab7e69f2d8c5505abb3145ad37e15f8
                            • Opcode Fuzzy Hash: a552e83762755d04846d6489cfafaf5ce16f9ebceb919cdeef9d696bccfd1ffd
                            • Instruction Fuzzy Hash: 48511B74B101058FC748FF68C598AADBBF2BF88710B6544A9E406EB3B5DE749C06CB50
                            Function 05C05C58 Relevance: 4.3, Strings: 3, Instructions: 575COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: 4'^q$4'^q$4'^q
                            • API String ID: 0-1196845430
                            • Opcode ID: dba8df294d559d0138f3d37c58994ed77b3dcb4ef316de3cdad050556fdf46cd
                            • Instruction ID: 23602d66a435e75f3cdd196ddeffff1333dd073a0c325c170db2aec21eeaf0c0
                            • Opcode Fuzzy Hash: dba8df294d559d0138f3d37c58994ed77b3dcb4ef316de3cdad050556fdf46cd
                            • Instruction Fuzzy Hash: 29323D34A00518CFDB05FFA8E89599EB7F6FB88701F108554E906AB398DE74ED46CB90
                            Function 05D9833F Relevance: 3.8, Strings: 3, Instructions: 92COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: 4'^q$|>eq$|>eq
                            • API String ID: 0-2590577876
                            • Opcode ID: c1f11986989495099754331918b7bf87c7ef84de5d8bdb396c3941c6575eb684
                            • Instruction ID: 035a38d2c20e84969e4858247d7329c33f551e5f5a5df8ce31184e7bfd4244ea
                            • Opcode Fuzzy Hash: c1f11986989495099754331918b7bf87c7ef84de5d8bdb396c3941c6575eb684
                            • Instruction Fuzzy Hash: 7131A8342002404FD715DB29D444A9ABBE2AFC9710B58C6AEE085CF3A6DB30D94A8791
                            Function 05D96C68 Relevance: 3.8, Strings: 3, Instructions: 78COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: (bq$(bq$[t
                            • API String ID: 0-1094742730
                            • Opcode ID: c6340e788388e6edd8377597ee96d4e412b1577767618abeb67a1e3ec622c663
                            • Instruction ID: 81945804e4137b15f487aa736db384107704fc9247e4093d7b2e52d388f0ee5d
                            • Opcode Fuzzy Hash: c6340e788388e6edd8377597ee96d4e412b1577767618abeb67a1e3ec622c663
                            • Instruction Fuzzy Hash: 382105317081649FDB096F2998146AE3FE6FBCA361F5580ABE809DB381CE35CD41C791
                            Function 05D98528 Relevance: 3.0, Strings: 2, Instructions: 491COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: @Udq$@Udq
                            • API String ID: 0-2037091890
                            • Opcode ID: cfdc9cfc2dc69c28999451cbe87f7d686120d044d629b29331185661e89e7217
                            • Instruction ID: c82d3b6a0497ff071fd2918c4a05a05ad7a3f3e414d4f70cc4d8dafc3cf0f98e
                            • Opcode Fuzzy Hash: cfdc9cfc2dc69c28999451cbe87f7d686120d044d629b29331185661e89e7217
                            • Instruction Fuzzy Hash: 42220A34A00204CFCB18DFA9C594AADB7F2BF89714F24856AD406AB361DB31ED42DF50
                            Function 05C01B90 Relevance: 2.8, Strings: 2, Instructions: 294COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: (bq$d
                            • API String ID: 0-3334038649
                            • Opcode ID: 919fd541535c0cdcaeed70ad081857e3ceac79999773cecc63bfedd4e118fb54
                            • Instruction ID: 5c84d2ea0608fee4199c68df193423f9d56f8756fd3ab7f0d945125ad0fb858f
                            • Opcode Fuzzy Hash: 919fd541535c0cdcaeed70ad081857e3ceac79999773cecc63bfedd4e118fb54
                            • Instruction Fuzzy Hash: 44C15D346006068FCB14CF19C984D6AFBF2FF89310B69C959E46A9B7A5DB30F945CB90
                            Function 05C32298 Relevance: 2.6, Strings: 2, Instructions: 101COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: (bq$,bq
                            • API String ID: 0-1616511919
                            • Opcode ID: ec8d1237b62f54028e838a5573a4af58cb62eb5ee354a47acff516aade6424ba
                            • Instruction ID: c3e64923911f931a1ed7ac2bc18147fa6129dde417ee12205c28d0e5c2b6030f
                            • Opcode Fuzzy Hash: ec8d1237b62f54028e838a5573a4af58cb62eb5ee354a47acff516aade6424ba
                            • Instruction Fuzzy Hash: 513127327042585FCB01EFA9AC515BEBBEAEBC9221B1480A7FD09C7391DD35CD1697A0
                            Function 05C071C0 Relevance: 2.0, Strings: 1, Instructions: 799COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: ,bq
                            • API String ID: 0-2474004448
                            • Opcode ID: 9ed6d85c9d018f033cdeb92edc4d2f73b24bc8a93b3ddf3bdcd75cad06c69deb
                            • Instruction ID: 4dc3d2bfe7f860c1db0f967edc98b55eef215d6ff38fa6216d16ac9edffc953a
                            • Opcode Fuzzy Hash: 9ed6d85c9d018f033cdeb92edc4d2f73b24bc8a93b3ddf3bdcd75cad06c69deb
                            • Instruction Fuzzy Hash: 5E82EB74A002289FDB65DF68D954B9EBBF2FB88300F1085D9E909A7355DB30AE85CF50
                            Function 05C071B0 Relevance: 1.6, Strings: 1, Instructions: 343COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: ,bq
                            • API String ID: 0-2474004448
                            • Opcode ID: 320f92fe1a04f197f68b3c0de9b5585b6348c4517fedc5e079f7d40467c8d5c6
                            • Instruction ID: 62db65912d07f3b451a27d0f9354db4cf15fd35c6c16d275585fadad1795191e
                            • Opcode Fuzzy Hash: 320f92fe1a04f197f68b3c0de9b5585b6348c4517fedc5e079f7d40467c8d5c6
                            • Instruction Fuzzy Hash: 29E11D74A002189FDB15DB68C954BEEBBF6FB88700F1085D9E409A7394DE30EE858F90
                            Function 05D98519 Relevance: 1.5, Strings: 1, Instructions: 240COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: @Udq
                            • API String ID: 0-4139025523
                            • Opcode ID: 1e08fbdd96afd254a531dd1012b1522a15e42b293262fce37247967c410fbad6
                            • Instruction ID: 3b44dacd69a7e5ae901e3eea2711f83cc09933e4cd06df02abc1000d162dbe5a
                            • Opcode Fuzzy Hash: 1e08fbdd96afd254a531dd1012b1522a15e42b293262fce37247967c410fbad6
                            • Instruction Fuzzy Hash: 63A12874A00208CFDB29CF69C994AADBBF2BF89705F24856AD406AB361DB30DD41DF50
                            Function 05D97150 Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: bq
                            • API String ID: 0-492960840
                            • Opcode ID: a5b807c925403ec1317cba40c46c32a41fbe0fb51756591583fd0144263266fb
                            • Instruction ID: 613fcdad52dd5885b5d3be54b4f06f91f2f5adaf63b1867e161481cfb10780be
                            • Opcode Fuzzy Hash: a5b807c925403ec1317cba40c46c32a41fbe0fb51756591583fd0144263266fb
                            • Instruction Fuzzy Hash: 51513532B1010A9FCF05DFA8D8409EEBBF6FF88350B15806AF905E7264DB35D9618B91
                            Function 00B81F38 Relevance: 1.4, Strings: 1, Instructions: 165COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: Deq
                            • API String ID: 0-948982800
                            • Opcode ID: 5858853fbe7cdf83a37c2d5c8d140d532e210a4dcd53af8d8f14b8422d7d41d9
                            • Instruction ID: a348b5553c9781de1b98bb98328321338e84e4b59e89bbc1bfc287cb9c446957
                            • Opcode Fuzzy Hash: 5858853fbe7cdf83a37c2d5c8d140d532e210a4dcd53af8d8f14b8422d7d41d9
                            • Instruction Fuzzy Hash: 65615C746006018FCB14EF69D584A69BBF2FF88310B5585A9E416EB3B5EB31EC45CF90
                            Function 05C01B8A Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: (bq
                            • API String ID: 0-149360118
                            • Opcode ID: 21e231736fe9516b61d14cc39e249971c0e1c104517d0720983a26bda257b614
                            • Instruction ID: 7b145e5d97c57a701dfe2d22edf054b82b4c8228e53076754f1d3a5db088e4a9
                            • Opcode Fuzzy Hash: 21e231736fe9516b61d14cc39e249971c0e1c104517d0720983a26bda257b614
                            • Instruction Fuzzy Hash: 2B415B34600606CFCB14CF69C884A6EF7F6FF89310B198959E81AAB390DB30F941CB94
                            Function 05D99368 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: [t
                            • API String ID: 0-3927352614
                            • Opcode ID: c41ced6144b74d98774e27a9176dcee94c47efb9cbb49445ae74200236769934
                            • Instruction ID: 16b6376a2c6ddd5794c9379e93b43671176665b08e2ad46686976da60b3044f0
                            • Opcode Fuzzy Hash: c41ced6144b74d98774e27a9176dcee94c47efb9cbb49445ae74200236769934
                            • Instruction Fuzzy Hash: 5941D3306001059FCB04EF68D4949AEBBF6FF85314B54C5AAE4199B355EB31ED4ACBD0
                            Function 05D92CBB Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: $^q
                            • API String ID: 0-388095546
                            • Opcode ID: f832a1a8c70a26af48dde96228c74fca688a68e3a6decc5ef491fd768fbd6bed
                            • Instruction ID: 2166cebd851540c49053204f5e411e9b42d5f886c5c1cbc1571e20c559294b96
                            • Opcode Fuzzy Hash: f832a1a8c70a26af48dde96228c74fca688a68e3a6decc5ef491fd768fbd6bed
                            • Instruction Fuzzy Hash: E931BC78B14214AFCF09EB64D844AADBBB6FF89300F1444ABD801AB355EB74C806CBD5
                            Function 05D920F8 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: [t
                            • API String ID: 0-3927352614
                            • Opcode ID: 08c392e2592e622c0585ca73cb4bc0c4b6620d28f46a713f0c3619ab20b52e3a
                            • Instruction ID: 98b04a03653389be50aa9bcb21fb238581a2001ac156e8aae4f2823d72077f5e
                            • Opcode Fuzzy Hash: 08c392e2592e622c0585ca73cb4bc0c4b6620d28f46a713f0c3619ab20b52e3a
                            • Instruction Fuzzy Hash: EC31F770A006459FC705EF24D8919EEBBF1FF85304B5485AAD4499B366EB30A94ACBD0
                            Function 05D92CC8 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: $^q
                            • API String ID: 0-388095546
                            • Opcode ID: f92f6a420e31ecdd765248885cca30c06e2c0095a0d52fe1f76420e4a0aee3d7
                            • Instruction ID: 6b0d773c2854d1fffb550c79ecae0a3d38e49f94093a70db63645152830654cc
                            • Opcode Fuzzy Hash: f92f6a420e31ecdd765248885cca30c06e2c0095a0d52fe1f76420e4a0aee3d7
                            • Instruction Fuzzy Hash: 31312C38B14614ABDF19EF64E854AAEB7B6BFC8300F10456AD801A7358EB75DC05CBD1
                            Function 05D9D051 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: a^q
                            • API String ID: 0-3411664965
                            • Opcode ID: 853296958c10a43874c47f9470f4ea7d9952a48c3baf2d634da86f9afe559525
                            • Instruction ID: 592bea4804c15071ee8144c42bccf7c9d3675b4f02f6ad831220692af03cb96e
                            • Opcode Fuzzy Hash: 853296958c10a43874c47f9470f4ea7d9952a48c3baf2d634da86f9afe559525
                            • Instruction Fuzzy Hash: 95112775A016108BC718FF74A40429EBBF3EBC4B50F01495AD8469B344EB31AE0A87C1
                            Function 05D9D060 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: a^q
                            • API String ID: 0-3411664965
                            • Opcode ID: a2b5573ceae9d4741755ddfac9657839e9d6c25ff602252978a558d3d6c235b7
                            • Instruction ID: 74b6532271a4ba39304150adebc5847dc3cd9ce8c3d22d391d60dc38ff6a1df0
                            • Opcode Fuzzy Hash: a2b5573ceae9d4741755ddfac9657839e9d6c25ff602252978a558d3d6c235b7
                            • Instruction Fuzzy Hash: 8A110870B006148BC708FF64E40525E7BF7EBC4B10F408A6AD9099B344EF34AE498BC5
                            Function 05D9AA30 Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: Te^q
                            • API String ID: 0-671973202
                            • Opcode ID: cb361b49d97b76a5d06a804582f96a53c41b885c7537497b453eb5c042092536
                            • Instruction ID: 63affaebbbc777513128e974ac8333e93afd3ff23365c53e8ee9f100b9a16c42
                            • Opcode Fuzzy Hash: cb361b49d97b76a5d06a804582f96a53c41b885c7537497b453eb5c042092536
                            • Instruction Fuzzy Hash: FE018431B406258BDB14FB54E8197AE76F6EB88710F104959E4067B384CF785D0687D5
                            Function 05D9D0A7 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: a^q
                            • API String ID: 0-3411664965
                            • Opcode ID: d01195ec66a524a93775a93c80b4870ab86bacb6a823f6d7d9fccb1a4ac95451
                            • Instruction ID: 5f50afff52a7adc35aadc39752aff990f45737e5a3e568817374420d5bd8d945
                            • Opcode Fuzzy Hash: d01195ec66a524a93775a93c80b4870ab86bacb6a823f6d7d9fccb1a4ac95451
                            • Instruction Fuzzy Hash: F4F022317402108BD708BB64A40539E7BE3EBC4B90F404EAAD9165F398DFB1AE4D47C1
                            Function 05C00548 Relevance: .5, Instructions: 472COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 94c3c5a59d847643f717b0a86d036456b6f3c1dba4fc1566dbafaa7924c524d8
                            • Instruction ID: 2bba13146e7e12c4923395c331f052114e636a36e68963c8b0a4a16c603012bb
                            • Opcode Fuzzy Hash: 94c3c5a59d847643f717b0a86d036456b6f3c1dba4fc1566dbafaa7924c524d8
                            • Instruction Fuzzy Hash: 4F02B3703041018BE744FF69D85976E77E3EB88714F9588A8E846EB3C8DE34ED468B91
                            Function 05C0CA21 Relevance: .4, Instructions: 358COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4667531e15680369e2955f6e3c609f0188b0e19a0ea5e7ac59ff00da0ce17880
                            • Instruction ID: e8044ae1e9d47354340a95bc4dc85a8c61b4073539217402d7a09b7b289001e1
                            • Opcode Fuzzy Hash: 4667531e15680369e2955f6e3c609f0188b0e19a0ea5e7ac59ff00da0ce17880
                            • Instruction Fuzzy Hash: A5E15634B106048FDB04FFB4D8949AE7BB6FF88300B509969E406A7399DF34AD4ADB41
                            Function 05D98EDD Relevance: .3, Instructions: 341COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f652af3bec3b5adb548c5672ef13f85b69011cba93e506f86fa413ef2589eadc
                            • Instruction ID: 2a660e6def36b4bef28887cba2b99641c82a94fcec10ea808523b4fff561e4a4
                            • Opcode Fuzzy Hash: f652af3bec3b5adb548c5672ef13f85b69011cba93e506f86fa413ef2589eadc
                            • Instruction Fuzzy Hash: 57E1D674A04205CFDB14CF58C584A99FBF2BF89314F25C29AE849AB366D731E985CF90
                            Function 0556DA70 Relevance: .3, Instructions: 257COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4209768348.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5560000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 28cd2d60dea381c6edcfd981a98e2dfcc23280c2dc3b66b1e326f7040455e0dc
                            • Instruction ID: 69da3581a400b18160b0eeab971ed539f8b4b1b7c93f4579e9ebb3d1740b30d2
                            • Opcode Fuzzy Hash: 28cd2d60dea381c6edcfd981a98e2dfcc23280c2dc3b66b1e326f7040455e0dc
                            • Instruction Fuzzy Hash: E2A17C75B005188FDB15EFA8D490A9E77F6FF88710F148965E806AB358DB34ED82CB90
                            Function 05C346B0 Relevance: .2, Instructions: 240COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e6140549745c527f131e140c4d9fa29cc0a13885d0f7c41ca00fc0887538d47f
                            • Instruction ID: 8511e5cf0c0f386b049d63a4bf0ef8280dbbcdc5b34e4f76279929aa58624e6f
                            • Opcode Fuzzy Hash: e6140549745c527f131e140c4d9fa29cc0a13885d0f7c41ca00fc0887538d47f
                            • Instruction Fuzzy Hash: A891A434B016189BCF09FF64D498AAE7BB7BF89300F108D69D40167398DF74995AEB81
                            Function 0556F2CF Relevance: .2, Instructions: 210COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4209768348.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5560000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ddd91bbc741cb57006a76ef5200c4a305f54d56e38df85fc2ee481c521c05182
                            • Instruction ID: 0ccafef59d35c43193490b6e79a6205525c3aed6cbd52cf83dfad0fdd7221dfe
                            • Opcode Fuzzy Hash: ddd91bbc741cb57006a76ef5200c4a305f54d56e38df85fc2ee481c521c05182
                            • Instruction Fuzzy Hash: 5F71E6B0B445048FE304FFA8E45556B36E7EF88705B5488A9F902DB38DDE28DC868B91
                            Function 05C37E6B Relevance: .2, Instructions: 206COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9d05cf10f6f3b527b941c6f78cb659be166a85d1dd0d9b6f2ce69622966ce1d0
                            • Instruction ID: 29907d9a0bc3f4217f2e484b840076bdd9408de589084e1aaaafd0fc1cd6a7f5
                            • Opcode Fuzzy Hash: 9d05cf10f6f3b527b941c6f78cb659be166a85d1dd0d9b6f2ce69622966ce1d0
                            • Instruction Fuzzy Hash: 1F818B3A211600EFCB4AAF84DD49D657F63FB4C32470A89D4E6464B276C732D862EF91
                            Function 05C346A0 Relevance: .2, Instructions: 203COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c81ca611805f6df0c4de6e48b7734c0a6520ec38abe865659bdc2cd2426ceecd
                            • Instruction ID: 9281744bc10b592ee8bacaec28983073079e79e4a22d8b92135e9d03fad18fcf
                            • Opcode Fuzzy Hash: c81ca611805f6df0c4de6e48b7734c0a6520ec38abe865659bdc2cd2426ceecd
                            • Instruction Fuzzy Hash: F271C434B01A048BCF09FF64D498AAD7BB7FF89300F108A69D40153398EF74995ADB81
                            Function 05C36C10 Relevance: .2, Instructions: 197COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b7385cfa4111994583905a4e230433ca49d9db05fd4ef92818be104daf2fea73
                            • Instruction ID: 055e9dc7469ddf2be0e8ccc251b78bb6b20a647ecff93a893ccb5cac2a7c79e4
                            • Opcode Fuzzy Hash: b7385cfa4111994583905a4e230433ca49d9db05fd4ef92818be104daf2fea73
                            • Instruction Fuzzy Hash: 7D717F34700A15AFDB05FB64D895A6E77A7BB88700F108D58E802A7398DF74AD599BC0
                            Function 05D98145 Relevance: .2, Instructions: 177COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a14bc3ffaec2421d590023e8d090593dc6ad84134f3a380c82e78fc7b6781e92
                            • Instruction ID: b825cb1060b3358c83b984fd489cfe7ca67784bef9264fb21148cf94b5029595
                            • Opcode Fuzzy Hash: a14bc3ffaec2421d590023e8d090593dc6ad84134f3a380c82e78fc7b6781e92
                            • Instruction Fuzzy Hash: 1011E2353043448FDB258F28D894A76BBE6EF8B260B19409AE584DB3A6DA21DC01C7A0
                            Function 05C37C1B Relevance: .1, Instructions: 146COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 872c1350a879f12d2ec6fb2c88abb4b4ceeba215b2e47173266c469017e21302
                            • Instruction ID: fe22e511e9633475c34c4e281b243fa5d57e0cf9f452fa0c9d0392d4a540a67e
                            • Opcode Fuzzy Hash: 872c1350a879f12d2ec6fb2c88abb4b4ceeba215b2e47173266c469017e21302
                            • Instruction Fuzzy Hash: 5D51F531B006098FDF05FB64D840A6E7BB6EFD8700F008959E405A7388DF78ED4A9B91
                            Function 05D907F1 Relevance: .1, Instructions: 145COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b88b027c35e52138d08861bcb5ae2777555e46028d97f5cbca8dcc59ac8e6efb
                            • Instruction ID: 98d1fdc36532f841c796f8f9609613d7eb14d88ef5d2d17ebd857a0ff80630e4
                            • Opcode Fuzzy Hash: b88b027c35e52138d08861bcb5ae2777555e46028d97f5cbca8dcc59ac8e6efb
                            • Instruction Fuzzy Hash: FF51A3343406148FD705FB68E868A6F37E7EBC8704F108499E80A9B399DE78EC4687D1
                            Function 05D90820 Relevance: .1, Instructions: 129COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 14cf59fb453fe2ec2874adb007e9a7d01c2960b45132590d088ec495753833eb
                            • Instruction ID: 854e8a6e195566e56be8657614af79bd869551179a7647b9947eedb9f55fe6b4
                            • Opcode Fuzzy Hash: 14cf59fb453fe2ec2874adb007e9a7d01c2960b45132590d088ec495753833eb
                            • Instruction Fuzzy Hash: 824173747405148FD708FB68E868B6F32EBEBC8704F108599A90A9B399DE74EC4687D1
                            Function 05D92590 Relevance: .1, Instructions: 127COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d162dccb6bd8c75d510bf5936145405ed0161895f385772fb58bbff37d2c28aa
                            • Instruction ID: 24be460a1385bb6ca8daf16449f54ad35172be9ef22bfa7293a236f4e39ff1f9
                            • Opcode Fuzzy Hash: d162dccb6bd8c75d510bf5936145405ed0161895f385772fb58bbff37d2c28aa
                            • Instruction Fuzzy Hash: 684151387405149FCB08FF69E994AAE73B7FB88704F5085A6D40597398EB30AD4ACBD1
                            Function 05D92583 Relevance: .1, Instructions: 120COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b6191fdc70ea27da0bceccb618dd2d573212b3c15a54da7d8f7616e6a1c043be
                            • Instruction ID: 3a46873a8bc4ae83e5c66bcaccf2f49f99e7272c330f95be17a071c335dd9a6b
                            • Opcode Fuzzy Hash: b6191fdc70ea27da0bceccb618dd2d573212b3c15a54da7d8f7616e6a1c043be
                            • Instruction Fuzzy Hash: 75416F387005149FCB08FF64E995AAE77B7FB98704F5085A5D80697398EB30AC4ACBD1
                            Function 05D96A1F Relevance: .1, Instructions: 119COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1f9e30dbf4e505cbdb41a7396d834d50a5a5c45a23009b68c204ab1c5f02d01c
                            • Instruction ID: 5bbaa789799998daf2a28dc6b2ca6b87020f10255e2186894fd8dc1a2f05fad9
                            • Opcode Fuzzy Hash: 1f9e30dbf4e505cbdb41a7396d834d50a5a5c45a23009b68c204ab1c5f02d01c
                            • Instruction Fuzzy Hash: 72513D74B405158FDB04EF28D998AAE77F2EB88304F1085E6D40A9B359EB30ED46CF80
                            Function 05D96A2C Relevance: .1, Instructions: 118COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a77df8087269b4355a4683aad97c3ca64efdb5fdd54cb4e036318cbded3c48fe
                            • Instruction ID: 49fbf4999b2fda9967e7d13c578e622dcc9368cf9d0fd08f45ea64ad2e8a299b
                            • Opcode Fuzzy Hash: a77df8087269b4355a4683aad97c3ca64efdb5fdd54cb4e036318cbded3c48fe
                            • Instruction Fuzzy Hash: C6512D74B405158FDB04EF28D998A9E77F2EB88304F1085E5D40A9B359EB34ED468F80
                            Function 05C090C8 Relevance: .1, Instructions: 111COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 740ee30aefcbb2e147331418de87b54ab731c53de7a3e922bc64334b29c73d28
                            • Instruction ID: f90af37a2d3be4bc150a52a79ad96092fec6d99d439ff7e7833757d98d8adb91
                            • Opcode Fuzzy Hash: 740ee30aefcbb2e147331418de87b54ab731c53de7a3e922bc64334b29c73d28
                            • Instruction Fuzzy Hash: E1315E76700104AFCF04EF95E894E9A7BB7FB88300F048868EA059B3A5DA74E945CB90
                            Function 05C301E0 Relevance: .1, Instructions: 102COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 63afb6832554afc8329a3d5d470561809dd425d4559cd1e4dec5630ce6beaf84
                            • Instruction ID: aa1713076cc35ac62cfd98245a857a130a9c06a0de419c2cfb450dc7ad6e7ca1
                            • Opcode Fuzzy Hash: 63afb6832554afc8329a3d5d470561809dd425d4559cd1e4dec5630ce6beaf84
                            • Instruction Fuzzy Hash: C8317E35B0020A8FDB00EBA8D5499BFB7F6FB88314B1088A9D90597345EB35ED46CB91
                            Function 05C301D1 Relevance: .1, Instructions: 97COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0889e0198f3dd1b432486d2a7d35090c0567569e00a3ab118a09f745b7ab1f37
                            • Instruction ID: abf74e8d9d72fbd4fed0ff5de04e38911450fc5757fb8e34fc0e483c75fb7514
                            • Opcode Fuzzy Hash: 0889e0198f3dd1b432486d2a7d35090c0567569e00a3ab118a09f745b7ab1f37
                            • Instruction Fuzzy Hash: 6C315036A0020A8FDB00EFA4D5899BFB7F6FB84314F148869D90597345EB35E946CB91
                            Function 05C323E0 Relevance: .1, Instructions: 93COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f6af2c3cff96ba74995538a41a5f58cd9d21aa46a934270bd17fc16c3312653b
                            • Instruction ID: 20a3a0163e5f14c3e78b62a6fd82451c64aa9378d77c18713ec3950e7622d230
                            • Opcode Fuzzy Hash: f6af2c3cff96ba74995538a41a5f58cd9d21aa46a934270bd17fc16c3312653b
                            • Instruction Fuzzy Hash: 48311C72600059AB8F028ED59C50CFFBFFEEB4D250B044066FE55E2151DA36DA259BB0
                            Function 05C3FBB1 Relevance: .1, Instructions: 88COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: aa0b7c2515bb3acc29153c21a5c417de7c8bd8a3cef0e8ac3156e42d45a3f56c
                            • Instruction ID: 978befc588a823f534d76a71c273436363f11061c6ef7e0eba01c92126ee3c76
                            • Opcode Fuzzy Hash: aa0b7c2515bb3acc29153c21a5c417de7c8bd8a3cef0e8ac3156e42d45a3f56c
                            • Instruction Fuzzy Hash: C531D174B005088FD744FFA8E4446AE77F6EBC8715B108468D90AD7389EF389D438B91
                            Function 05C3FBC0 Relevance: .1, Instructions: 85COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 310c9d4eb94b701b5dd558e5d1b86450f20b11ccb2d1246a5c4acf271ece1df5
                            • Instruction ID: c58a47ad7e9cd93239c37dc95d2cb916b1dbce61f0fcbd8924a463afcb0d11bc
                            • Opcode Fuzzy Hash: 310c9d4eb94b701b5dd558e5d1b86450f20b11ccb2d1246a5c4acf271ece1df5
                            • Instruction Fuzzy Hash: 2C31CE74B005088FD744FFA8E4546AE77F6EBC8705B108478D90AD7389EE389D478B91
                            Function 05C090B9 Relevance: .1, Instructions: 81COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f7fb9dcdd9a24c5049742d94f586967e9a448fc931f03541109d68666c43b3c4
                            • Instruction ID: 9e77a383d9bad10a6530d06a2a730e7bd869350f350853721cdff067ee622d89
                            • Opcode Fuzzy Hash: f7fb9dcdd9a24c5049742d94f586967e9a448fc931f03541109d68666c43b3c4
                            • Instruction Fuzzy Hash: B1218076700104AFCB04DF95E894E9A7BB7FB88310F058864E6059B365DA35E916CB90
                            Function 05C04BF0 Relevance: .1, Instructions: 77COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d88259b7feea27d34e5ee297aa47652573bebb391e7d0497d2e147568a02e67c
                            • Instruction ID: 47bba184f3927b22d7cb1ea5681ca4d5ee5a654a040697f32b5322d8d625a09e
                            • Opcode Fuzzy Hash: d88259b7feea27d34e5ee297aa47652573bebb391e7d0497d2e147568a02e67c
                            • Instruction Fuzzy Hash: 7B21C277540108BFCB45DFD0ED45E9ABBBAEB09314B4580E5E6089B272D632DA12EB50
                            Function 05C057E8 Relevance: .1, Instructions: 74COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c28c464e1b8d1c4d874dfb8106febb4e0794cb314e63e5b393644a80ae75ee0b
                            • Instruction ID: 641a884637160efa4f27dd9d943c89363788a12bf169d7370c5289e6a621fed9
                            • Opcode Fuzzy Hash: c28c464e1b8d1c4d874dfb8106febb4e0794cb314e63e5b393644a80ae75ee0b
                            • Instruction Fuzzy Hash: 27110977900119AFDF05DF94D804CDA7B76FB88320B0684A4EA057B265C676E92AEB90
                            Function 05C057D8 Relevance: .1, Instructions: 68COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3c6d368013a61a9b229ff3e5b8e7f325da71f4a31efef90d1999365739a4ba61
                            • Instruction ID: 4ee175f0023826461101e4b0f14c103ba803ad52e339de5202fa05a7519db77f
                            • Opcode Fuzzy Hash: 3c6d368013a61a9b229ff3e5b8e7f325da71f4a31efef90d1999365739a4ba61
                            • Instruction Fuzzy Hash: 49118E32A00115AFDF06CF94DC04CD97B76FB48310B0684A5F604AF276C635E926DB90
                            Function 05D98D50 Relevance: .1, Instructions: 66COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 21d7d830628df2273ea36940661dc1ea8f63f4a88ed9ac14eb754565516216fe
                            • Instruction ID: 7a1915fa0cfb14eeab81ca8d62094c17355acc7ed375f28356cef8e79b05c1e2
                            • Opcode Fuzzy Hash: 21d7d830628df2273ea36940661dc1ea8f63f4a88ed9ac14eb754565516216fe
                            • Instruction Fuzzy Hash: 5B211830200A008FC728DF19D544F52F7E5FF85724F55CAAAD49A8BB62D770E985DB80
                            Function 05D9D970 Relevance: .1, Instructions: 66COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f2f59cb9acfe13badd028ce90667b00993b3fe0931816333939db12f64a0dc0d
                            • Instruction ID: 063b30cdbb7ddfad70e1100b887c5444d84858b5da691d209d5f6a044428790a
                            • Opcode Fuzzy Hash: f2f59cb9acfe13badd028ce90667b00993b3fe0931816333939db12f64a0dc0d
                            • Instruction Fuzzy Hash: B82189B0805348CFCB20DFA9C444BCEBFF4EB09314F24845AD499A7251D734A945CFA5
                            Function 0556DA60 Relevance: .1, Instructions: 65COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4209768348.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5560000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4cc6028d701d60f14fe015eb186a057822c142e835b2bbc50fc6ad5186d43fb1
                            • Instruction ID: b73dc05aff0874c9343f884bd5ba070e66d8e334836dbcbb227e1445259529c8
                            • Opcode Fuzzy Hash: 4cc6028d701d60f14fe015eb186a057822c142e835b2bbc50fc6ad5186d43fb1
                            • Instruction Fuzzy Hash: 09210BB6A001089F9B15DF99D8948DEB7F9EF88310B158166E905E7354DA30EE46CBA0
                            Function 05D98E20 Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fccfd9d6f6562b8316ab0da62bbb11b5bbea8fd829c17f91e689c2c17d66fe64
                            • Instruction ID: 3e3fbcbecbbbdc2018d2c6b185bc8d6db79394887977c105f1efa984eb20ad21
                            • Opcode Fuzzy Hash: fccfd9d6f6562b8316ab0da62bbb11b5bbea8fd829c17f91e689c2c17d66fe64
                            • Instruction Fuzzy Hash: EC1163703042009FCB24CF29D894E53BBE9FF89714B15856EE44ACB262D731DC46CB50
                            Function 05C00218 Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 817f9e5f8d9ea0c333d2fb5598ba0cac2b8ce94d16a1da16ff958b0c4ecb8c40
                            • Instruction ID: ae818cd8acdf122abc188c6ae104874fcd235f7354f383ad3ba476f892d61621
                            • Opcode Fuzzy Hash: 817f9e5f8d9ea0c333d2fb5598ba0cac2b8ce94d16a1da16ff958b0c4ecb8c40
                            • Instruction Fuzzy Hash: 0211A372508248AFCB01DFA8DC11AAEBBFDDB4A211F4440E6E944DB251E9369E0197A1
                            Function 00B81838 Relevance: .1, Instructions: 60COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4cf9932e4015747fed9f21e9f13ae73aa352f9504f4026c05f371b71a141230d
                            • Instruction ID: 73aeb95ac779cbb3703a77ace2cf248ef42b64314bd32740ce61ebdb7a88d1d2
                            • Opcode Fuzzy Hash: 4cf9932e4015747fed9f21e9f13ae73aa352f9504f4026c05f371b71a141230d
                            • Instruction Fuzzy Hash: 0C11A3347102008FD711EB7EC869A5A7BE6FF8835471088A9E406DB374EF71DC068B91
                            Function 05C00538 Relevance: .1, Instructions: 56COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fccd8b1ae1651986c9407840c2088110dfb5142850363c8d49ee83052c688cc5
                            • Instruction ID: b376827501ed87145a76417aa18a9cc028618f3e2558b39fedf609453e67b199
                            • Opcode Fuzzy Hash: fccd8b1ae1651986c9407840c2088110dfb5142850363c8d49ee83052c688cc5
                            • Instruction Fuzzy Hash: 0A1108713045059FDB40EF69D845A9B7BA6EF98690F058475FC06D3380EA34EE56CBA0
                            Function 05C082A9 Relevance: .1, Instructions: 55COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 21934dba250cd426ff9ebc27bba37c6284c438ec052717e53507ad3fb42deff5
                            • Instruction ID: a2d7c6c490bc1d0b9a46fecefbb9069df986f15ea939609f06d4ed323024caa2
                            • Opcode Fuzzy Hash: 21934dba250cd426ff9ebc27bba37c6284c438ec052717e53507ad3fb42deff5
                            • Instruction Fuzzy Hash: 1011DB313402059FD710EF19DC81E9FB7AAEB84314F408929F5098B799DB74FD8A8794
                            Function 05D9B441 Relevance: .1, Instructions: 54COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2a322b3b162f6345e0aff1699ea73d7e85c8c1bf925298cb99627b5d081112a8
                            • Instruction ID: 04508c5e91f79adcfa4668ed1ddeff723f1f83764138f08d2c9f7e14085e1e5d
                            • Opcode Fuzzy Hash: 2a322b3b162f6345e0aff1699ea73d7e85c8c1bf925298cb99627b5d081112a8
                            • Instruction Fuzzy Hash: A31108B1B081859FCB01EB69F8448AFBB76FBC5214B14459AE81897345DB309A0687E1
                            Function 00B81848 Relevance: .1, Instructions: 53COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c0028be872e413369b4e7dd41e314f0eaae8afb0e047486890af8d3dd6ab1562
                            • Instruction ID: b31474db1e40ede4062be9b364488322d4a1ecfa5cb3fd21da6b8d0d2c14c1c9
                            • Opcode Fuzzy Hash: c0028be872e413369b4e7dd41e314f0eaae8afb0e047486890af8d3dd6ab1562
                            • Instruction Fuzzy Hash: 321152347002008FC715EB7EC969A5A7BEAFF8875075184A9E506DB374EF70DD068B91
                            Function 05C0D607 Relevance: .1, Instructions: 52COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0bb467196de7a9211dcfc50438b4c63ca672934de6e417fe1764174b9e168bab
                            • Instruction ID: 05decf1d5f7cf98faeb5c0bf717b68405d87ffece89bb1a700f23210ff28ed3f
                            • Opcode Fuzzy Hash: 0bb467196de7a9211dcfc50438b4c63ca672934de6e417fe1764174b9e168bab
                            • Instruction Fuzzy Hash: 33118436614608AFCB01DFA4DC026DDBBB5EF46210F1485ABEC48AB211EA36D916DB91
                            Function 05C004F1 Relevance: .0, Instructions: 50COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7bdeae4b59043aa1f77f1e287f2d040e70784a66d42712e4582069f378f6bb22
                            • Instruction ID: f23b8f6553b3ea2ec8192ccc13e8c83889392d2d2f4fb36de7fc159f9275cdde
                            • Opcode Fuzzy Hash: 7bdeae4b59043aa1f77f1e287f2d040e70784a66d42712e4582069f378f6bb22
                            • Instruction Fuzzy Hash: C1015E721082986FCB41CFA4DC11AAA7FBDDB4A210F488097FD84D72A2D529DA1197B6
                            Function 05C082B8 Relevance: .0, Instructions: 48COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 68b61cf069e4cd0af7f643afa147b4e1f7b3594b3e5bdb5e29875e7849a29108
                            • Instruction ID: 2c99955faaab49bcade9ef1b8d0a3fdb528f97078871a6155aa5763f9a0b7053
                            • Opcode Fuzzy Hash: 68b61cf069e4cd0af7f643afa147b4e1f7b3594b3e5bdb5e29875e7849a29108
                            • Instruction Fuzzy Hash: C701B9313402059FD710EF59D881D9FB7AAEB84304B408528F5098B759DF74FC8AC790
                            Function 05D91B90 Relevance: .0, Instructions: 47COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1f6fc17c428f84b2364fa615cde60f77170f69caf6170c44114bfe142b4b57a1
                            • Instruction ID: 7a2de06952ebe81c78382325081c38e9c71543449572c67a3c35161f27193459
                            • Opcode Fuzzy Hash: 1f6fc17c428f84b2364fa615cde60f77170f69caf6170c44114bfe142b4b57a1
                            • Instruction Fuzzy Hash: 13019671A002049FE304EBA8E80579A77F5E748711F504555EA15E73C4DA34ED45CBD1
                            Function 05D982D0 Relevance: .0, Instructions: 47COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 25c3574f909c86c5d54292d4eefb715fc879a51c4914babb9e640579a752b043
                            • Instruction ID: bec39b51c2338e8dddc851d64225b3d74aadfc4c486093faed102f5610dccd27
                            • Opcode Fuzzy Hash: 25c3574f909c86c5d54292d4eefb715fc879a51c4914babb9e640579a752b043
                            • Instruction Fuzzy Hash: 5001AD347002008FCB10CF69D888E2ABBEAFFCE261B18446AF549DB361DA31EC01CB50
                            Function 00B1D7F1 Relevance: .0, Instructions: 45COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4199856373.0000000000B1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B1D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b1d000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 963c5cf4891859b20721d31b022e8dca7f8db8624c76f9404a2b792df57aa0cd
                            • Instruction ID: cb2282c9b82366149870fb2e928af8917aa5124e6b59af1a52d188b94562b85d
                            • Opcode Fuzzy Hash: 963c5cf4891859b20721d31b022e8dca7f8db8624c76f9404a2b792df57aa0cd
                            • Instruction Fuzzy Hash: 3F01D631509344EAE7108B6ACDC47A7BFD8EF55324F58C5AAED094A286C779D880CAB1
                            Function 05D9D9A0 Relevance: .0, Instructions: 44COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 889b3258a13147692f7fc5b66f5bf62ea5489cd91344d0be2217d16796011012
                            • Instruction ID: 3aeb2b441752cde2425088445935d0c8be2049b909e131baba7a3a33c0190f72
                            • Opcode Fuzzy Hash: 889b3258a13147692f7fc5b66f5bf62ea5489cd91344d0be2217d16796011012
                            • Instruction Fuzzy Hash: BE1100B5900249CFCB20DFAAC584BDEBBF4EB48324F20841AD459A7350C774A944CFA5
                            Function 05D91BA0 Relevance: .0, Instructions: 43COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bda7c066cfb72b5ef133972ee0089ca24afeceb67eb1bdf8b1f8b3543e60fc5f
                            • Instruction ID: a63ee55d8f41dc82a1eff5bf52677b373bbbe39bd009418c7f9b66d7db4452be
                            • Opcode Fuzzy Hash: bda7c066cfb72b5ef133972ee0089ca24afeceb67eb1bdf8b1f8b3543e60fc5f
                            • Instruction Fuzzy Hash: 0E012171A001089FE740EBA8E80179A77F6EB88711F104965EA19EB3C9DA74EE458B91
                            Function 05C0FD20 Relevance: .0, Instructions: 38COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ca3cf006b2bd6337f0e1a8cfe0d628b73a08257060ce635e6510c8db6f809cb5
                            • Instruction ID: 18e169f9d40ab9915abc0c6a3fd76851d172533f8e1c8e945e0b58c051a1251c
                            • Opcode Fuzzy Hash: ca3cf006b2bd6337f0e1a8cfe0d628b73a08257060ce635e6510c8db6f809cb5
                            • Instruction Fuzzy Hash: 67F02431740B054BF7216AA4A801B6B32AAEBC0614F00886EE509973C4EE26EC438791
                            Function 00B1D7F0 Relevance: .0, Instructions: 36COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4199856373.0000000000B1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B1D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b1d000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b39e75001e9c53cc8f3650548019d50d95c1ebf107c9c686a15c17fed59ac4eb
                            • Instruction ID: 81a4b675d41e8bbd16bb9023581518a23cfd944680c4cfcf38f13e6ddb6275af
                            • Opcode Fuzzy Hash: b39e75001e9c53cc8f3650548019d50d95c1ebf107c9c686a15c17fed59ac4eb
                            • Instruction Fuzzy Hash: E3F06271405344AEE7108A16D9C4BA6FFE8EB55734F18C55AED084F286C3799884CA71
                            Function 05C37E38 Relevance: .0, Instructions: 35COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cfe4a6561d343198d755e01f96b60a2777c9a22610c6dafda93f68a26fc00847
                            • Instruction ID: 06bb3b34a948f70e6a875936445c00bea042109a34625e9abb4a41201528a067
                            • Opcode Fuzzy Hash: cfe4a6561d343198d755e01f96b60a2777c9a22610c6dafda93f68a26fc00847
                            • Instruction Fuzzy Hash: 95F0B4B16082089FDB02DB64DC02A6ABBF5EB95304F14899AD805D7321DB32ED469791
                            Function 05C0FD10 Relevance: .0, Instructions: 35COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b7cf6ff9bcc5d0400ecc9ff9618fa6081f2d2a50d7a01fc0741ef2e3a98cdfa8
                            • Instruction ID: a99957c859bc0ae91ac399f4842604b59b7cea08f9f390519e17613a3d4a14af
                            • Opcode Fuzzy Hash: b7cf6ff9bcc5d0400ecc9ff9618fa6081f2d2a50d7a01fc0741ef2e3a98cdfa8
                            • Instruction Fuzzy Hash: 3AF0B431700B0197E7316B50E805B6A36A6FB80B10F00886EE9059B3D4EF65DD42CB81
                            Function 05C334B7 Relevance: .0, Instructions: 34COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5c662ebb1bc8094f6504771a5fafd04bf14668dee6f2fdb1fdbe5a555242e0c8
                            • Instruction ID: f6afa390fd2966a6134034f7905990bc57f118be2e1783b13256fd5168069b72
                            • Opcode Fuzzy Hash: 5c662ebb1bc8094f6504771a5fafd04bf14668dee6f2fdb1fdbe5a555242e0c8
                            • Instruction Fuzzy Hash: 8DF0E232304544ABC705EB99E894A6FBBAEEBC8320B108428F909C3384CA359D46C790
                            Function 05C37BE8 Relevance: .0, Instructions: 34COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d4767d50668885dd6bfa96c2a026c7800ddc7dc9bdc5494a7c5522056a22b90e
                            • Instruction ID: b9a539873852480f2bd59ed9b642707af675d3fe051d221f27d5f3a5d6b35324
                            • Opcode Fuzzy Hash: d4767d50668885dd6bfa96c2a026c7800ddc7dc9bdc5494a7c5522056a22b90e
                            • Instruction Fuzzy Hash: 9EF09072509204AFE702DF54DD0196EBBF5EF8A204F1444DFE904E7221DA31ED16D7A2
                            Function 05C0489A Relevance: .0, Instructions: 34COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 64b8e96cfe1b77d1b8a1550f3b032449218fc7c7b6686b7dd344f0eb7995e7f1
                            • Instruction ID: 6c7f337dfe3c0e835d45880cc942fb794622c1bd0084bec448bdd36b644d012a
                            • Opcode Fuzzy Hash: 64b8e96cfe1b77d1b8a1550f3b032449218fc7c7b6686b7dd344f0eb7995e7f1
                            • Instruction Fuzzy Hash: E4F0E932604108AFDB05DB58CD0195ABBE9DF85204B1488E9A508DB361FA31FE02D750
                            Function 00B81862 Relevance: .0, Instructions: 34COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f77863a30c84e665b010a1c1c8405d6404afd643b4992e9b2c7d35fdca424242
                            • Instruction ID: ec8f27cd090c085d63c44ddfa9815234712bf7d5139baddd79642b097e4bb6ad
                            • Opcode Fuzzy Hash: f77863a30c84e665b010a1c1c8405d6404afd643b4992e9b2c7d35fdca424242
                            • Instruction Fuzzy Hash: FEF0F934A41208CFDB58EB54D96ABAD7BF5EF48710F2004A4E502EB2B0CF759D41DB60
                            Function 0556A988 Relevance: .0, Instructions: 33COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4209768348.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5560000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 323e1c52303fcc9eb8cfcc92d0586de722e9de7afd0b0ca39fb1a21e48a6e8c2
                            • Instruction ID: 5bd7fd32d39ea33fc01b39ffa54b2adbba4decb20facab2903825034261da501
                            • Opcode Fuzzy Hash: 323e1c52303fcc9eb8cfcc92d0586de722e9de7afd0b0ca39fb1a21e48a6e8c2
                            • Instruction Fuzzy Hash: E4F0623114D3C08FC743EB64E850859BF72BF9220474988DAD4868F25BC625AD0DCB91
                            Function 05C01FFD Relevance: .0, Instructions: 32COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f99123bee18686b99d237fc343318b86e589e65d83c5061a449146fc5dd74715
                            • Instruction ID: 4711e658f6ed43c7cdb675b8ff99a1cdd96d42d41d662a4430ef7a754ab15fd4
                            • Opcode Fuzzy Hash: f99123bee18686b99d237fc343318b86e589e65d83c5061a449146fc5dd74715
                            • Instruction Fuzzy Hash: 58E02B6170E2516FDF1B051D2CA062FAE95EFC7558B4504BFED46E7281D501CC06C3A1
                            Function 05D92C90 Relevance: .0, Instructions: 31COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 43a8d90b4d3aa4b1b99644898157e642d60644cc627d4266754fd57eb48880a5
                            • Instruction ID: be7df4add8dab5156e35158de527332ca759b8528c8194f11d7c69170203556d
                            • Opcode Fuzzy Hash: 43a8d90b4d3aa4b1b99644898157e642d60644cc627d4266754fd57eb48880a5
                            • Instruction Fuzzy Hash: EAF08275644209AFD705CB64CD01649BBF5EB9A214F0485AEA408D7361FE31DE06DB91
                            Function 05C334C8 Relevance: .0, Instructions: 30COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b4b0e3b6e4e572c16c39929c90b84a3dd2740afcd8f6911f453ae17aeffffd66
                            • Instruction ID: e520d8551420efb745d53725daa7e0873a7c5aee7d07498828c039e9caef6cac
                            • Opcode Fuzzy Hash: b4b0e3b6e4e572c16c39929c90b84a3dd2740afcd8f6911f453ae17aeffffd66
                            • Instruction Fuzzy Hash: 79F065323045446B8705EA99E894C5FBBDFE7CC6217108525F90983784DE35ED4697D0
                            Function 05C040B2 Relevance: .0, Instructions: 30COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3913075c75f56f8bcd54a90d99280f7f0ef0f72d21c9db3147be4acaf1155edb
                            • Instruction ID: 029ab58dfc2f24199f5185e69ca8e67c2f21327b2c63dc6391b0c9087d2d53fd
                            • Opcode Fuzzy Hash: 3913075c75f56f8bcd54a90d99280f7f0ef0f72d21c9db3147be4acaf1155edb
                            • Instruction Fuzzy Hash: 3FE0D8217451111BFE19140DBD857ABA4C9EBC6698F44453DED06F3340D511ED058250
                            Function 00B80897 Relevance: .0, Instructions: 30COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 15d1d8961ac052f651c6551f611387bced0455f69b603cecc9d11598f011f1af
                            • Instruction ID: f28ee5788b84c979bae8d0e2fffe8ff9f7775d069aac5b1fd339544d8cf72205
                            • Opcode Fuzzy Hash: 15d1d8961ac052f651c6551f611387bced0455f69b603cecc9d11598f011f1af
                            • Instruction Fuzzy Hash: E8F08C7090520AEFD750EF609D919AA7BF9FA0534472001D6D409DB262EA311E0DD790
                            Function 05C307B1 Relevance: .0, Instructions: 29COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 181b64173c3f122a8c110d9237aae950b2ba7572c4401fd8aa60595d6daa4e68
                            • Instruction ID: 83071e6c1014da54bb2ee83d9d3c90956a40d5f82501e3826fd6c27f74ecb24d
                            • Opcode Fuzzy Hash: 181b64173c3f122a8c110d9237aae950b2ba7572c4401fd8aa60595d6daa4e68
                            • Instruction Fuzzy Hash: B3F0E9729041049FC751CF64EA017AEBBF1EB84700F14489EE845D7210EA329D13CB62
                            Function 05C06F68 Relevance: .0, Instructions: 29COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7adc2cf00c78df18525a8650bb86a0ef30a57737bbaaee15e54ec190121896a7
                            • Instruction ID: 44f1cae0ad8f2015c28ca44c3830be22493010b5680ff2fe9da980583bac3f64
                            • Opcode Fuzzy Hash: 7adc2cf00c78df18525a8650bb86a0ef30a57737bbaaee15e54ec190121896a7
                            • Instruction Fuzzy Hash: 90E022323005080BDB0566A8E0206BF7BA7C7C4314F108074ED19AB349CE20DC8353A5
                            Function 05C058C8 Relevance: .0, Instructions: 29COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 72137a744cafa2d78be07f028f9c2bffc237512b90eec30ebfb2bb32c9bf948b
                            • Instruction ID: a5ea5e09a1780fe76275afd999c404048bbc981e9ad2bca25bf1e835dd9908e3
                            • Opcode Fuzzy Hash: 72137a744cafa2d78be07f028f9c2bffc237512b90eec30ebfb2bb32c9bf948b
                            • Instruction Fuzzy Hash: 2FF0AC77110114BFCB469F84DC45D95BB6AFF4C220B0AC095F6188B232D673E925EF50
                            Function 05C32381 Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a89e8b237db59afd8bd82148a1827721fc0ad17686880875fb48d85decc95906
                            • Instruction ID: 3fe5155717c9d07fc1b3a107966eec6b919fbacac59a60328460fc568d9e0ab7
                            • Opcode Fuzzy Hash: a89e8b237db59afd8bd82148a1827721fc0ad17686880875fb48d85decc95906
                            • Instruction Fuzzy Hash: 51F01C721041996FCB51CF95DC509FA7FA9EB4D224F048246FDA8C2151C67AC922EBA0
                            Function 05D9D671 Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1f164fe9eb89fa2cc2c095915a2599a81f0ccd6019478ea768fdb183eb49b53f
                            • Instruction ID: a6ee7b1b7aa7f38e70432e6ec776ed5bb8727be7e3ca961253a1f7794a301cb9
                            • Opcode Fuzzy Hash: 1f164fe9eb89fa2cc2c095915a2599a81f0ccd6019478ea768fdb183eb49b53f
                            • Instruction Fuzzy Hash: EDE026A3806108AFCB11CFB0E8020CC7FBAEB1A201B0214DBD488CF310E4328B038752
                            Function 05D92938 Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4dfb84fe1bf554a34904dd23025d4f8b8079d23765e7f1d6d7c9c6bb4149ab79
                            • Instruction ID: ce738838f3e7e3908c9b9d9a80f3fdec51c0ad16c545f8a036a5dd19e82b277d
                            • Opcode Fuzzy Hash: 4dfb84fe1bf554a34904dd23025d4f8b8079d23765e7f1d6d7c9c6bb4149ab79
                            • Instruction Fuzzy Hash: 8BF0A775940108FFDB05DB60D90579DBBB1EB56205F1184EBC405DB111EA31CD06EB51
                            Function 05C09B28 Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: de1813daa2fc85e6bd68a6fcddce6f6dc633128546ae4281dcd815e4c53095bb
                            • Instruction ID: 5fc2e87035e3015f349fde628acc2ff8b6ed1e13800ea028db63d54503065956
                            • Opcode Fuzzy Hash: de1813daa2fc85e6bd68a6fcddce6f6dc633128546ae4281dcd815e4c53095bb
                            • Instruction Fuzzy Hash: DEF07436111114AFCB068F80DD54C95BF76FF8922071A809AFA188B132C673C966EF90
                            Function 05C32390 Relevance: .0, Instructions: 25COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 40b153383e6de520665622cd19abb3d691de445f4deecf93faaa50dfd1b24b64
                            • Instruction ID: 704a75d8dcbbdfedf44427af84db028faf61110e9c107736e094e3b967943e86
                            • Opcode Fuzzy Hash: 40b153383e6de520665622cd19abb3d691de445f4deecf93faaa50dfd1b24b64
                            • Instruction Fuzzy Hash: 81E0ED721041987F8B41CE95CC10CFA7FEDEB4D265B088046FE98D2151C576DD21EBB0
                            Function 0556DED0 Relevance: .0, Instructions: 25COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4209768348.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5560000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f3e1adae3b4efb8ee01bcdf45f28075b9d019ba92b041fc9d35ab93392a2763e
                            • Instruction ID: 0c9680d6cbf6f3f511d56f1510b8ff31207b03ac8441069377d072da8b97cbd4
                            • Opcode Fuzzy Hash: f3e1adae3b4efb8ee01bcdf45f28075b9d019ba92b041fc9d35ab93392a2763e
                            • Instruction Fuzzy Hash: 0CE01A3210010DBBCF418E84DC51EEA7B6AEB48350F04801AFD0456221C672F922AB94
                            Function 05C08391 Relevance: .0, Instructions: 25COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1be1950fa6958cd8c3d59b90422db4cf6fb8073eb579ebf41b48016636418add
                            • Instruction ID: f4c649eb470190575ab6c85865066af0ad00b35e86d52c28d4711189b0720b95
                            • Opcode Fuzzy Hash: 1be1950fa6958cd8c3d59b90422db4cf6fb8073eb579ebf41b48016636418add
                            • Instruction Fuzzy Hash: 5CE04F3210405C7FCB40CE84DC02EFB7BADDB89261F08805ABE54C2241C672FA21ABB4
                            Function 05D92F03 Relevance: .0, Instructions: 24COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c02e9e9cc5de602ce87a65717bdba7e4b357b6387d6f63e36c880eb8a754ee68
                            • Instruction ID: ea704e986692def5236af239c2e5444b44b16010d276a2c3269b496f4cc4e6af
                            • Opcode Fuzzy Hash: c02e9e9cc5de602ce87a65717bdba7e4b357b6387d6f63e36c880eb8a754ee68
                            • Instruction Fuzzy Hash: 81E08676A41008ABDB00EFA4D94269DBBA5EB45214F2484EE9408DF650EA32DE039B91
                            Function 05C0D650 Relevance: .0, Instructions: 24COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 36efc0d4b1e0f94b0174edab69a28cb484ec487364fbb88d2db975fc1baf61ea
                            • Instruction ID: 8af9f828fb66bf308e916d5c1031e9362a379f9ef42d0eeec6b1b1fc82a98153
                            • Opcode Fuzzy Hash: 36efc0d4b1e0f94b0174edab69a28cb484ec487364fbb88d2db975fc1baf61ea
                            • Instruction Fuzzy Hash: 0CE0C03151060C9FCB01EE98D8418D9BB79EF4A214B01C25AFD4467210EB71E965DBD1
                            Function 05C09B38 Relevance: .0, Instructions: 24COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c3d7df98eeff5f894a78e609871a3f1461786240a0f05881283f38d8adb074c2
                            • Instruction ID: cfda516cc4809bb72824b015ae886a5ea07fe7ae685587bfc91e44868ef403f6
                            • Opcode Fuzzy Hash: c3d7df98eeff5f894a78e609871a3f1461786240a0f05881283f38d8adb074c2
                            • Instruction Fuzzy Hash: 42F04536110114BF8B068F84DD44C95BF6AFF8D32070AC09AFA184B232C673D921EB90
                            Function 05D9D684 Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2689f6c62c6ea02c90f010a1cc88bc4a0d7244aa979ef39c07314dd65286b995
                            • Instruction ID: 7b5e40276d797ee2399a282d8acc7bbab3f76f2680cea4767daeae1b38423674
                            • Opcode Fuzzy Hash: 2689f6c62c6ea02c90f010a1cc88bc4a0d7244aa979ef39c07314dd65286b995
                            • Instruction Fuzzy Hash: ACE0D87058E284CFC702CB7849114DC3FF19E0710070900E7C444CB1E3D5385E0AA752
                            Function 05C00500 Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 664f35d6e9b6a0b8d0af0c68ad880da06b61d7390ef2d4ad81f92f49d285d556
                            • Instruction ID: ab42ce4db648e4beb32346b8b6c2f302b8672c3b12da0919521848ec76e6fc6f
                            • Opcode Fuzzy Hash: 664f35d6e9b6a0b8d0af0c68ad880da06b61d7390ef2d4ad81f92f49d285d556
                            • Instruction Fuzzy Hash: 83E04F721040A87F8B41CE99CC10DFB7FED9A4D111B08804BFDA4C2242C57AD922EBB0
                            Function 05C06F78 Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b9f979856fedc55ded27096af910eeee4e886cc7a22053b9787d1ad939f5e62e
                            • Instruction ID: 6794e2416792a5eb46ca0bf8c7953f715e1d564358ebb0704248bd4722a02b31
                            • Opcode Fuzzy Hash: b9f979856fedc55ded27096af910eeee4e886cc7a22053b9787d1ad939f5e62e
                            • Instruction Fuzzy Hash: B5E0CD35340204179A057699E01047FB7EBD7C47257108474EE1997349DD35EC8353E5
                            Function 05C058D8 Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5e15507fc50ee948970dbd4762f3ff8614c5cf8d10decee01242b114e01db4c8
                            • Instruction ID: 5dd3c1d11ce0abbd0a6421927aafbfe96e00f8e474ef36b1fa3fb3cc611671f7
                            • Opcode Fuzzy Hash: 5e15507fc50ee948970dbd4762f3ff8614c5cf8d10decee01242b114e01db4c8
                            • Instruction Fuzzy Hash: 03E05236110114BF8B469FC4D944C91BFAAFF8D22030AC09AF6188B232C673D922EB90
                            Function 00B80860 Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9af91d425b93de85ab9fec3d409f942376d5bbd4e85d98a7afc1098874aa6d54
                            • Instruction ID: 56697b3f0ff18d6ad24c4f0adab6a785c4bfb5ecd2f1631fc5c23677dddf3d3c
                            • Opcode Fuzzy Hash: 9af91d425b93de85ab9fec3d409f942376d5bbd4e85d98a7afc1098874aa6d54
                            • Instruction Fuzzy Hash: 2AD06C5144F7D50EEB2357791D664847FB199A320970F28DBC8C0CF1A7C1491A4DD322
                            Function 00B80979 Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a005e8ea7a414aedc38ec7363f1a19a1a3d69d4bbf56c3fd81cd4d679c1db8d9
                            • Instruction ID: 57f19ac7e32754481527c5d7d21d6009306026a1934dab602389bede5f2965d5
                            • Opcode Fuzzy Hash: a005e8ea7a414aedc38ec7363f1a19a1a3d69d4bbf56c3fd81cd4d679c1db8d9
                            • Instruction Fuzzy Hash: 0FE06D75F14010CFE385BF59E00436663E6EBA8B40F45C1F5D0495B765DB3488468B42
                            Function 05C34AD8 Relevance: .0, Instructions: 21COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 28ec27f21e74e931115378073a99416d60fc7d86d0daa090d8821cc229fc4c57
                            • Instruction ID: 6c105463481c9e3f462ac5f4d92f7cd802f6ddd78091010f202adb26ffa5551b
                            • Opcode Fuzzy Hash: 28ec27f21e74e931115378073a99416d60fc7d86d0daa090d8821cc229fc4c57
                            • Instruction Fuzzy Hash: 8AE04F71100118AFDB01CF84D800AA67F69EF59621F00C15AFD25872A1C7B2CD22DBA0
                            Function 05D91E68 Relevance: .0, Instructions: 21COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 224eeb4169b85b9e21f060b8cd42d04b8c8aec63bb86fe187fdd258e1a93376c
                            • Instruction ID: d6ca90e61efb80d1ef53efac8bcc1ae84be46ce4cfd9b392c7f33d5ea51d664f
                            • Opcode Fuzzy Hash: 224eeb4169b85b9e21f060b8cd42d04b8c8aec63bb86fe187fdd258e1a93376c
                            • Instruction Fuzzy Hash: 32E04F321483986FD7018E94CC51C667B6DDB862217048097FD4587292C662EC21D7A0
                            Function 05C33558 Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: aee68d8a65da2706a6750b5275664ba9d307d2c486fa1278c61a702a71bf3cd1
                            • Instruction ID: 90fb2ae83c892e78bfe7e6d31e92f1f007b1fea45172893b1f47a3b7720fe886
                            • Opcode Fuzzy Hash: aee68d8a65da2706a6750b5275664ba9d307d2c486fa1278c61a702a71bf3cd1
                            • Instruction Fuzzy Hash: 49E0B631510219AFDB10DF84EC05AA6BF7EEB89260F14821AF95997251CB72A9229B90
                            Function 05C3FF19 Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c8e2701eae91f3611affd0f9f9a0b67721da3a9f3aa9c22f70523ec90b0557f3
                            • Instruction ID: 52f0f9dcb5d82c98afdfdcb3167e35fb19f96e800c3a5917fd70b5698fa6d260
                            • Opcode Fuzzy Hash: c8e2701eae91f3611affd0f9f9a0b67721da3a9f3aa9c22f70523ec90b0557f3
                            • Instruction Fuzzy Hash: 88E0DF70D042098FDB40EFACD05425E3FF2FB49314F108AAED80AD3384EA388A418F82
                            Function 0556DA30 Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4209768348.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5560000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b52fae2fbcf8b19203986a23006f301dd99ac0d155959b1319826c674b84f687
                            • Instruction ID: eb39e7adb0b4d9d89b122dbdfffb3580033eea5d82ad8cfb8a59bfbf1d510750
                            • Opcode Fuzzy Hash: b52fae2fbcf8b19203986a23006f301dd99ac0d155959b1319826c674b84f687
                            • Instruction Fuzzy Hash: D1D012711140107BD241DA04DD41EABBBAEEBC4710F14884DBC0092701C662EC1696B2
                            Function 05D91D40 Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ab40c753aa086a7196c21605c19a30ace60483599a91abb117ef1a5131be45fd
                            • Instruction ID: 26d338e415772c64f4c76fa4fa4c89598f725f491b018d44a5906ec778d821c3
                            • Opcode Fuzzy Hash: ab40c753aa086a7196c21605c19a30ace60483599a91abb117ef1a5131be45fd
                            • Instruction Fuzzy Hash: 6DE0E6352001187FDB00CE85DC41AA67B79EB45664F14C41AFD0597351CB72EC25A794
                            Function 00B808A8 Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 60ada41811f789583eda0b1a809d3fa31766e4924d69acbe23a684151a7cbd9d
                            • Instruction ID: 3f894cbed41162fc1173effac876494d74b9ae2bb2e30db68dfd9fc583002954
                            • Opcode Fuzzy Hash: 60ada41811f789583eda0b1a809d3fa31766e4924d69acbe23a684151a7cbd9d
                            • Instruction Fuzzy Hash: A1E04F30914209EF9750FBA4DE5586D77F5FB4434571045E9D50697260EA301F44D7C0
                            Function 0556DEE0 Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4209768348.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5560000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5bd5e710004956d66dfe3e2215aab6d0f81319c1ea20041723a612196364da64
                            • Instruction ID: 0e78a27741c7657a89158647ee5ee4e5ddb29d7e211c5697c5f048b27a1ad32d
                            • Opcode Fuzzy Hash: 5bd5e710004956d66dfe3e2215aab6d0f81319c1ea20041723a612196364da64
                            • Instruction Fuzzy Hash: 1BE02636100119BF9F059E84DC41CEA7B6AEB99664B14805AFE1556221C673D932EB90
                            Function 05D9B5C0 Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: baa1f2c9b9f3f8dbe8a8c6764396fd499163fd9ffd358d0daaa9ca77827a5a0a
                            • Instruction ID: 9cb7658d11dcd29461ec6d32436bcbb022952eae158d90a3f9ea6d9175a9bb59
                            • Opcode Fuzzy Hash: baa1f2c9b9f3f8dbe8a8c6764396fd499163fd9ffd358d0daaa9ca77827a5a0a
                            • Instruction Fuzzy Hash: 0DE012755082405FD346DF10E910866BBA2DBC6B00B07849FF8809B355D5229C16C763
                            Function 05D9BE68 Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2fda9a67b851257cba4bdd071bfcbf28631658afed78e274a9a3fd57b9be1019
                            • Instruction ID: a61f3d35ae37ad5ba5ece974004012927ee22e124d47028fe1b84be0750891d9
                            • Opcode Fuzzy Hash: 2fda9a67b851257cba4bdd071bfcbf28631658afed78e274a9a3fd57b9be1019
                            • Instruction Fuzzy Hash: 29E08CB21081409FC298CF24E950EE7BBA68FC4900B09848EE88593242C522ED16CB72
                            Function 05D92900 Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 20c3794b91e3b0eede6851d6ec8e135392c2b50e91babc987c7c9ba0c0f38592
                            • Instruction ID: c109ea02624009754c7d6fce5a02b60878ff53655828bbf7a330e54dc98e5b63
                            • Opcode Fuzzy Hash: 20c3794b91e3b0eede6851d6ec8e135392c2b50e91babc987c7c9ba0c0f38592
                            • Instruction Fuzzy Hash: 41D0C27298510CAFCB01EEA4890108EBBE9DB5510070000EA9404E7221FD31DA1193A1
                            Function 05D99A0A Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0a12a8f500c412842416b8f04c045a42962268518bab63f97fb4f15cb2f54ef0
                            • Instruction ID: 4ed89685d628fc3eb9aba11c3de6ca8b30f785ce2e4b0ba0e0b27d47f318bafc
                            • Opcode Fuzzy Hash: 0a12a8f500c412842416b8f04c045a42962268518bab63f97fb4f15cb2f54ef0
                            • Instruction Fuzzy Hash: 46E0C2619091C84ECB17DFB0CA005993FB3AB03248B1542EBD4805F0B3CC230919C386
                            Function 05C0BE00 Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 876fade9cfdf2c3beb5802784b10ca126ce35e8b79da7f1fd111ff25c30a5488
                            • Instruction ID: 54349e4f6e23b42819554ba9e56c88d38cf0d26dc8415fd290c07a636975935b
                            • Opcode Fuzzy Hash: 876fade9cfdf2c3beb5802784b10ca126ce35e8b79da7f1fd111ff25c30a5488
                            • Instruction Fuzzy Hash: E5D05B7694510CAFDB01EFB4CD0148EBBF9DF4610471005D69504E7261ED31EB169792
                            Function 05C083A0 Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 49bec1adbdd607e6d40542e0f5ee0b269763f6f04078961a161352a179076708
                            • Instruction ID: b7c15f5d6199f36f7ff641d71568f529fc96a3582e1d2df4f696ef0e7959edf5
                            • Opcode Fuzzy Hash: 49bec1adbdd607e6d40542e0f5ee0b269763f6f04078961a161352a179076708
                            • Instruction Fuzzy Hash: 05E0EC721041586F8B41CE89D811CB67BADDB89260704805ABD5486251C672DD229BB0
                            Function 05C00228 Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a8e2869a3afbe9af28b473b636aed89354cbd2061cd8bfc760e64b876deb78e5
                            • Instruction ID: 5ffbf746aedd02beee038126ebb7434ed0446538cd87c6cc494697cfdbe4e50a
                            • Opcode Fuzzy Hash: a8e2869a3afbe9af28b473b636aed89354cbd2061cd8bfc760e64b876deb78e5
                            • Instruction Fuzzy Hash: 3FD012721041A82F8750CA99D810DB77BEC9A4D121708C05BB994C7242C565DD1197B0
                            Function 05C35118 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3fd043c133cd5a1cefb246774f299582c71522a4a6301219d965f270b80db544
                            • Instruction ID: 8f5e408727ca5704d2e4fc27fc01c65e1e6b4ddaf71ac62799e715d703deceab
                            • Opcode Fuzzy Hash: 3fd043c133cd5a1cefb246774f299582c71522a4a6301219d965f270b80db544
                            • Instruction Fuzzy Hash: E6E086751093845FDB41CF54D8508673F75EB86220708809BFD98C7153C6758C21DB60
                            Function 05C34388 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1bbbe31f6608a4c02281dd5873228cea3e5bd31cde8f88a8cc2a98d4c3277574
                            • Instruction ID: 8f95601c7bd8b3ce361fb71723f8ebe659f32d31e3a0b9bbd12dfb39b3db01df
                            • Opcode Fuzzy Hash: 1bbbe31f6608a4c02281dd5873228cea3e5bd31cde8f88a8cc2a98d4c3277574
                            • Instruction Fuzzy Hash: 26E012759042099FC700DFA4EA056EDBFB5F745220F0047ABD409D7650EA354A029F91
                            Function 05C3FF28 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 307cd6fd4f856350ebcec87ddde2d1a6d80caff633c549da984390fca53a8e80
                            • Instruction ID: 6c2972bf8ebd8d7a80139a7805764c156cb2ab28a13c11b162435fe447a83288
                            • Opcode Fuzzy Hash: 307cd6fd4f856350ebcec87ddde2d1a6d80caff633c549da984390fca53a8e80
                            • Instruction Fuzzy Hash: D9E0EC70D0420D8FD740EFA8D40526E7BF5EB48704F5049A99809E3344EA399A418BD2
                            Function 05C34AE8 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a8e6a07dc12e02ad3e5ed504a5308a9fd4191ff32c073443818bcad8348e5d37
                            • Instruction ID: 74bd5e682b91a2d78f462f720d40d5774850364329bd47b2e62bddd07364fa43
                            • Opcode Fuzzy Hash: a8e6a07dc12e02ad3e5ed504a5308a9fd4191ff32c073443818bcad8348e5d37
                            • Instruction Fuzzy Hash: B2D012321001187F8B01CE84DC01CA67B6DEB89260704C056FD1487211C672DD22DBE0
                            Function 05D919F0 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b26f87878dd3194c2d10026af0625cfb7c7297d830b0da74d697b822bb77d038
                            • Instruction ID: 2d10c391aa22e8bb8ac236b2a1a900c43e33c5b62b451aa17195d632b6ea55ce
                            • Opcode Fuzzy Hash: b26f87878dd3194c2d10026af0625cfb7c7297d830b0da74d697b822bb77d038
                            • Instruction Fuzzy Hash: B6D0123194110CAFDB00DBA5990569DBBF9EB05255F5041A59804E7220EA319E165B95
                            Function 05D9991A Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b0883a350f31d337442a22ee042a8ce2eb3545a9d3e6518d8885057152090355
                            • Instruction ID: 3c3fa8945e43eb54866302b3c860ba63bdf745cd20e88d00ffbeea958ee116b8
                            • Opcode Fuzzy Hash: b0883a350f31d337442a22ee042a8ce2eb3545a9d3e6518d8885057152090355
                            • Instruction Fuzzy Hash: 22D05BB25083405FD346DA10D8518927772FBD5A047178CCFD4908B352D6129C0BC791
                            Function 05D998E0 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ce91c314b16d55c895459a1799b615a311c604ee0efb98ea9f34010d3796315b
                            • Instruction ID: fe1ebf595c8473de1d3b40e5dd386beff6c50b45fb9ce45db6b5a75e48c9e50e
                            • Opcode Fuzzy Hash: ce91c314b16d55c895459a1799b615a311c604ee0efb98ea9f34010d3796315b
                            • Instruction Fuzzy Hash: 13D05E3194110CAFDB00DFE4DA027DDBBF9EB49214F1002BAC80ADB210EA368B029B91
                            Function 05C0AF78 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b4bad555a5dc695b5aeb5900b8d88bb28ee57f95cc8a003d67cc0115893e2245
                            • Instruction ID: 8522d3cb686988a4890444877bfea26ca33b01d826b5aa4ad2d285c00baa565b
                            • Opcode Fuzzy Hash: b4bad555a5dc695b5aeb5900b8d88bb28ee57f95cc8a003d67cc0115893e2245
                            • Instruction Fuzzy Hash: FBE0C2325146008FD300DB1CDC51A9AB7B4FFC9200F14890FE441A3211EB61FC0BC791
                            Function 05C09E88 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d67b9f4f0733f5385d2d721957268dc4d897c90b54f3a25934e440832d7a05d3
                            • Instruction ID: 4704a5aced907ac9b0350e2171baec5660bd279907e3dd9849facffac8f8fd68
                            • Opcode Fuzzy Hash: d67b9f4f0733f5385d2d721957268dc4d897c90b54f3a25934e440832d7a05d3
                            • Instruction Fuzzy Hash: 80D0C231980108ABDB00CFA4A80179D7BE8E705214F1002E69805E7250EA319A024750
                            Function 05C013E8 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9f26e7855602ec73bd0464410cef97e5fe56d62198125eaeb921480bd9414fb5
                            • Instruction ID: a6d75b9b74e00a99d9e6dbc6631006c07ba52f6f0e1130536ab6f40f1510e03f
                            • Opcode Fuzzy Hash: 9f26e7855602ec73bd0464410cef97e5fe56d62198125eaeb921480bd9414fb5
                            • Instruction Fuzzy Hash: 03D05E72114110AFDA40CA04ED45FABB3EDDBC9710F04885EBC00A3340C662FE1BEA72
                            Function 05C02328 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d86fd5a83aec28831ec67487c23c5c18a14ea0452a9e0e1f5f2d6ad8d6b8bff0
                            • Instruction ID: a90086cff754ae2f1893172eabf210cd93feab0ff53b89166955035e0ba3a22a
                            • Opcode Fuzzy Hash: d86fd5a83aec28831ec67487c23c5c18a14ea0452a9e0e1f5f2d6ad8d6b8bff0
                            • Instruction Fuzzy Hash: A2D05B72154010AFD240CA44ED05FA7B7EEDFC4A00F04841EB81453350D562FE1ADB72
                            Function 05C35128 Relevance: .0, Instructions: 17COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
                            • Instruction ID: d8e6f52d84d0e9a7535ad6c92223e7db018a165c074aefbb2bfd7201b7f166f6
                            • Opcode Fuzzy Hash: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
                            • Instruction Fuzzy Hash: D3D05E322001187F8B00CE88DC00CA67BADEB89220B04C05AFD5887241CAB2ED22DBA0
                            Function 05D9AC28 Relevance: .0, Instructions: 17COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 297b1a4adeb83c69d446cd04875ea65809a35e24ba1309616fdef74cd1f2b2df
                            • Instruction ID: 1d7a00f176af34867817ffc76d1482770190171412dfd0adf0c35fdd7aad4e93
                            • Opcode Fuzzy Hash: 297b1a4adeb83c69d446cd04875ea65809a35e24ba1309616fdef74cd1f2b2df
                            • Instruction Fuzzy Hash: E0E0E67650D3808BC346CF50E950A45BFA29F96904B15888ED88197352D5129C06CB22
                            Function 05D9B6A1 Relevance: .0, Instructions: 17COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fce6be488eb65b384350e065e78a24bdc87e1f0a65e69a11451a378f373135fc
                            • Instruction ID: 3c76180568a59d058232ca88bc36ea18ec96e3e3904111b35ea3e488b47819b6
                            • Opcode Fuzzy Hash: fce6be488eb65b384350e065e78a24bdc87e1f0a65e69a11451a378f373135fc
                            • Instruction Fuzzy Hash: C7D05EB66093904FD346DA04D960895BB62EBD561071A888FE4948B352DA22DC07C761
                            Function 05D91E78 Relevance: .0, Instructions: 17COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
                            • Instruction ID: d8e6f52d84d0e9a7535ad6c92223e7db018a165c074aefbb2bfd7201b7f166f6
                            • Opcode Fuzzy Hash: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
                            • Instruction Fuzzy Hash: D3D05E322001187F8B00CE88DC00CA67BADEB89220B04C05AFD5887241CAB2ED22DBA0
                            Function 05C3D9A0 Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: aac06aaaf486af66e716a1feb4f2e25e6d51cdf9f618c79f4b2f42c8eeca2956
                            • Instruction ID: 722cdf5cdf922f8360f8931e3915b92c3b1932c38dace993341dca6315b45ad8
                            • Opcode Fuzzy Hash: aac06aaaf486af66e716a1feb4f2e25e6d51cdf9f618c79f4b2f42c8eeca2956
                            • Instruction Fuzzy Hash: 46D01772508211AFE604CB04ED40BA6B7E5EBD8604F04841EE845A3210CB62DC07DB62
                            Function 05C33568 Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                            • Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
                            • Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                            • Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90
                            Function 05C3D3B8 Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 078bf8110a051fce1b42611d72f078a4c590a3955a5f5304ed5be3f0be5473ea
                            • Instruction ID: 1d7ecea9b46bdb706a48aa3720aea5458ea3cff49a04cba965f323a5b3370160
                            • Opcode Fuzzy Hash: 078bf8110a051fce1b42611d72f078a4c590a3955a5f5304ed5be3f0be5473ea
                            • Instruction Fuzzy Hash: 35D05E312043829FD224DB04E840B22BB61FBD8B20F14CA5DE8A187294CB358D03CB50
                            Function 0556F284 Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4209768348.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5560000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8c871f3e395af6ceecdd977e355f7681cd009d612af3893e08db2be1c1b86872
                            • Instruction ID: bfc15959107ea2a28a09ec26a68db0d8b895f426153ec5944da57e178e23f144
                            • Opcode Fuzzy Hash: 8c871f3e395af6ceecdd977e355f7681cd009d612af3893e08db2be1c1b86872
                            • Instruction Fuzzy Hash: C8D05EB12146401FC341C614CC55A63BB79DB86100F08C4AEA445C7363D621ED0AC720
                            Function 05D91D50 Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                            • Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
                            • Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                            • Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90
                            Function 05D90B08 Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 76a20f43ef0a4bd9bce224b7ef3a7a31623b4dcf1353d0b53805bb75f9dfa934
                            • Instruction ID: 6cf44b321eb583d4a2f18afb55ce4d8f0cc0fbe2e63ed8f52e4586191c718dc5
                            • Opcode Fuzzy Hash: 76a20f43ef0a4bd9bce224b7ef3a7a31623b4dcf1353d0b53805bb75f9dfa934
                            • Instruction Fuzzy Hash: 9CE012351086519FE311CF18DA41B56BBE2EFC5714F05899DEC91532A5C7219C17CB61
                            Function 05C09FD1 Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9888ad7f79091fc8a1a15b65cb9b1bf564483460eed2085acb1c1e67575206dc
                            • Instruction ID: 766209aae860bc3231b83b473a54217004c96a81c91d2e6353eb6e054485b12d
                            • Opcode Fuzzy Hash: 9888ad7f79091fc8a1a15b65cb9b1bf564483460eed2085acb1c1e67575206dc
                            • Instruction Fuzzy Hash: CBD0A7352042106FD600D904D842A57B7B6EBC9304F24C80EA80083301C661DC078790
                            Function 05C057A6 Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b8ad455de5f60d55f20a2dcae40bdb611a3fd0e1305704aedd753e5383ad41c3
                            • Instruction ID: 6b6436b3ae3e083293f1dd5d980f99eb226d7c8198b4f85077e8343d3661e3d6
                            • Opcode Fuzzy Hash: b8ad455de5f60d55f20a2dcae40bdb611a3fd0e1305704aedd753e5383ad41c3
                            • Instruction Fuzzy Hash: 36D05E325145119FC310EA58D84099AF3F5EFC9210F05C56FE449A7214FE71DC47C7A1
                            Function 05C0EB89 Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4063c41d0aae7e3fac576c9e68291512375dc1ff60bf30fd732455958b159cb1
                            • Instruction ID: 20c6bca74b67a4bd8490280ab4746f87bf726ad6b1a64ad4e0af666e04c1c78e
                            • Opcode Fuzzy Hash: 4063c41d0aae7e3fac576c9e68291512375dc1ff60bf30fd732455958b159cb1
                            • Instruction Fuzzy Hash: AAD05B755092019FD301CF18DA00C2ABFF5EBC5710B15885EB88157355D671DC16CB72
                            Function 00B8FF30 Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                            • Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
                            • Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                            • Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90
                            Function 05C32929 Relevance: .0, Instructions: 15COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b18ca6ba37ea0d1095daa7d3beec156e4251fb33bcaf974a56ebb1b17ea7ca4f
                            • Instruction ID: 555a78477d5e0c2fd80f7925066b87b72a9b0d6d22780b4bdf7841a691c169a0
                            • Opcode Fuzzy Hash: b18ca6ba37ea0d1095daa7d3beec156e4251fb33bcaf974a56ebb1b17ea7ca4f
                            • Instruction Fuzzy Hash: 59D017311042009FE344CF00FA04B6ABBA1EBC4B00F14884DB44197210CB729C4ACBA6
                            Function 05C3D8F8 Relevance: .0, Instructions: 15COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0d802b10369518c5e008054f7035dde6f16786ed679a5b74951302cb9f71e999
                            • Instruction ID: 3f785c3b582c6683749ef9cf643d690fec5c07fd95878228a823adfab6040376
                            • Opcode Fuzzy Hash: 0d802b10369518c5e008054f7035dde6f16786ed679a5b74951302cb9f71e999
                            • Instruction Fuzzy Hash: 40D01735104201AFE604CF04EA04A1AB7A2FBC4A20F04868DE851572A0C7629C17CB62
                            Function 05C33488 Relevance: .0, Instructions: 15COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ecac6f0edd18407d4f6195e20911a2b9c43c70bfbb214158983058d1fa85df3d
                            • Instruction ID: 3f8d6d7db8acb953d1f66286cb8979b516229215dbaee20c244dd52fc7f5d698
                            • Opcode Fuzzy Hash: ecac6f0edd18407d4f6195e20911a2b9c43c70bfbb214158983058d1fa85df3d
                            • Instruction Fuzzy Hash: 25D067755041119FD205CF44F954A56F7A9EBC8B14F14855EF84597210CB62AC16CB62
                            Function 05D997E8 Relevance: .0, Instructions: 15COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6a761d44eb063f398d6b8d5387bc3dc659e46579061836caf9bb43a3c0404210
                            • Instruction ID: b305e5cc3406f1d40fdb10ef3a6effd3ee56922194c4cfc9b7d5561448c1c72d
                            • Opcode Fuzzy Hash: 6a761d44eb063f398d6b8d5387bc3dc659e46579061836caf9bb43a3c0404210
                            • Instruction Fuzzy Hash: 6ED0A931644210AFF208CF04D881AA6F7A9FBC8310F28C94EE84183311CB72EC03CBA0
                            Function 05D91AA8 Relevance: .0, Instructions: 15COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 79ff84340680281744050e20465c7986713c3ee2e576d16cd91006b72cd60239
                            • Instruction ID: acb4bd11deffac54446caf55e203fc930f47239fc82166ba4a2d237418797c85
                            • Opcode Fuzzy Hash: 79ff84340680281744050e20465c7986713c3ee2e576d16cd91006b72cd60239
                            • Instruction Fuzzy Hash: 4DD0A7311042105FF344CA04D842AA2F761FBD4310F68C81DE82087340D767DC0BC790
                            Function 05C09088 Relevance: .0, Instructions: 15COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c1b04210e533d410b6b3b6a49ae76b2e459c378efcbe3610367daf32351f15bc
                            • Instruction ID: 5e5a65f190a9c15be83be292f8e8ebb27dc8a7445014805a6a582ada665ac046
                            • Opcode Fuzzy Hash: c1b04210e533d410b6b3b6a49ae76b2e459c378efcbe3610367daf32351f15bc
                            • Instruction Fuzzy Hash: A6D052BA2142119BD345CF04D882A6AB771FFC4700F18C84EE8108B351DB26DC07CB91
                            Function 05C3D118 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d2b06cd924b3772905223f9c46fb782bfba1d76d34fb97dd46af8451711301cc
                            • Instruction ID: 4e16f5da84277906d22c597a58cee8801d0184159f7c65041d5a76d7dfe9b2f8
                            • Opcode Fuzzy Hash: d2b06cd924b3772905223f9c46fb782bfba1d76d34fb97dd46af8451711301cc
                            • Instruction Fuzzy Hash: 6AD0173860D3808FE306DB14D890826BB71EFD6600708888FE89147257CA61AC17CF61
                            Function 05C34398 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9ea5f1db505f1f835914d6e58d4c3ef4054ee295e7d9a116fd2ce50fbc0dd8f2
                            • Instruction ID: cbd8daa7a7929a46ef43054b6933a652dba90f9e4f108cbaf963d52512be661b
                            • Opcode Fuzzy Hash: 9ea5f1db505f1f835914d6e58d4c3ef4054ee295e7d9a116fd2ce50fbc0dd8f2
                            • Instruction Fuzzy Hash: D0D0127194110CEF8B00DFE9DA0149EBBFDEB49210B5045F69908D7210FD369F109B91
                            Function 0556BAB0 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4209768348.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5560000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3e7f27d70d6dc00c4eefb13548e914d8ea38a28353f5fd4201957675b9bac516
                            • Instruction ID: d53057604214fda69737291f9a00be38b36fcbab1d97d6bcedf6a1171aed8b6b
                            • Opcode Fuzzy Hash: 3e7f27d70d6dc00c4eefb13548e914d8ea38a28353f5fd4201957675b9bac516
                            • Instruction Fuzzy Hash: AFD012313400086BE244C658CD89F66B79ADBDE214F18C82CF80CE7354DA31FD039625
                            Function 05D99511 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c833d84aa342b3b8271bfbee2beebf2cff3227968512ba9f9570a7a12c691951
                            • Instruction ID: 463563c3cf177c21e0976fc55656f748f8d908b0fe36c0db584619129e5a7482
                            • Opcode Fuzzy Hash: c833d84aa342b3b8271bfbee2beebf2cff3227968512ba9f9570a7a12c691951
                            • Instruction Fuzzy Hash: 03D0A7741043018FF744CF04D94491AB761F7C4710F14C90DE86143390CB319C03CB90
                            Function 05D9D6A0 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1ec71b95936cc781b277fa192b40eb6478e12282755c116a43a796eca69bc240
                            • Instruction ID: 7fb6ac4ab9c472925cf62a8244e6719e2663c7f0b4ab2021afd1abee61d45298
                            • Opcode Fuzzy Hash: 1ec71b95936cc781b277fa192b40eb6478e12282755c116a43a796eca69bc240
                            • Instruction Fuzzy Hash: 64D0127194110CEF8B10DFE5DA0289EBBFDEB49214B1045EAD909E7210FD32AF11AB92
                            Function 05D92910 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 58e073b9455536a45cc1d0182eb1164dd8a074158bdde0ea2266d87c2d88b864
                            • Instruction ID: f0e7cc03f798707e84b24a886160dfb1c3d8e7ac412876e59fdc783cb4960fed
                            • Opcode Fuzzy Hash: 58e073b9455536a45cc1d0182eb1164dd8a074158bdde0ea2266d87c2d88b864
                            • Instruction Fuzzy Hash: D3D0C97294110CEB8B00DFA89A0149EBBE9EB49214B1045EA9908E7210FA329A11A791
                            Function 05D998F0 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5a5f96049ea7f03600df47391be052f291f72512fbfc523cd7cb0d50ff849495
                            • Instruction ID: ca97dc0b308db4298fb2f7311e40df40cb0475311f8eb91ef56065b31c869e0e
                            • Opcode Fuzzy Hash: 5a5f96049ea7f03600df47391be052f291f72512fbfc523cd7cb0d50ff849495
                            • Instruction Fuzzy Hash: 44D0C97194110CAB8B00DFA49A0159EBBE9EB49214B1045EA9909E7210E9329A119791
                            Function 05D99A18 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3a3e4539528af0609dcadd0968aa0e13b0e6043107959b6508bc00849be5ec2e
                            • Instruction ID: 2429df9cc22009b403a456f3d51f1427e777ec3d7604f8855cf6efd6f16603d9
                            • Opcode Fuzzy Hash: 3a3e4539528af0609dcadd0968aa0e13b0e6043107959b6508bc00849be5ec2e
                            • Instruction Fuzzy Hash: FAD01271E4110CEF8B00DFE9D90149EBBFDEB49215B1045EA9908E7210FD329F1597D2
                            Function 05D91A00 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3e40101558f4c48264304d85fe780ca6d6b5cd621a284aa3734a341760689532
                            • Instruction ID: 5cf86b8390102aef69f2668e4636abad06f66d702c5048f40d8404a37c7e8b56
                            • Opcode Fuzzy Hash: 3e40101558f4c48264304d85fe780ca6d6b5cd621a284aa3734a341760689532
                            • Instruction Fuzzy Hash: C3D0C97194120CAF8B00DFA59A0149EBBEAEB49215B1045E69908E7210EA329E159B91
                            Function 05C0E521 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9f10902915ac1d3bccf537bb80d56f747163b4cf5ba2dcd9a601e7ef74ff50f3
                            • Instruction ID: 00160a76a9fc2fd9402455bbd4935e6b4f942c13eee38ac372e9e2a43a38bd81
                            • Opcode Fuzzy Hash: 9f10902915ac1d3bccf537bb80d56f747163b4cf5ba2dcd9a601e7ef74ff50f3
                            • Instruction Fuzzy Hash: DFD05E351043419FD304CA00D841A16BB61EBC5610F18884EE85047311DA269C07CB54
                            Function 05C04C60 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: efe89b7858217cc930e70619d5e7c6fb211a322a9298c06ecd9b9e0d43c2f215
                            • Instruction ID: 72aa1bfcab9812a38f8bb880414626c15b5b91c44ef29940996d13aad1194b17
                            • Opcode Fuzzy Hash: efe89b7858217cc930e70619d5e7c6fb211a322a9298c06ecd9b9e0d43c2f215
                            • Instruction Fuzzy Hash: 8FD0C971A4110CBB8B00EFE4D90159EBBF9EB4A210B5045E6D908D7210E9329E109BA1
                            Function 05C00EC0 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1430710e119fcb1ba86c890123e0d9fd90e37a1f280766e0e01dc58e43a49e33
                            • Instruction ID: 47148318f99ffd5e9497137605d0bd432f873dfa3cc86e6999a1a8523c4c2e34
                            • Opcode Fuzzy Hash: 1430710e119fcb1ba86c890123e0d9fd90e37a1f280766e0e01dc58e43a49e33
                            • Instruction Fuzzy Hash: B7D0C9312040006BD244C518CC4AF66B7A9DB88214F18C428A808D7364DB25FA039626
                            Function 05C09E98 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7f5c4c57ba1f57c04b1d500078bf9ab54f4fac02baf4ad63887ab10f0a2b94f7
                            • Instruction ID: 747574131efef5375547206f29f037a75b5c65fb30fe9a17a33655dfeebfe1c0
                            • Opcode Fuzzy Hash: 7f5c4c57ba1f57c04b1d500078bf9ab54f4fac02baf4ad63887ab10f0a2b94f7
                            • Instruction Fuzzy Hash: 4ED0C97198110CAB8B00DFA5990149EBBE9EB49215B1045E69908E7210E9329A119791
                            Function 05C0BE10 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 860dd2d049342a83db3647330a5d3d801f9a123e2bd3f6e5183f50d530185c63
                            • Instruction ID: 972dfd9a3e9646bef3fb3f1a4b4196deabb1d3224955060161471c40fe249aee
                            • Opcode Fuzzy Hash: 860dd2d049342a83db3647330a5d3d801f9a123e2bd3f6e5183f50d530185c63
                            • Instruction Fuzzy Hash: C2D0C97194110CAF8B10EFA89D0149EBBF9EB49214B1045E69909E7260E9329A119792
                            Function 05C041C0 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 322f2ee53d80ad470e2b4c88356ff6ec30c41b88fa62b69334a10037965e4968
                            • Instruction ID: 5616646d1f0363865aec3ea6acb540790827a05c146f70471315ed20cc4b986b
                            • Opcode Fuzzy Hash: 322f2ee53d80ad470e2b4c88356ff6ec30c41b88fa62b69334a10037965e4968
                            • Instruction Fuzzy Hash: ECD0C97A780400ABD344C615EC59F62B2A9DBC8209F18C428780CC7351DA26FA1ADA14
                            Function 05C0C9F1 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b41860023c131154623a4428d9a1181a7b6735fcc41eb7fe1ed13af3473ec28c
                            • Instruction ID: 752c0f78662ed9f9a47f12525f49d19a6dffe234d4c819cfdd2a061b7527070f
                            • Opcode Fuzzy Hash: b41860023c131154623a4428d9a1181a7b6735fcc41eb7fe1ed13af3473ec28c
                            • Instruction Fuzzy Hash: F3D05E756097808FE301DB04C850C26BB72FBD6300B08899EE88143352CB619C06CB50
                            Function 05C0DB68 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 588969863fffd8dc40b9e2a6d2e220c2e7d2ec5e809853c8ef8f6be4ef95054d
                            • Instruction ID: 4012e127f245aafc25887b5f086322c009168217bdcf2ae29df3e57f784ac387
                            • Opcode Fuzzy Hash: 588969863fffd8dc40b9e2a6d2e220c2e7d2ec5e809853c8ef8f6be4ef95054d
                            • Instruction Fuzzy Hash: 93D0A7B35097808FD340CF00EC11CA6B761FBD6200B058C5FE89087242F762DD06CB69
                            Function 05C307F8 Relevance: .0, Instructions: 13COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
                            • Instruction ID: 1d2c5b51030abd186a83bee4b09449a282c16bbf154cb9b97365610c327b5c4c
                            • Opcode Fuzzy Hash: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
                            • Instruction Fuzzy Hash: B8D0C9712081219F9244CA48E950C6BB7E9DBC9A10B14884EB88493241CA62DC16CBB2
                            Function 05C3E880 Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f69f40e8e0508b9dd85c92c8a23da1b7217a6e376f9f93d12ffde40f4f1e89d5
                            • Instruction ID: b04b3f20768d56b7d560ad337c29b609c67a52899831bc58f80a89f5415c864d
                            • Opcode Fuzzy Hash: f69f40e8e0508b9dd85c92c8a23da1b7217a6e376f9f93d12ffde40f4f1e89d5
                            • Instruction Fuzzy Hash: 88D0127951A7C09FD381C7248C65C46BF70DF5B10571AC0DAC4558F163C6359917E7A8
                            Function 05C3D3C8 Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6fd5862abba9300e25b077a0ac4af4b5da7c8fab61ce18239a04dd38772a8edf
                            • Instruction ID: 805465856a0e97f1801a7b9e58a9ccc16fe6aa036e262aa7ced1ad80dc8590cd
                            • Opcode Fuzzy Hash: 6fd5862abba9300e25b077a0ac4af4b5da7c8fab61ce18239a04dd38772a8edf
                            • Instruction Fuzzy Hash: 59C012752142125BD254DA04C841D66B3A6FFC8314F14C86EE85083345CF76DC07C7A0
                            Function 05C3DE10 Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 87e0eee5107707ece782f7e1bfade8e65cbf7b3f9331464d9b02b8c4f833c17c
                            • Instruction ID: 4d0dbeb49c444fb7418c2fc0c78645bcfcbb8ba9403ee283a340b2acf8413228
                            • Opcode Fuzzy Hash: 87e0eee5107707ece782f7e1bfade8e65cbf7b3f9331464d9b02b8c4f833c17c
                            • Instruction Fuzzy Hash: ABD01274610200BFD3D0CB28D84AB09FBA0EB9D610F60C65DD65ACB2A2CF369903DF14
                            Function 0556B651 Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4209768348.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5560000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a9206123d67abc73d5e9980cbef9cd49322b78faf1d532fa68a7e1ae72fe312a
                            • Instruction ID: 2a71924b52dada7f480a39f36497701884d0635091ce2ce480c6ae358fa484a6
                            • Opcode Fuzzy Hash: a9206123d67abc73d5e9980cbef9cd49322b78faf1d532fa68a7e1ae72fe312a
                            • Instruction Fuzzy Hash: FBD092B56482469FD740CF44E640C5AB7A3EBD8610B51881EE84457215D772DD17CB62
                            Function 0556B658 Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4209768348.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5560000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                            • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                            • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                            • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                            Function 05D9B5D0 Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                            • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                            • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                            • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                            Function 05D9DCB8 Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 28ac7bb43cae309026021fd34d89145388d209904b160b5cba1aceb931ed3baa
                            • Instruction ID: 7aa37dba3993cd4435f3f4023f3f8c1cec0405f6aa252b691e5e18af54ed7c34
                            • Opcode Fuzzy Hash: 28ac7bb43cae309026021fd34d89145388d209904b160b5cba1aceb931ed3baa
                            • Instruction Fuzzy Hash: A5D01271B205019BC240CA54C495A97F7E1EF59216F55C45DE49A4A101D7329413CB54
                            Function 05D90B18 Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                            • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                            • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                            • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                            Function 05D9231B Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 68626aa28d491eba28aa86701cc697934f7c8b2a564774b0d4d897709f9467cc
                            • Instruction ID: 643b33d58fefb876374578de292fe54d9a7299e275c57cb85230823819831019
                            • Opcode Fuzzy Hash: 68626aa28d491eba28aa86701cc697934f7c8b2a564774b0d4d897709f9467cc
                            • Instruction Fuzzy Hash: 2DC012717001005BD344C614C852B16B795DBD9219F14C42D6408C7350EE32EC038680
                            Function 05D9D281 Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: aaa0d620215aa35025fd9b9c7b378edc547bb8e62954e1bdfc81af6fa4322a6a
                            • Instruction ID: 99ffa70873a63aad6632d33ce7a45db7bbe5dcbf0cb7af63d0cba82c277119b2
                            • Opcode Fuzzy Hash: aaa0d620215aa35025fd9b9c7b378edc547bb8e62954e1bdfc81af6fa4322a6a
                            • Instruction Fuzzy Hash: CAD0C9B12092405FC305CA28C854812BBB39BD5204B18C4ADA448C7256DA2AEC43D721
                            Function 05C0C5D8 Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 90eee7f9efdba576d28d8dd748f531f736fe25518ce238c7b0e697319cbcb52b
                            • Instruction ID: f33f28848de97f780b2c66dc0e536b1754c142ebfb9d89f936b53d59cd508a74
                            • Opcode Fuzzy Hash: 90eee7f9efdba576d28d8dd748f531f736fe25518ce238c7b0e697319cbcb52b
                            • Instruction Fuzzy Hash: 50D012317011006BE308CB18CC45B52B7A1EBD8314F64C56CA44DC7335DB36EC03C600
                            Function 05C06D78 Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                            • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                            • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                            • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                            Function 05C05148 Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                            • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                            • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                            • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                            Function 05C301B1 Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 638ee31a50cde293cdefa8f7beb55beac19acaf2d9d5b6ae7629fecec16be990
                            • Instruction ID: 17e583853b5b2ffcef241181d8079cd892d46fd16de40e964eb1d58c4e6873f7
                            • Opcode Fuzzy Hash: 638ee31a50cde293cdefa8f7beb55beac19acaf2d9d5b6ae7629fecec16be990
                            • Instruction Fuzzy Hash: 61C02B302020040BC344C518CC82B98B3B0DB84308F18C0ACE804C7310DB36EC034140
                            Function 05C3DB68 Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 03ddd0473130ba9204fb45fb8f8ecc72cb17cc47b05c1195f0929f91d4bc0082
                            • Instruction ID: e3b3b5f87cd1351f59a194b20f7869deb3e9c8a763c8a6cbe92ce47d03b2f032
                            • Opcode Fuzzy Hash: 03ddd0473130ba9204fb45fb8f8ecc72cb17cc47b05c1195f0929f91d4bc0082
                            • Instruction Fuzzy Hash: 44D012701111405BE740DB14C949B06BBD5EBD6308F15D0ACC8069B127D735D817D710
                            Function 05D91CE8 Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                            • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                            • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                            • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                            Function 05D99FC9 Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 17895c32b1a6928ff1ed673ecd0439da7f8ce5c33b6149f9da57ea8276d3cd6e
                            • Instruction ID: 77a874d50006d463de7b33f6de4324ec32a70ffae82e9ca11403b737af4b0f9a
                            • Opcode Fuzzy Hash: 17895c32b1a6928ff1ed673ecd0439da7f8ce5c33b6149f9da57ea8276d3cd6e
                            • Instruction Fuzzy Hash: 94D0C9725000019BC740CB14C846646F7E1EF59204B1A8458C80EA7206C733B8178B48
                            Function 05C0FCE9 Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8621db0755e6de3fb298163b56808ef3228e94f1ca9eedcca60f6f9eeabbc320
                            • Instruction ID: a356ff7aed5d61d4f24a9bbaa98a1e072c39972e60c505998414e86e6eca9346
                            • Opcode Fuzzy Hash: 8621db0755e6de3fb298163b56808ef3228e94f1ca9eedcca60f6f9eeabbc320
                            • Instruction Fuzzy Hash: EAD012B45115009BC240CB18C809B06BB61F759224F50C26DD4168F1A1CB369903DF44
                            Function 05C05C28 Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                            • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                            • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                            • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                            Function 05C00FB0 Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a5446d640cf54d7803c8631246e4ff44e765c3439885555be6f7bea7f7971444
                            • Instruction ID: 296c0035eef8ae970e276e999736605f20b6d02d3211f58346615fb2cc7f4d65
                            • Opcode Fuzzy Hash: a5446d640cf54d7803c8631246e4ff44e765c3439885555be6f7bea7f7971444
                            • Instruction Fuzzy Hash: 75C04C3511800457E6948904CD46F99B369DF84208F188459ED14E7255CF66F707A559
                            Function 05C09248 Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5b4c2ac708fa16859d13c22cb6f54eb195a60d42ab8275c897850c965dc1408b
                            • Instruction ID: 7ac5da103a501ef6f8596491ab2173123008d675e55f147ef9dd873844d30c54
                            • Opcode Fuzzy Hash: 5b4c2ac708fa16859d13c22cb6f54eb195a60d42ab8275c897850c965dc1408b
                            • Instruction Fuzzy Hash: 12D0A9B1214B404FC380C720880E805BFA09B9B21079AC19FC8058F1A3CA318807DB04
                            Function 05C0CA00 Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                            • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                            • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                            • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                            Function 05C0DD80 Relevance: .0, Instructions: 10COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1eb5201e892597278d0273f0f6cfe51deb0312adb737f8953af9284d191e9c36
                            • Instruction ID: 36a6a4c6a8f136d34f65fd7969335599387d77ba5093c744e22d18b539ee37ce
                            • Opcode Fuzzy Hash: 1eb5201e892597278d0273f0f6cfe51deb0312adb737f8953af9284d191e9c36
                            • Instruction Fuzzy Hash: 59D012705105049BC381CB14D849A09FB60FF99211FA0C15CC41A8B1A1CB359803DB44
                            Function 05C03F72 Relevance: .0, Instructions: 10COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ce036fc5910f3040d5cdb3011a5e9ff335e2cdc3e24c74d7eab2c945b6b0dd2f
                            • Instruction ID: ac5ae4004cefc08c9510d6ff9be8f9fe495e9518e9c73353bbbe91a8d1e9d898
                            • Opcode Fuzzy Hash: ce036fc5910f3040d5cdb3011a5e9ff335e2cdc3e24c74d7eab2c945b6b0dd2f
                            • Instruction Fuzzy Hash: D0C08C3260400427C3808204CC46B54B36ACB80340F28C0592818CB20AEB22FA035888
                            Function 05C02662 Relevance: .0, Instructions: 10COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 76e376eb2523e25c786dbad63c755d3fbed3369f12091d3e81cf874feeb2e6dc
                            • Instruction ID: c2ad671c18b97b2c5147481c0b41a8230b8eb103ac772942e6747ac0992a61e4
                            • Opcode Fuzzy Hash: 76e376eb2523e25c786dbad63c755d3fbed3369f12091d3e81cf874feeb2e6dc
                            • Instruction Fuzzy Hash: 20C088302000000BC288C208CC8ABAAB32ACBC0200F08C0AC2C08CB280CF22FA0BA288
                            Function 05C07002 Relevance: .0, Instructions: 10COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 779408dcce589df469f609b3a55e796ddae149974a8bfa5c30d8ebd843623f71
                            • Instruction ID: f5001ca67a353cf935bfc79f8eb3abeeb2b0e52bec488ccf700f97d024f1a4b6
                            • Opcode Fuzzy Hash: 779408dcce589df469f609b3a55e796ddae149974a8bfa5c30d8ebd843623f71
                            • Instruction Fuzzy Hash: 5AC02B31604000D7C7C5C114CC41FD473B9C780244F18C4583C08CB345CF23FA035488
                            Function 00B80932 Relevance: .0, Instructions: 10COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 63b68c527e44b37b370e66f2bce159c6ad3a47f1d771a91358f64ede0cdd0501
                            • Instruction ID: dce2ae280346d6fcb728b7af17c342cdb122fbfa931b846cd5bc8ca74d294ac6
                            • Opcode Fuzzy Hash: 63b68c527e44b37b370e66f2bce159c6ad3a47f1d771a91358f64ede0cdd0501
                            • Instruction Fuzzy Hash: D9C08C7644D3C00ECB03077228694C87F70582300830903DFC086D68A3D2AA0009C712
                            Function 05C3FB70 Relevance: .0, Instructions: 9COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d0a1bf6e80b3bb4d65ad2402b5c969cd603a1e229e2926591c6a08bc86cd5290
                            • Instruction ID: a63f7b457d77ff4461d0e6d613ee1c88421d3053deb00ecdd130f276f7dc61ca
                            • Opcode Fuzzy Hash: d0a1bf6e80b3bb4d65ad2402b5c969cd603a1e229e2926591c6a08bc86cd5290
                            • Instruction Fuzzy Hash: 1AC09B6570A1805FCB06DF20C4D94547B31DFD7104315C4C9D5458F256DF16DC03A701
                            Function 05D919D1 Relevance: .0, Instructions: 9COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e2e871f6250c88e3f6d3688d0b8cd460c89cf40c598511dd74e4d0d29753b736
                            • Instruction ID: ae54c1bfb9420a47665c904b5e6c9a6794172ede95e9a8b34f016551149cc9de
                            • Opcode Fuzzy Hash: e2e871f6250c88e3f6d3688d0b8cd460c89cf40c598511dd74e4d0d29753b736
                            • Instruction Fuzzy Hash: EBC092322068204BE344C62DCC63755A3E5DB84729FD8D0B96C28CB385EB2AFC17A540
                            Function 05D93AC6 Relevance: .0, Instructions: 9COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7b109c2451ebd72b3eb022314f75d1a1a686f98bcd49a587e8f4d5b9c2a2f579
                            • Instruction ID: c08f37ea399b52bff262c8ea2d14d699b04cd709942420a2f6112f95eefe6c16
                            • Opcode Fuzzy Hash: 7b109c2451ebd72b3eb022314f75d1a1a686f98bcd49a587e8f4d5b9c2a2f579
                            • Instruction Fuzzy Hash: 9DC09B756110009BC280C664C446845F791DB9D245756C45DD4098F215CB32D907D754
                            Function 05C07190 Relevance: .0, Instructions: 9COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 47ddc924f7e2a317c12d6e52d9c260231d2658282d57d5682a6fc14f31f486ba
                            • Instruction ID: d4f2aa3400721bfe60902523ac022581da903acf2b6e1f1382d88270455e7545
                            • Opcode Fuzzy Hash: 47ddc924f7e2a317c12d6e52d9c260231d2658282d57d5682a6fc14f31f486ba
                            • Instruction Fuzzy Hash: EDC08CB2D1C1800FCB46D758DCA00047B718F82201B09C0EF9C45CB292EA26C90BC242
                            Function 00B8276A Relevance: .0, Instructions: 9COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0f605380bf0165d772a73528c19585bf089965f9175064e86d48b63993dd59b5
                            • Instruction ID: b972a6910b18ac5b6129de39bcfa86b1d5e3d286257376f6ed3627097ad5c1ac
                            • Opcode Fuzzy Hash: 0f605380bf0165d772a73528c19585bf089965f9175064e86d48b63993dd59b5
                            • Instruction Fuzzy Hash: 88C01234A40018EBCB056B90EC14ABD7AF2FF88310F2000A8F402A22A0CE210D41AB45
                            Function 05C3ADF8 Relevance: .0, Instructions: 8COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                            • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                            • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                            • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                            Function 05D92560 Relevance: .0, Instructions: 8COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ed2cac0d737aef770f137ea063f26ac47f80cb9482adfa39f6dfcf011b748ab3
                            • Instruction ID: b3a4237479265b402300fb313e2a4ea2298c1a93822e666d947604d63fd67fd7
                            • Opcode Fuzzy Hash: ed2cac0d737aef770f137ea063f26ac47f80cb9482adfa39f6dfcf011b748ab3
                            • Instruction Fuzzy Hash: 30C09BB52045405BE605DF14CC57755F711E741115F55C388D425C73A3DF37E817D681
                            Function 05D93090 Relevance: .0, Instructions: 8COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1aecc78d1c49a6e5e9c955af7ab99b67790ba720049c1f53d2e3ee851b6c3528
                            • Instruction ID: 5b846ba8124851242d99466a1756dbb48899690e1c04ccd7f24267f14d44a07f
                            • Opcode Fuzzy Hash: 1aecc78d1c49a6e5e9c955af7ab99b67790ba720049c1f53d2e3ee851b6c3528
                            • Instruction Fuzzy Hash: 56C092711400019FE604CB90CE96744B722EB84218F68CA8ED805CB351DB23EA43CA80
                            Function 05D91B71 Relevance: .0, Instructions: 8COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d5208ef23b6acd654086682de9f214651f434a46d575a41136c20fc2e48be80b
                            • Instruction ID: f22b429e28534479f0a81a6965f275e0ab9640999a4beca094b0d44563207d5b
                            • Opcode Fuzzy Hash: d5208ef23b6acd654086682de9f214651f434a46d575a41136c20fc2e48be80b
                            • Instruction Fuzzy Hash: 66B0923110050047E20CC629CD67738A322DB8024AFD8C0ACA926CA7C1DE2AEC038680
                            Function 05D9A310 Relevance: .0, Instructions: 8COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 890c86580774c1828d5b5571e08312e210fc9803629e85f92ddc1c03f04310b2
                            • Instruction ID: 44baa1dd98e31c8cd32c6c6074295b0f26a9ece03c194b4a5626c4d2a43bec52
                            • Opcode Fuzzy Hash: 890c86580774c1828d5b5571e08312e210fc9803629e85f92ddc1c03f04310b2
                            • Instruction Fuzzy Hash: 04C09BA75051405FCA11D714CD515047771AFD121475D84D66464CF353CB2BDC078B05
                            Function 05D93300 Relevance: .0, Instructions: 8COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c86881d370c5ba40d9ef88e8f4d480f1512f3205a14e4ee9892847a7085d0381
                            • Instruction ID: 55176f164a2e9494239285672506eb0da96c33a709f2225bb1c159420f04a066
                            • Opcode Fuzzy Hash: c86881d370c5ba40d9ef88e8f4d480f1512f3205a14e4ee9892847a7085d0381
                            • Instruction Fuzzy Hash: EAC09275502101CFE200CB25CCC5714B731FB96229FA8C7D8D825DB2E1EB26E903EB00
                            Function 05C04D58 Relevance: .0, Instructions: 8COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                            • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                            • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                            • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                            Function 05C06E50 Relevance: .0, Instructions: 8COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                            • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                            • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                            • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                            Function 05C048E0 Relevance: .0, Instructions: 8COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                            • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                            • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                            • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                            Function 05C09258 Relevance: .0, Instructions: 8COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                            • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                            • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                            • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                            Function 05D905C0 Relevance: .0, Instructions: 7COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
                            • Instruction ID: e80b9cbb32ce7aa80f269217a2acaa4f8c5de131eb2df65f765f3a476441bad2
                            • Opcode Fuzzy Hash: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
                            • Instruction Fuzzy Hash: 3DB002747054005B8748D65DD951515A7D29BC9215728C4AD641DC7355DE22DD039644
                            Function 05C3DD2B Relevance: .0, Instructions: 6COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 013900281444c862b82157ec3080effd4da4c99b049f80894e9b1780afd36547
                            • Instruction ID: f62047a0b666f03a4471d72af680807c7634682377e4970e9b1e3870b828bd78
                            • Opcode Fuzzy Hash: 013900281444c862b82157ec3080effd4da4c99b049f80894e9b1780afd36547
                            • Instruction Fuzzy Hash: 77B012302050104F9384C608CC41804B351DFC4218318C09C7C08DB316CF33E803C540
                            Function 05C3FFAB Relevance: .0, Instructions: 6COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ea8df42d4ab8309bfa74335e173173835ec9d1518ff423d66d9a79b051bdd4fb
                            • Instruction ID: 92f1866bb8d07f9493b1d3573597d756e8d2fea06532914eb0e04087cea91ee2
                            • Opcode Fuzzy Hash: ea8df42d4ab8309bfa74335e173173835ec9d1518ff423d66d9a79b051bdd4fb
                            • Instruction Fuzzy Hash: 56B012302050005B9344CA08C941804F392DBC8208318C09E6418CB345CF33E8038540
                            Function 05C3FA9B Relevance: .0, Instructions: 6COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 35761e67d53ad37a6488ef1aece2cf635f3784fba95fc468d71e93f470c92072
                            • Instruction ID: 0310f6af7364109588deacdbc252e3f73b4d17d8f8c1c17986ad1dcc8763fa3b
                            • Opcode Fuzzy Hash: 35761e67d53ad37a6488ef1aece2cf635f3784fba95fc468d71e93f470c92072
                            • Instruction Fuzzy Hash: DDB012342050004B9344C609C941814B351DFC8209318C0EC6408CB305CF33E803C640
                            Function 05C3FA1B Relevance: .0, Instructions: 6COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e65b9d7c0985e9f561492ad59ca373bd123f3eb71f7376cd79d9807b2ef1880a
                            • Instruction ID: 731989e3bb7d63289325f0aa44e55b365c43e1b604c823cac66fa7adbd7b1183
                            • Opcode Fuzzy Hash: e65b9d7c0985e9f561492ad59ca373bd123f3eb71f7376cd79d9807b2ef1880a
                            • Instruction Fuzzy Hash: ACB012722040004B9284C609CD41418B351DBC4249318C09DA408CB315CF33E803C540
                            Function 05D90C3B Relevance: .0, Instructions: 6COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dacc89d80838997ccbb9bbac88e15ec53f24a8637fcdd978e8e57c895c71c5d1
                            • Instruction ID: 46945e318d527667a75bb568e880d4b37d37903847cdc907e30235170aa7ad55
                            • Opcode Fuzzy Hash: dacc89d80838997ccbb9bbac88e15ec53f24a8637fcdd978e8e57c895c71c5d1
                            • Instruction Fuzzy Hash: 75B012303040105F9284C608C841414B351FBC420D318C0DD6808CB345CF33E8038580
                            Function 05D90FAB Relevance: .0, Instructions: 6COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9ed5484c72292d5e33e163978a2984e474365275e0bef2502051ce4083269578
                            • Instruction ID: ed9c00560c5808942e19e091d01702db9401d762140c1e517f094c318261b9cf
                            • Opcode Fuzzy Hash: 9ed5484c72292d5e33e163978a2984e474365275e0bef2502051ce4083269578
                            • Instruction Fuzzy Hash: 3AB012312040104B9244C609CD81518B351DBC4209318C09D6408DB309CF33ED038540
                            Function 05D9189B Relevance: .0, Instructions: 6COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3a94a3174c5d6d599fe21f11e821067c5a1f82bc6d60d87794e0083af54fa9fd
                            • Instruction ID: 9326fc0f2b6693da38928cab7dde92bbc539bea67ff2648390016c536551e581
                            • Opcode Fuzzy Hash: 3a94a3174c5d6d599fe21f11e821067c5a1f82bc6d60d87794e0083af54fa9fd
                            • Instruction Fuzzy Hash: C2B012302040005BD244D60DC841414F3B1DFC420A318C09D6808CB345CF33E8039640
                            Function 05C04030 Relevance: .0, Instructions: 6COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 60e24be2614f8a16358bbdd0dcf097404d193b470ea12297c2f546f844468aac
                            • Instruction ID: 50fbceec68fb1248e5ca36b68ae2f9ea924731f74c35ea2667f3eafe45514a57
                            • Opcode Fuzzy Hash: 60e24be2614f8a16358bbdd0dcf097404d193b470ea12297c2f546f844468aac
                            • Instruction Fuzzy Hash: 8DA002020E000823D1C00065FD6FBE7301ED3C0E08F8840192C0880290CC07F32CED6D
                            Function 05D9CED0 Relevance: .0, Instructions: 5COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                            • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                            • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                            • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                            Function 05D9A600 Relevance: .0, Instructions: 5COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                            • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                            • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                            • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                            Function 05D92890 Relevance: .0, Instructions: 5COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                            • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                            • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                            • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                            Function 05D9D040 Relevance: .0, Instructions: 5COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                            • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                            • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                            • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                            Function 05D9A320 Relevance: .0, Instructions: 5COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                            • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                            • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                            • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                            Function 05C024F0 Relevance: .0, Instructions: 5COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                            • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                            • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                            • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                            Function 05C04FE0 Relevance: .0, Instructions: 5COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                            • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                            • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                            • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                            Function 05C03E70 Relevance: .0, Instructions: 5COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                            • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                            • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                            • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                            Function 05C04040 Relevance: .0, Instructions: 5COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                            • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                            • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                            • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                            Function 00B80940 Relevance: .0, Instructions: 5COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ceacda8154cad3d996ad819fbf356b6de0ac7344e6c978f55390f84768aad3a2
                            • Instruction ID: 2564feb6fda57c3fa6ca27f6e033f447777629519eb60dc84953ba0984ce475d
                            • Opcode Fuzzy Hash: ceacda8154cad3d996ad819fbf356b6de0ac7344e6c978f55390f84768aad3a2
                            • Instruction Fuzzy Hash: 2C90023104464C8B455027957C09599775CD5455267804051A50D529115E65A4514695
                            Function 05D93C30 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                            • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                            • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                            • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40

                            Non-executed Functions

                            Function 05564850 Relevance: 16.5, Strings: 12, Instructions: 1497COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4209768348.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5560000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                            • API String ID: 0-312445597
                            • Opcode ID: 6b6edc109d21ab75a2ea7da64d8808ad4cc3e0c10cba5a0cd54150ac83c25d43
                            • Instruction ID: 1a9fee4b687095802742c6d9cec7667d5bb86175ddf99555301023f1daa5afd1
                            • Opcode Fuzzy Hash: 6b6edc109d21ab75a2ea7da64d8808ad4cc3e0c10cba5a0cd54150ac83c25d43
                            • Instruction Fuzzy Hash: 69E24E74B00558CFDB15EF64D884AAEBBF6FB88300F508495E809AB354DB34AD86CF91
                            Function 05564D3D Relevance: 8.2, Strings: 6, Instructions: 696COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4209768348.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5560000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: ,bq$4$$^q$$^q$$^q$$^q
                            • API String ID: 0-2546334966
                            • Opcode ID: 5d5b84aa150eaedf12ceb615b5791f7a1aac2036550008949d1b6b22ce2075a9
                            • Instruction ID: e7da83e38127d5cbe459d656a0e05594482fafb7fc14928ccb72e79117e436de
                            • Opcode Fuzzy Hash: 5d5b84aa150eaedf12ceb615b5791f7a1aac2036550008949d1b6b22ce2075a9
                            • Instruction Fuzzy Hash: 8D624F74A00658CFDB15EF64D884BAEB7B2FB88301F5084A9E5099B354DB34ED86CF91
                            Function 05568F0E Relevance: 3.3, Strings: 2, Instructions: 790COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4209768348.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5560000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: $^q$$^q
                            • API String ID: 0-355816377
                            • Opcode ID: 518d5461429b35577cf9cb466bef5bfabfe0619b1ae9727f5c038297d17cc71c
                            • Instruction ID: d1b00e87d529a725f81765150d35f3967718168d7bb373090ecdc6f38f68c96e
                            • Opcode Fuzzy Hash: 518d5461429b35577cf9cb466bef5bfabfe0619b1ae9727f5c038297d17cc71c
                            • Instruction Fuzzy Hash: DC628B74B005158FE704FFA8D895AAE77F2FB88700F108495E816AB399DB34ED46CB94
                            Function 05C3A1E8 Relevance: 3.2, Strings: 2, Instructions: 675COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: $^q$$^q
                            • API String ID: 0-355816377
                            • Opcode ID: a5be17cfffc2053f5e6059b8fa1ce0b883996a23e1a62e6930cee5fe41b872c8
                            • Instruction ID: 3d2457922272ffcfd140f114883d1f4d282e750ceee54456f663ceb3ed5f75f0
                            • Opcode Fuzzy Hash: a5be17cfffc2053f5e6059b8fa1ce0b883996a23e1a62e6930cee5fe41b872c8
                            • Instruction Fuzzy Hash: 27525F34B106188FCB04FF64D894AADBBB3BF89300F5099A9D40A673A5DB35AD59DF40
                            Function 05C3C100 Relevance: 3.1, Strings: 2, Instructions: 646COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: $^q$$^q
                            • API String ID: 0-355816377
                            • Opcode ID: 1c0c848abfc7e88b5283ebd5bac8408a8d981eab0f3151b161a056fd9bbb8f30
                            • Instruction ID: 83769a72a2fd05c92952d4214a4d74561992a5d47441c01b73376765737b3db4
                            • Opcode Fuzzy Hash: 1c0c848abfc7e88b5283ebd5bac8408a8d981eab0f3151b161a056fd9bbb8f30
                            • Instruction Fuzzy Hash: B0522E34B106188FCB04FF64D894AADBBB3BF99200F5099A9D406673A9DF35AD49DF40
                            Function 05C3A1D7 Relevance: 3.1, Strings: 2, Instructions: 622COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: $^q$$^q
                            • API String ID: 0-355816377
                            • Opcode ID: cd4ed49b1f6b21882343535c03c83fa71beb2fe00fc25478dcb47eb9fee1b073
                            • Instruction ID: 47a838376d488d83cf0f50f58feb29e253036c5e6c37df36c74bac0e75386ff4
                            • Opcode Fuzzy Hash: cd4ed49b1f6b21882343535c03c83fa71beb2fe00fc25478dcb47eb9fee1b073
                            • Instruction Fuzzy Hash: 35424F34B106188FCB04FF64D894A9DBBB3BF89300F5099A9D40A673A9DB35AD59DF40
                            Function 05C3C0D1 Relevance: 3.1, Strings: 2, Instructions: 609COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: $^q$$^q
                            • API String ID: 0-355816377
                            • Opcode ID: 4ab63d612ebbfc61a423121c6bd203f84475f92ffd41b4d33e2d1db915a702a0
                            • Instruction ID: d8d1f1b3448cbad105b0f6d8dfe204421091fd91fd84a448a85bd11ab4e1a71a
                            • Opcode Fuzzy Hash: 4ab63d612ebbfc61a423121c6bd203f84475f92ffd41b4d33e2d1db915a702a0
                            • Instruction Fuzzy Hash: D5424E34B106188FCB04FF74D894A9DBBB3BF99200F5099A9D406673A9DB35AD49DF80
                            Function 05566708 Relevance: 2.9, Strings: 2, Instructions: 389COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4209768348.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5560000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: (bq$,bq
                            • API String ID: 0-1616511919
                            • Opcode ID: 38b46569058754304af102132bb253d99e73d65bb217c07154f68ddc7495396d
                            • Instruction ID: 6d7d55f8783dd6626a3bd014f56d9a80bbde6c99de5bca3cffa4fb54469e8262
                            • Opcode Fuzzy Hash: 38b46569058754304af102132bb253d99e73d65bb217c07154f68ddc7495396d
                            • Instruction Fuzzy Hash: D2F17F34B00659CFDB04DFA8D594AAEB7F2FB88700F15C468E805AB355DB34ED868B91
                            Function 05C038D0 Relevance: 2.8, Strings: 2, Instructions: 313COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: Hbq$Hbq
                            • API String ID: 0-4258043069
                            • Opcode ID: 354dde3b9e975bc855144bbd25218969242167ae0f2777188bf49fe5cb35538f
                            • Instruction ID: 7a41048c36cae52fa9a16459efd2635bc45f8802a0cd41d6dc384d11e2cca86a
                            • Opcode Fuzzy Hash: 354dde3b9e975bc855144bbd25218969242167ae0f2777188bf49fe5cb35538f
                            • Instruction Fuzzy Hash: EFC191307005559FCB04EF28D984AAE77E2FF88704F158AA4E8069B399DB34ED46CBD0
                            Function 00B81CB1 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: 4'^q$4'^q
                            • API String ID: 0-2697143702
                            • Opcode ID: 8eb18644f182bb81826d0725349182f4542311f56d758e29e20cd2a8c445c8c7
                            • Instruction ID: 9ef3827f8ef8bba3298e2a81c218930e75ebc9ae21b58ef92779e195d37cf5ed
                            • Opcode Fuzzy Hash: 8eb18644f182bb81826d0725349182f4542311f56d758e29e20cd2a8c445c8c7
                            • Instruction Fuzzy Hash: 86610C74A002048FE709EF7AE9416AABBE3FBC8700F14C579D0449B279EF38554A8F51
                            Function 00B81CC0 Relevance: 2.6, Strings: 2, Instructions: 149COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: 4'^q$4'^q
                            • API String ID: 0-2697143702
                            • Opcode ID: 708a2c49023964cc82bad39d7dfa015bb5ce858c3588a12cdb755de691ce457b
                            • Instruction ID: 6292f7bfd948f1eff281c0e4b07c99c42f3bcb59a5ace78910f88b6adabe14c5
                            • Opcode Fuzzy Hash: 708a2c49023964cc82bad39d7dfa015bb5ce858c3588a12cdb755de691ce457b
                            • Instruction Fuzzy Hash: 2C510B74A006048FE709EF7AE9416AABBE3FBC8700F14C579D0449B279EF39594A8B51
                            Function 05D93DC5 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID: 0-3916222277
                            • Opcode ID: 66f180a47fc775bf43c2cb6fb9999d7543239cd3f448e58103ce099b6da269ae
                            • Instruction ID: c0c0137cabc52925f73029779e83d7884cc71fbd3032927e877f77b272424dea
                            • Opcode Fuzzy Hash: 66f180a47fc775bf43c2cb6fb9999d7543239cd3f448e58103ce099b6da269ae
                            • Instruction Fuzzy Hash: 2481D4747408108FCB04FB34F955969B3B6FB9871074189E6981A5B39EEB70BD0ACBD0
                            Function 0556DF20 Relevance: .6, Instructions: 603COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4209768348.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5560000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c473ddf7cd76990066d6ab8e285fb58ff580e24b4f320819ad39267ecc221c02
                            • Instruction ID: 6f7851d34c46af8d098fcf0297e8461afe7d14f14141ba3e498f4d218910e666
                            • Opcode Fuzzy Hash: c473ddf7cd76990066d6ab8e285fb58ff580e24b4f320819ad39267ecc221c02
                            • Instruction Fuzzy Hash: A8422A34B015458FDB05EF64D895AAE77B7FF88300F5085A5E8069B3A8DB34AC46CB91
                            Function 00B822F0 Relevance: .6, Instructions: 565COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5ce886c094ce25802333581a8695c04b9278111ec43b6abefcf670516a030348
                            • Instruction ID: f00142912d6eb8ed6ee311968373154919be6402a9dda434761c7855a8b90c22
                            • Opcode Fuzzy Hash: 5ce886c094ce25802333581a8695c04b9278111ec43b6abefcf670516a030348
                            • Instruction Fuzzy Hash: C432FBEAF0E6C54FC712CB7899A8199BFF0AF6620974A46DFD080DB257F214D806CB45
                            Function 00B822D9 Relevance: .6, Instructions: 565COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cfabb6a46c48f4d5c4f2528cff4a50b480ea098d73fba87f8f08a8a7b9476bec
                            • Instruction ID: 0676f129d7d98b7fc39853b1b80b7a6cef86a7ffc953ab81b1f5cec1e142ffe0
                            • Opcode Fuzzy Hash: cfabb6a46c48f4d5c4f2528cff4a50b480ea098d73fba87f8f08a8a7b9476bec
                            • Instruction Fuzzy Hash: D632FBEAE0E6C54FC712CB7899A4199BFF0AF6620974A46DFD080DB257F214DC06CB45
                            Function 00B82307 Relevance: .6, Instructions: 565COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b87301ce16d866d4d4f63507785b63f4ac602abc5758e4953b7b35cdb6900953
                            • Instruction ID: e3e8a040b4bf803f45a8f806996a2acbc8a99450b16003fa69eb0112302f0981
                            • Opcode Fuzzy Hash: b87301ce16d866d4d4f63507785b63f4ac602abc5758e4953b7b35cdb6900953
                            • Instruction Fuzzy Hash: 2532FBEAE0E6C54FC712CB7899A4199BFF0AF6620974A46DFD080DB257F218D806CB45
                            Function 00B822C4 Relevance: .6, Instructions: 564COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3627aae510ddfd98b14e4ec383d97aaa5a98988b2708aeb857464c8693dc4612
                            • Instruction ID: f903d69b9fa5089e9225aa2ea0b4b27245324f0c1ff3e5d04586653b277d19ba
                            • Opcode Fuzzy Hash: 3627aae510ddfd98b14e4ec383d97aaa5a98988b2708aeb857464c8693dc4612
                            • Instruction Fuzzy Hash: 8E32FCEAE0E6C54FC712CB7C99A4199BFF0AF6620974A46DFD080DB257F214D806CB45
                            Function 00B82382 Relevance: .6, Instructions: 564COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 84f34fffe0df7400c873054c74a5122eaf7016b896d972ce8dd3bc2bda30529c
                            • Instruction ID: e7c30c378c4be33bbe1af9bc63818ef3b435230b2a153b54b0682b8083c2a22d
                            • Opcode Fuzzy Hash: 84f34fffe0df7400c873054c74a5122eaf7016b896d972ce8dd3bc2bda30529c
                            • Instruction Fuzzy Hash: E032FBEAE0E6C54FC712CB7C99A8199BFF0AF6620974A46DFD080DB257F214D806CB45
                            Function 00B8236A Relevance: .6, Instructions: 564COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 871f2f25d30e49189c41e6c48464409a6cc66e6a38f103f7cb8e949c9c10e2f9
                            • Instruction ID: 638bf0044cc87449927d2d1c6fb52bdbf01306143bd627b8309839c84a320ecf
                            • Opcode Fuzzy Hash: 871f2f25d30e49189c41e6c48464409a6cc66e6a38f103f7cb8e949c9c10e2f9
                            • Instruction Fuzzy Hash: 2932FBEAF0E6C54FC712CB7899A8199BFF0AF6620974A46DFD080DB257F214D806CB45
                            Function 00B82352 Relevance: .6, Instructions: 564COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 51a60f080b6d9e8dfe132faad3961fb8f0afcfdf037fb28d0f960d1b94710be1
                            • Instruction ID: d7f157491dc8c7e22742d113b2aaf80fd92e10885d35d7023d58425142d5e274
                            • Opcode Fuzzy Hash: 51a60f080b6d9e8dfe132faad3961fb8f0afcfdf037fb28d0f960d1b94710be1
                            • Instruction Fuzzy Hash: 6E32FCEAE0E6C54FC712CB7899A8199BFF0AF6620974A46DFD080DB257F214DC06CB45
                            Function 00B842B0 Relevance: .6, Instructions: 556COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 346d7572337b678decda8ef0b2665a353e164c53fe80450cbb9f873cda4b21a3
                            • Instruction ID: 30c2fbb434f461159c98ae347c4fd752f30085d4998dad7dee5846e3058be173
                            • Opcode Fuzzy Hash: 346d7572337b678decda8ef0b2665a353e164c53fe80450cbb9f873cda4b21a3
                            • Instruction Fuzzy Hash: 5732FBEAE0E6C54FC712CB7899A4199BFF0AF6620874A46DFD080DB257F214DC06CB85
                            Function 05C3DE48 Relevance: .4, Instructions: 416COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3cc6cbd3fd5daf6db78dbea1a6f9ae6fbcccb51b7295226fe4e54478ca1f7461
                            • Instruction ID: 2ccaf53c89ebca1e8dad564af569c0c95f34c2472d8541ccb0eb27341bd83dff
                            • Opcode Fuzzy Hash: 3cc6cbd3fd5daf6db78dbea1a6f9ae6fbcccb51b7295226fe4e54478ca1f7461
                            • Instruction Fuzzy Hash: 1F026E70B006198FDB48DFA9C495A6EFBF2FB88300F108929D5569B355CB34E945CB91
                            Function 05D961E9 Relevance: .3, Instructions: 295COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f174c85f80ca4c8fbfc59e87272efc4886c488e90aa871d39ac136c5613817b2
                            • Instruction ID: ee6188c600c773fe35c2c683a6dd7ce497fedd0b034dba2493f30f7e16c47ce9
                            • Opcode Fuzzy Hash: f174c85f80ca4c8fbfc59e87272efc4886c488e90aa871d39ac136c5613817b2
                            • Instruction Fuzzy Hash: 8EC13C74B405158FD758FF28D958A6A73F2EB88700F1185E9940ADB399EA34ED46CFC0
                            Function 05D961E0 Relevance: .3, Instructions: 295COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f66222c8ef317ab286a10b899e404e3d9fa278b43cccde7f5515c6abd0699183
                            • Instruction ID: e2f85025e159aa895bd5803105352f4ca3ef84ca7efa75c3a51656e5d949ca34
                            • Opcode Fuzzy Hash: f66222c8ef317ab286a10b899e404e3d9fa278b43cccde7f5515c6abd0699183
                            • Instruction Fuzzy Hash: 0EC13C74B405158FDB48FF28D958A6A73F2EB88700F1185E9940ADB399EA34ED46CFC0
                            Function 05C33628 Relevance: .3, Instructions: 274COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212169217.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c30000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a1b2f4ffa38c37f4d175a70d97c3b72304568cf993aff0694ec292423db15697
                            • Instruction ID: 19cbb2463c448143098a776abca4b56b145139332b3e48dc424c9078debab09a
                            • Opcode Fuzzy Hash: a1b2f4ffa38c37f4d175a70d97c3b72304568cf993aff0694ec292423db15697
                            • Instruction Fuzzy Hash: 88A15F357405459FDB15FF34E995A7E77A3BBC8700B6089A9EC069B3A9DB30AC05CB80
                            Function 05D962CD Relevance: .2, Instructions: 245COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4212669548.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5d90000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 41e5dc964687c68a7afd26d645c001c397e2fe2fb1782906844f4d63093c5457
                            • Instruction ID: 423ba6d3f986c1851096577c8391abdb89e0681383ae268588773996c3007603
                            • Opcode Fuzzy Hash: 41e5dc964687c68a7afd26d645c001c397e2fe2fb1782906844f4d63093c5457
                            • Instruction Fuzzy Hash: 87B13B74B405158FDB58FF28D958A6A73F2EB88700F1185E9940ADB399EB34ED46CF80
                            Function 00B84830 Relevance: .2, Instructions: 199COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.4200194169.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_b80000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7f6a6a88a6cb72f6d6f7683dc582f046836da7dcd9ea625266126cd73695e86d
                            • Instruction ID: e4b0304bb5b01dc56ba6259f4a61659fdae3cd452b0da9d8a5d45f991f3759b1
                            • Opcode Fuzzy Hash: 7f6a6a88a6cb72f6d6f7683dc582f046836da7dcd9ea625266126cd73695e86d
                            • Instruction Fuzzy Hash: 24715971E0052A8FDB14DFA9C8816AEFBF2FB88310F188669D425E7255D734E946CB90
                            Function 05C04440 Relevance: 7.7, Strings: 6, Instructions: 235COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
                            • API String ID: 0-723292480
                            • Opcode ID: 6f3a047efdd94b3439b2d9831e6e60c57349072a03bc62eb1193bcb97b181480
                            • Instruction ID: 013ea6ab3c598c0c4195cb3c492807a6d091b0dd4423b9fd2824ec0099f8c11a
                            • Opcode Fuzzy Hash: 6f3a047efdd94b3439b2d9831e6e60c57349072a03bc62eb1193bcb97b181480
                            • Instruction Fuzzy Hash: A381E8306401088FC708FF68E9956AF7BF7FB88310F504999D5069B3A9DE35AD46CB90
                            Function 0556C500 Relevance: 5.3, Strings: 4, Instructions: 252COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4209768348.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5560000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: (bq$(bq$(bq$(bq
                            • API String ID: 0-2632976689
                            • Opcode ID: bdd9b7e3cfa21fb1af07b585222fddf187fd6194cb2afed2680410e2259ea620
                            • Instruction ID: e959b0388021578e56e7dbd9b909a718c6aa1ad4dd8babdc05fe17903bc1ac30
                            • Opcode Fuzzy Hash: bdd9b7e3cfa21fb1af07b585222fddf187fd6194cb2afed2680410e2259ea620
                            • Instruction Fuzzy Hash: B991A0313005549FCB04EF68D895AAF7BE2FB88310B5489A9E8068B395DF34ED468BD0
                            Function 05C0AFC0 Relevance: 5.2, Strings: 4, Instructions: 235COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.4210331108.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_5c00000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: (_^q$(_^q$(_^q$(_^q
                            • API String ID: 0-2697572114
                            • Opcode ID: 5add1be83961c199676f73714421874b7782993645c0abd355ad4b84e0e23204
                            • Instruction ID: ba6471d99c6529fdb4e8f860e7ac9c437ecd12f915ca10eca7178e39d2b72be1
                            • Opcode Fuzzy Hash: 5add1be83961c199676f73714421874b7782993645c0abd355ad4b84e0e23204
                            • Instruction Fuzzy Hash: 6191B575B045088FD704FFB8D85556E77F6FB89304B5089A9D406AB399EF30AD4ACB80

                            Executed Functions

                            Function 07DA1820 Relevance: 5.6, Strings: 4, Instructions: 588COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.1767227294.0000000007DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DA0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_7da0000_powershell.jbxd
                            Similarity
                            • API ID:
                            • String ID: 4'^q$4'^q$4'^q$4'^q
                            • API String ID: 0-1420252700
                            • Opcode ID: b3a48728f22e6ffa4b07fb05d92c246e3d9a5f01cea44663d0de7b93fc9e92be
                            • Instruction ID: f28ba5b5d9968a322a6cd6b7c38cf4f36cc2eb8bbc64563f9cf11c6aff42dc7e
                            • Opcode Fuzzy Hash: b3a48728f22e6ffa4b07fb05d92c246e3d9a5f01cea44663d0de7b93fc9e92be
                            • Instruction Fuzzy Hash: BB1227B1B04319AFCB159B789801A6AFBF6BFC6310F1484AAD545CF391DB32C945C7A2
                            Function 04F39743 Relevance: .9, Instructions: 922COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.1762860135.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_4f30000_powershell.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 500267451bc56360432cdd982f097a8d4d6f6b3656db08d9cd1dca11fbca067d
                            • Instruction ID: bc5912acd1ed25384706808906e23cd10e146ee4a2817e942f78804a3894b5ac
                            • Opcode Fuzzy Hash: 500267451bc56360432cdd982f097a8d4d6f6b3656db08d9cd1dca11fbca067d
                            • Instruction Fuzzy Hash: 9B41DF75A052448FCB05DF68D4909DCFFB1FF49214F094296D884AB263DA31AC86CB60
                            Function 04F329F0 Relevance: .2, Instructions: 211COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.1762860135.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_4f30000_powershell.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b9f731035c796191627bde2cbd1431c7697bf3bec0ceafe2294dd23d0b1665c2
                            • Instruction ID: 3150d84e077076332da7f26a1f94b0a93361a976780e537551dacd0c26f70559
                            • Opcode Fuzzy Hash: b9f731035c796191627bde2cbd1431c7697bf3bec0ceafe2294dd23d0b1665c2
                            • Instruction Fuzzy Hash: CA918BB4A002498FCB15CF59C4949AEFBB1FF88310B2585A9E815AB365C735FC52CFA0
                            Function 07DA1804 Relevance: .1, Instructions: 136COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.1767227294.0000000007DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DA0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_7da0000_powershell.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 57981bbc9633ada4683ffb154d9b68dcd2492ea9208a7ce88d7a20d902cab846
                            • Instruction ID: 385a9ed16a1d84df1eb5f29e35677833700c36e4d760ba2f41a57048f1c2b357
                            • Opcode Fuzzy Hash: 57981bbc9633ada4683ffb154d9b68dcd2492ea9208a7ce88d7a20d902cab846
                            • Instruction Fuzzy Hash: A44104F1A0031ABFDB208F78C942B6AFBB6BB81354F5480A6D5409F251D736D941C7A2
                            Function 04F36C83 Relevance: .1, Instructions: 96COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.1762860135.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_4f30000_powershell.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bc9665936f01e6413b96105c4de1bfb731a9b40dad88c06d2029ae4997f73905
                            • Instruction ID: accf47b33792162e36654e2da9f22b2905b80120b8870a6192c09910db44aeef
                            • Opcode Fuzzy Hash: bc9665936f01e6413b96105c4de1bfb731a9b40dad88c06d2029ae4997f73905
                            • Instruction Fuzzy Hash: 9A31C475A00208AFDB14DFA9E58499DFBF2FF88721B258065E908E7311D731E8858BA0
                            Function 04F36C90 Relevance: .1, Instructions: 94COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.1762860135.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_4f30000_powershell.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 97e7eeb0272a8be5a857ca80df7b2241b570816c38422088d05d91d87a4a9f78
                            • Instruction ID: 27d88fbc7ce252420c9069829b4797b5c47a58a1ee8872e1c30a5326e8df101e
                            • Opcode Fuzzy Hash: 97e7eeb0272a8be5a857ca80df7b2241b570816c38422088d05d91d87a4a9f78
                            • Instruction Fuzzy Hash: 6641D375A01208AFDB14DFA9D58499EFBF2FF48311F158099E818E7321D735E886CB64
                            Function 04F39095 Relevance: .1, Instructions: 87COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.1762860135.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_4f30000_powershell.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d89b7b498feff64f06013184676a69f2731134d4f3c3b681a72853870388ee33
                            • Instruction ID: 4a090f39b384ba19895daa2fdcab6c33770cd0daa248a9bc34a5b212df0be3a1
                            • Opcode Fuzzy Hash: d89b7b498feff64f06013184676a69f2731134d4f3c3b681a72853870388ee33
                            • Instruction Fuzzy Hash: 1131C174A042458FCB01DF6CC8949ADFBB1FF89310B258196C895AF3A2C771EC46CBA0
                            Function 04F390F8 Relevance: .1, Instructions: 67COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.1762860135.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_4f30000_powershell.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 99cc8c7e700f856ddc835c9b8c407666d0c3f50ece354f9e3687b47e9c158886
                            • Instruction ID: b7b642027b9290aac6c3977626bb0ccf52366341555c44d0e2de951b93c0ac34
                            • Opcode Fuzzy Hash: 99cc8c7e700f856ddc835c9b8c407666d0c3f50ece354f9e3687b47e9c158886
                            • Instruction Fuzzy Hash: 3C21E4B4A002099FCB04DF59C9849AAFBB1FF88310B258569E919EB361C731FC51CBA0
                            Function 04F390F7 Relevance: .1, Instructions: 64COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.1762860135.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_4f30000_powershell.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dea731adef8889c73db7fb2614e62c070f3745a6507384d0d20b3f9eb9f2ca9f
                            • Instruction ID: 4f8a8b56be08ef5a68e027af37d3f3fb5fdb2512a58e7aadcc9340581656d70b
                            • Opcode Fuzzy Hash: dea731adef8889c73db7fb2614e62c070f3745a6507384d0d20b3f9eb9f2ca9f
                            • Instruction Fuzzy Hash: 4A21D5B4A005099FCB04DF59C9849AAFBB1FB88310B158559E909EB761C771FC51CBA0
                            Function 04D8D01D Relevance: .0, Instructions: 45COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.1762357486.0000000004D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D8D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_4d8d000_powershell.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 261f52d86458cf0d1ec77794b54726ebcccb2c5093c29efd6d5c3190795b9e91
                            • Instruction ID: f87204a2f085d2b102584e5385b2d291294e218db44592bb2c0df17d05500dc3
                            • Opcode Fuzzy Hash: 261f52d86458cf0d1ec77794b54726ebcccb2c5093c29efd6d5c3190795b9e91
                            • Instruction Fuzzy Hash: 90012B712083049AE7106E26ED84B77FF99EF41324F18C52DED484F2C6C679E845C6B1
                            Function 04D8D005 Relevance: .0, Instructions: 45COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.1762357486.0000000004D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D8D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_4d8d000_powershell.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0226139b5667398425bcb1cbc58c8f6676992ce149b1f488ded226ef89139204
                            • Instruction ID: d5a405d39aab3c84d8bd88e040f2b875e3dabafe6b57bdc469ba672f96cff6cd
                            • Opcode Fuzzy Hash: 0226139b5667398425bcb1cbc58c8f6676992ce149b1f488ded226ef89139204
                            • Instruction Fuzzy Hash: 82014C6210E3C09FD7129B259C94B62BFB4EF43224F19C1DBD9888F1E3C2699849C772
                            Function 04F3761B Relevance: .0, Instructions: 45COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.1762860135.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_4f30000_powershell.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: de1cc170f741492d07eb4fb2426fa55f21b28dc4e9ee41cc1753571f378341c3
                            • Instruction ID: 9c7b21304827d0d1f5fbc1f085a3a89044adc4e7ddabd9ac452f35026ffa7ba8
                            • Opcode Fuzzy Hash: de1cc170f741492d07eb4fb2426fa55f21b28dc4e9ee41cc1753571f378341c3
                            • Instruction Fuzzy Hash: 6C014FB8B402159FCB04DB98D490AADF7B1FF8D314B248199D95AAB365CA36EC03DB50
                            Function 04F376B7 Relevance: .0, Instructions: 30COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000001.00000002.1762860135.0000000004F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F30000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_4f30000_powershell.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7b8684b3b07304e8ec8bba143d7e756e0fc2ee6b4ea96ea400beec18e97abba3
                            • Instruction ID: 4825823d63d06c8dcba90e69fc36237e67d568081d70a97cf592fe0d1e0c6078
                            • Opcode Fuzzy Hash: 7b8684b3b07304e8ec8bba143d7e756e0fc2ee6b4ea96ea400beec18e97abba3
                            • Instruction Fuzzy Hash: 21F08CB5F002058BCB04EA9DD9A0AAEF7B2EBC4355F14C529D819AB355C636EC43CB90

                            Non-executed Functions

                            Function 07DA1460 Relevance: 12.8, Strings: 10, Instructions: 323COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.1767227294.0000000007DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DA0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_7da0000_powershell.jbxd
                            Similarity
                            • API ID:
                            • String ID: 4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q$$^q$Jl$Jl
                            • API String ID: 0-3468176975
                            • Opcode ID: ebb79d5ce718be09dd6373c319f51c90a48c7fc69e9332650c6f6282d55a9876
                            • Instruction ID: 7b614bdcb847b62ae36f8a3126bf6ded17e705cebd795db3d148379e75bd1925
                            • Opcode Fuzzy Hash: ebb79d5ce718be09dd6373c319f51c90a48c7fc69e9332650c6f6282d55a9876
                            • Instruction Fuzzy Hash: 50A116B2704319AFCB259A6D9800A66FBF6BFC6720F18846AD445CB391DA33CC45C7A1
                            Function 07DA0560 Relevance: 12.8, Strings: 10, Instructions: 323COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.1767227294.0000000007DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DA0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_7da0000_powershell.jbxd
                            Similarity
                            • API ID:
                            • String ID: 4'^q$4'^q$tP^q$tP^q$#Dk$$^q$$^q$$^q$Jl$Jl
                            • API String ID: 0-1749917598
                            • Opcode ID: 9d36dcd416b5365bc0ed50f3d9d3b507e209fe148a729e2fa7d685bb49fa8a41
                            • Instruction ID: de60aabf08feb1b4739f5fb2805bed486d23b4bf8e0dd5125cf6d720c1df5d47
                            • Opcode Fuzzy Hash: 9d36dcd416b5365bc0ed50f3d9d3b507e209fe148a729e2fa7d685bb49fa8a41
                            • Instruction Fuzzy Hash: 9AA146B2B04316AFCB255A79981067AFBE5BFC6620B18846BD445CF391EB32C845C7E1
                            Function 07DA11B0 Relevance: 8.9, Strings: 7, Instructions: 188COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.1767227294.0000000007DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DA0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_7da0000_powershell.jbxd
                            Similarity
                            • API ID:
                            • String ID: 4'^q$4'^q$$^q$$^q$$^q$Jl$Jl
                            • API String ID: 0-392414880
                            • Opcode ID: a1388d51813fff0aeac953aa3edad82f21ae8d80778941191cb70e417539c231
                            • Instruction ID: 3969f846e0796f01fa64b247108d2868f2e91884a0821d1714b8740736816c02
                            • Opcode Fuzzy Hash: a1388d51813fff0aeac953aa3edad82f21ae8d80778941191cb70e417539c231
                            • Instruction Fuzzy Hash: E15115B1B0431EEFCB259E69980176AFBB6BFC2210F18846BD445CB655DA33C845C7A1
                            Function 07DA0308 Relevance: 6.3, Strings: 5, Instructions: 77COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.1767227294.0000000007DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DA0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_7da0000_powershell.jbxd
                            Similarity
                            • API ID:
                            • String ID: 4'^q$4'^q$4'^q$$^q$$^q
                            • API String ID: 0-2831958266
                            • Opcode ID: 3abb8a08b6c50460439c41ec2888eaab140fb12383f9d983a7f53d10bc2fc51a
                            • Instruction ID: 3ab762e9ba8b26e2521f273a16c6766dded0c58f4baaf4570350e4b2ba8ec00d
                            • Opcode Fuzzy Hash: 3abb8a08b6c50460439c41ec2888eaab140fb12383f9d983a7f53d10bc2fc51a
                            • Instruction Fuzzy Hash: 12113F71F497466FC726262C382016AEFB27FC3951729049BC045CF35BDD158C4983A7
                            Function 07DA32C0 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000001.00000002.1767227294.0000000007DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DA0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_1_2_7da0000_powershell.jbxd
                            Similarity
                            • API ID:
                            • String ID: $^q$$^q$$^q$$^q
                            • API String ID: 0-2125118731
                            • Opcode ID: 4d481243d94559b4c6d6eca3748d97e8128d74de30e32afd946c823d583beaf3
                            • Instruction ID: 2a5dba33c389a68411692f9eb14035fd22c6e0da01536225b3b244aa418d0ea6
                            • Opcode Fuzzy Hash: 4d481243d94559b4c6d6eca3748d97e8128d74de30e32afd946c823d583beaf3
                            • Instruction Fuzzy Hash: 952147B1B48306BBDB38997E9C01B37E6DB7BC0711F24882AA445CF385CE36C8418321

                            Executed Functions

                            Function 013E1F48 Relevance: 2.2, Strings: 1, Instructions: 948COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000003.00000002.2009772821.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_3_2_13e0000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: Deq
                            • API String ID: 0-948982800
                            • Opcode ID: bc9e8eef9cc0e5d6be709a78ae0de6a08dc939dd8d8af7165bfbdc486dbcb84b
                            • Instruction ID: 453ea343f446c43e50a1bd4f8fe6dab575d7eb593ea3c9708976d79ad64dd44e
                            • Opcode Fuzzy Hash: bc9e8eef9cc0e5d6be709a78ae0de6a08dc939dd8d8af7165bfbdc486dbcb84b
                            • Instruction Fuzzy Hash: 7D829D71A40316CFCBA5CF68C8946D9BBF1FF85324B29856DD4819B642E738AD42CF84
                            Function 013E19A2 Relevance: 5.1, Strings: 4, Instructions: 141COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000003.00000002.2009772821.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_3_2_13e0000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: Te^q$Te^q$Te^q$Te^q
                            • API String ID: 0-2929563283
                            • Opcode ID: aae37916821ed9a3a41ab7343d3863adb411bce5a2db4bf4b687975420d93fbe
                            • Instruction ID: b7f7f28515aa7f1d18b53a69e7ab1e1407c3b11d0374a231526dacfa30a6df41
                            • Opcode Fuzzy Hash: aae37916821ed9a3a41ab7343d3863adb411bce5a2db4bf4b687975420d93fbe
                            • Instruction Fuzzy Hash: 96512974B002158FCB08DF68C598AADBBF2BF88714B2544A9E446EF3A5DB749C05CB50
                            Function 013E1F38 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000003.00000002.2009772821.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_3_2_13e0000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: Deq
                            • API String ID: 0-948982800
                            • Opcode ID: b148129e4eb71be6bed43cfe624f6e86fecc390498096a57bd547999828700a1
                            • Instruction ID: a595ccb66838fed44cee3e34ebbd41ab3585efa5fe16124cb242c3dd32f6613b
                            • Opcode Fuzzy Hash: b148129e4eb71be6bed43cfe624f6e86fecc390498096a57bd547999828700a1
                            • Instruction Fuzzy Hash: 9A619E746006118FCB14DF29D588A9ABBF6FF88314B66C168E805EB3A1DB35EC41CF94
                            Function 013E1838 Relevance: .1, Instructions: 60COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000003.00000002.2009772821.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_3_2_13e0000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fbc628954942171e1e626d982054507bebb7d439341647947ee7c1fe0e5f152e
                            • Instruction ID: e15a0dcae6149b47e0b2b1de17dd6b6e23df7effe4d185f7243dc1d70e7a0df4
                            • Opcode Fuzzy Hash: fbc628954942171e1e626d982054507bebb7d439341647947ee7c1fe0e5f152e
                            • Instruction Fuzzy Hash: 6A11E3307102048FCB14EBBAC85899A7BE6EF883447108478E406DB364EF34EC018B90
                            Function 013E1848 Relevance: .1, Instructions: 53COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000003.00000002.2009772821.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_3_2_13e0000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1d27c345487338ddf5786bdc0947b28ac83c8b2159af6d593ceaf0ca63f2ea3f
                            • Instruction ID: 7496bce57645aa9c08ba5f2afb78d46d91f4eb7e994a153dc0d382cdcb155e52
                            • Opcode Fuzzy Hash: 1d27c345487338ddf5786bdc0947b28ac83c8b2159af6d593ceaf0ca63f2ea3f
                            • Instruction Fuzzy Hash: 9E11A5307002148FCB14EF7AC86895B7BE6EF882547508479E846DB364EF74EC018BD1
                            Function 013E1862 Relevance: .0, Instructions: 34COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000003.00000002.2009772821.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_3_2_13e0000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e040e2d0ddc51940afa6b9679c9c3e21d4cfdd5d777ffb1da8dba2be4ef8f4cc
                            • Instruction ID: 9abd2f0572fc0a9988ad49bdc2e728ca17730ac090b3128540fe33c020f6df8a
                            • Opcode Fuzzy Hash: e040e2d0ddc51940afa6b9679c9c3e21d4cfdd5d777ffb1da8dba2be4ef8f4cc
                            • Instruction Fuzzy Hash: FCF0E731A40218CFDB28DB65D55DBAE7BF5AB48704F1100A8E502AB2D0CB759D80DB61
                            Function 013E0897 Relevance: .0, Instructions: 30COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000003.00000002.2009772821.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_3_2_13e0000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a3b701322c242cd6a09c1c7097a96d2aee182f81d7fcf38e561eaf73b14ae4c5
                            • Instruction ID: 2681586cc1c4704597d06f2210b8dacebd3a113687c5af200d4629e09d863348
                            • Opcode Fuzzy Hash: a3b701322c242cd6a09c1c7097a96d2aee182f81d7fcf38e561eaf73b14ae4c5
                            • Instruction Fuzzy Hash: 5DF0A074A08309FFCB04EBA0DD544ED7BB9FA122047200196F445DB281E6322E059BA1
                            Function 013E0979 Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000003.00000002.2009772821.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_3_2_13e0000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 341b95c82d4cdd94bf8da02f7e7b06d339f2d50c5ef9257c53799da33144f5dd
                            • Instruction ID: 7b736dae22499a04f32e6e96f9d3d5f9adcb6cc81d413ae67d9a5b6674d3743e
                            • Opcode Fuzzy Hash: 341b95c82d4cdd94bf8da02f7e7b06d339f2d50c5ef9257c53799da33144f5dd
                            • Instruction Fuzzy Hash: 1FE06530F045148FE3199F65E00839A72EAFBA4B04F158175A5855F695DB3888014B86
                            Function 013E0860 Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000003.00000002.2009772821.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_3_2_13e0000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7816b902074f9c502244271cdffe2a2417595fd2d8b853fa385497d765bb8217
                            • Instruction ID: ba764725643118c4a0c63706b7a58d641febd4492cc6bba036adf6d20c3118d4
                            • Opcode Fuzzy Hash: 7816b902074f9c502244271cdffe2a2417595fd2d8b853fa385497d765bb8217
                            • Instruction Fuzzy Hash: 0BD06C6045F3C44EDB0343B11A389803FB0996321034A59DBC0C4CA0A7D49D6A8AABA2
                            Function 013E08A8 Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000003.00000002.2009772821.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_3_2_13e0000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ba0c9070a518439faa5793d3fd528a40995a3018b0b17892920536a02691a88f
                            • Instruction ID: ec61b286de4f234950a4a462bc078efa8d85ff1116a1ebab07fad2b4560ea7ea
                            • Opcode Fuzzy Hash: ba0c9070a518439faa5793d3fd528a40995a3018b0b17892920536a02691a88f
                            • Instruction Fuzzy Hash: 65E04F34B0430DEFC704EFA4DA044AC7BF9FB0020872045A8F546DB684EA752E008FD1
                            Function 013E0932 Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000003.00000002.2009772821.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_3_2_13e0000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7f4a19934b093793c57e3df51b2025c6c1af431b978244bd84c94ee627c7649d
                            • Instruction ID: ccc6e3d60b4ad0d5a2a6a4c7e835ee35ee39b048a360f31be60b569aacf859e4
                            • Opcode Fuzzy Hash: 7f4a19934b093793c57e3df51b2025c6c1af431b978244bd84c94ee627c7649d
                            • Instruction Fuzzy Hash: D1C012B285D3C4AFCBA3036524160A8BF746D2312430A92DBC08A8A953916F4846CF21
                            Function 013E276A Relevance: .0, Instructions: 9COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000003.00000002.2009772821.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_3_2_13e0000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 41393939368ae3d6a057a780f7a5a5d8a1398b346f5a3b253d68b56f53324357
                            • Instruction ID: c80c29c2c397e535c48120d444f1efbb9c3c76fd35d8d33481a1fc4378600d1f
                            • Opcode Fuzzy Hash: 41393939368ae3d6a057a780f7a5a5d8a1398b346f5a3b253d68b56f53324357
                            • Instruction Fuzzy Hash: 7AC08C34E00118FFCF256B90EC249FD7632FF84300F200028F482A63A0CA221C409F40
                            Function 013E0940 Relevance: .0, Instructions: 5COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000003.00000002.2009772821.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_3_2_13e0000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 277eb12bb7c4174862589fea930e5880e79a2be8449e7903a50289739e0efa97
                            • Instruction ID: b0acd099ba3fbfe9122c25e57c4fd31415f6070e3afa54e147e1296ca37e1759
                            • Opcode Fuzzy Hash: 277eb12bb7c4174862589fea930e5880e79a2be8449e7903a50289739e0efa97
                            • Instruction Fuzzy Hash: C790023104460C8F4564279A78095A9775C95445267805051A54D41A055EABA4504F95

                            Executed Functions

                            Function 014319A2 Relevance: 5.1, Strings: 4, Instructions: 141COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.2089284756.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_1430000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: Te^q$Te^q$Te^q$Te^q
                            • API String ID: 0-2929563283
                            • Opcode ID: 4bedf5833983ca007d729ceaf7e355ebf1eb16f5a0e72650056e1f1be9731404
                            • Instruction ID: 6aa96c324431b2d3dda5e1d560ad1b91b32e04f37f2f4781f30a034200c273d8
                            • Opcode Fuzzy Hash: 4bedf5833983ca007d729ceaf7e355ebf1eb16f5a0e72650056e1f1be9731404
                            • Instruction Fuzzy Hash: 03514774B001058FCB08DF69C598AADBBF2BF9C710F2545AAE406EB3B5DA359C06CB50
                            Function 01431F48 Relevance: 1.6, Strings: 1, Instructions: 355COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.2089284756.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_1430000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: Deq
                            • API String ID: 0-948982800
                            • Opcode ID: 0d28dfc4009cceae8e0494a917b25314f817ed658b7c672bace8ebb2acfa630e
                            • Instruction ID: 620738e492c10c7af34bf99fb387e6776c91c38c5c3b1fff399bf1ab71b15086
                            • Opcode Fuzzy Hash: 0d28dfc4009cceae8e0494a917b25314f817ed658b7c672bace8ebb2acfa630e
                            • Instruction Fuzzy Hash: 47D1D274A403019FC724DF28D584A99BBF2FF89320B1481AED8569B361DB39EC46CF90
                            Function 01431F38 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.2089284756.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_1430000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID: Deq
                            • API String ID: 0-948982800
                            • Opcode ID: a9f70e32d50bfbf13cd903afe1c58f892c54e0c8e50268dc92db4d32aa350a8e
                            • Instruction ID: e7a135b6ef6fd0b2090cb47ca4b4a381da2fde252ac888750039ccf5ef0e5714
                            • Opcode Fuzzy Hash: a9f70e32d50bfbf13cd903afe1c58f892c54e0c8e50268dc92db4d32aa350a8e
                            • Instruction Fuzzy Hash: 0A6168746006019FCB24DF69D584A59BBF2FF8C310B1581A9E90AEB3B1DB75EC05CB90
                            Function 01431838 Relevance: .1, Instructions: 58COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.2089284756.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_1430000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b91f1905e6a372dcc086bdab9c42a39940738b87f7d94d0fa47e20a199281d59
                            • Instruction ID: 2b097b530a247ed287ef111e64be92c3e93fc0bc9c9ecb580ea674766d5058b5
                            • Opcode Fuzzy Hash: b91f1905e6a372dcc086bdab9c42a39940738b87f7d94d0fa47e20a199281d59
                            • Instruction Fuzzy Hash: 22118C71B002019FCB24DB79C85995A7BE6EF8C740700446AE80ADB364EB359D028B90
                            Function 01431848 Relevance: .1, Instructions: 53COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.2089284756.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_1430000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 530d0aa802701a5cbeb3688f77bcb6cbec8b579b94c2cf856604f08019c2c9c2
                            • Instruction ID: 82c4a28e9ff6974c15df24c18c42fcd6148f948c22483f1d5f650c37a8557873
                            • Opcode Fuzzy Hash: 530d0aa802701a5cbeb3688f77bcb6cbec8b579b94c2cf856604f08019c2c9c2
                            • Instruction Fuzzy Hash: 74118E307002019FC714DB7EC95891BBBE6EFCC640740446AE90ADB364EF35DC018B91
                            Function 014308F0 Relevance: .0, Instructions: 42COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.2089284756.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_1430000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b69c2f2e4f12e9a804b5e6eb81dfe82e5fd6567a6367c4c5161161d92c22be6b
                            • Instruction ID: b722832fe2cc52103699d59850b3724988a367d02e36a1d9363aea236299caba
                            • Opcode Fuzzy Hash: b69c2f2e4f12e9a804b5e6eb81dfe82e5fd6567a6367c4c5161161d92c22be6b
                            • Instruction Fuzzy Hash: 6EF0227298D3C19FC7530BA098695C47FF49E5323174A01DBD885CA5A3E2AD0D8ACB22
                            Function 01431862 Relevance: .0, Instructions: 34COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.2089284756.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_1430000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d1a8e16c955085048016729d074471e8318c65c5b90a700b77c99d33fc0fc225
                            • Instruction ID: a5933f6df9c2fb0ff5d0a6c28f0ba1cd3d3c20a6433da4e1ceea3126ab407d95
                            • Opcode Fuzzy Hash: d1a8e16c955085048016729d074471e8318c65c5b90a700b77c99d33fc0fc225
                            • Instruction Fuzzy Hash: 5EF0EC30A04205DFDB28CB59D559BAA7BB5AB4C710F100099E502AB2A1CB759D40CB64
                            Function 01430897 Relevance: .0, Instructions: 27COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.2089284756.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_1430000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bb7efa3bd7c41febbc2f5b873ab2445db2e1a558852c9175896b8f18ed04e287
                            • Instruction ID: 6a297c63957ed55d53aa8095c4bed4e924cd5ff0ae7a1fc191c7dc1b57d951fe
                            • Opcode Fuzzy Hash: bb7efa3bd7c41febbc2f5b873ab2445db2e1a558852c9175896b8f18ed04e287
                            • Instruction Fuzzy Hash: 9EF0393194430AEFCB59DFA4E6044EC7BF4FB85328B0142AAE406DB661E7390E468B90
                            Function 01430979 Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.2089284756.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_1430000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f702934afba63b50530790e013e1832344bd99774d481253db77e7adce23d01e
                            • Instruction ID: defb7a02af21e45dda25a8e5777952fe6dd6130032e77a10b2c36b03de8044b4
                            • Opcode Fuzzy Hash: f702934afba63b50530790e013e1832344bd99774d481253db77e7adce23d01e
                            • Instruction Fuzzy Hash: 37E06D75F04210CFF315DB6AF10836662EAFBEDB04F05827695459BBA4D7388C024746
                            Function 01430860 Relevance: .0, Instructions: 21COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.2089284756.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_1430000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 12539bdd7ee29e6bf2f3073e47b6be93561dd2c25bdcfd42977338d61e96a738
                            • Instruction ID: 0bca0298f9c1791cfbaeb6b3f2318eac2bcde1c44c602f2523c07560c8d888c3
                            • Opcode Fuzzy Hash: 12539bdd7ee29e6bf2f3073e47b6be93561dd2c25bdcfd42977338d61e96a738
                            • Instruction Fuzzy Hash: F9D06C6554E3D04FC74347654CB45953FF09D8312438F04E690C9CE1E3E0AC1A4ACBA2
                            Function 014308A8 Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.2089284756.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_1430000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 31bbc0a73706fb9cd7b27fd488140fe802134c3e76c22014286af9ef2a0316e2
                            • Instruction ID: b42727b91ee916a6d725018f6671793aa1bdfa44164a864d6fb9067cd49de969
                            • Opcode Fuzzy Hash: 31bbc0a73706fb9cd7b27fd488140fe802134c3e76c22014286af9ef2a0316e2
                            • Instruction Fuzzy Hash: F5E0863490430AFFC714DFA4E60446D7BF9FB48318B000699F506DB354EA311E0087D1
                            Function 0143276A Relevance: .0, Instructions: 9COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.2089284756.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_1430000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1c73bd6a668eac3fde73754d4503c36fe7f882104dfa76754cfb3118dd96b0bd
                            • Instruction ID: c2efd7098c358e3bfba24b619d3d2f235a40b3163e8968e8b774ea5e53e25d28
                            • Opcode Fuzzy Hash: 1c73bd6a668eac3fde73754d4503c36fe7f882104dfa76754cfb3118dd96b0bd
                            • Instruction Fuzzy Hash: 2AC08C78A00214FBCF155B90FC1497D7B72FF88300F100028F402A32E0CA321C119B81
                            Function 01430940 Relevance: .0, Instructions: 5COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.2089284756.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_1430000_n3GMxqBnUE.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2076be7701e1055302451ebbb0ff7da719f896297f81cc381f9ed71f6bf69440
                            • Instruction ID: 5fccdfd75764f7917072aa153371621c6cf49831dda96b899cf6e2d644da4dac
                            • Opcode Fuzzy Hash: 2076be7701e1055302451ebbb0ff7da719f896297f81cc381f9ed71f6bf69440
                            • Instruction Fuzzy Hash: 219002B144470C8B95602796780A599779C9554636F804051A50D459455A65A4504795